From: bennett_t1@popmail.firn.edu
To: Chris Avery <cavery@ccnet.com>
Message Hash: 5ec49aa1d63617197fba06b2d2bde0dd90a62bab0028d63791f6e9f1eb2e7cf5
Message ID: <3.0.2.32.19970728193553.007df490@popmail.firn.edu>
Reply To: <01BC9B6D.6CC7B860@h97-172.ccnet.com>
UTC Datetime: 1997-07-28 23:36:07 UTC
Raw Date: Mon, 28 Jul 1997 16:36:07 -0700 (PDT)
From: bennett_t1@popmail.firn.edu
Date: Mon, 28 Jul 1997 16:36:07 -0700 (PDT)
To: Chris Avery <cavery@ccnet.com>
Subject: Re: Queries from a Cyper-newbie?
In-Reply-To: <01BC9B6D.6CC7B860@h97-172.ccnet.com>
Message-ID: <3.0.2.32.19970728193553.007df490@popmail.firn.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
At 03:45 PM 7/28/97 -0700, you wrote:
>Anybody willing to offer a bit of help to a cypher-newbie? I'm
trying to sort out a few of the basics:
Well as long as you ask like that instead of what most newbies do,
such as try and subscribe by sending "Add me to the mailing list" to
the list.
>1. PGP 5.0 -- good software?
It's better integrated for Mac Lusers and Windows 95ers. It is,
however, flawed in some respects.
>If not, what problems? Why to use DSS vs/ RSA keys? How is 5.0
different than 2.6.3i ? Which is better?
2.6.3i cannot use CAST, or (who would want to , it's DES!) Triple-
DES. It does however, can use other hashes with RSA, thanks to
someone's discovery on PGP-USERS. 2.6.3i is dos native, and complex.
A shell integrates nicely, but it's still not the same.
>2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i
(and vice versa?) Using RSA keys?
ONLY using RSA keys. DSS/Diffie-Hellman support is being added to
old PGP's. RSAREF is used in PGP 5.0 . MPILIB, Phil Zimmermann's
original PGP RSA algorithm implementation is used in international
versions. It's becuase of RSA's patent stuff.
>3. I understand certain encryption s/w cannot be legally exported, I
am aware that such s/w is nevertheless being used (and built) abroad.
My queries: Is purely domestic use being threatened by the pending
legislation? Is it already illegal to send an encrypted msg out of
the US? If so, is it illegal to receive an encrypted msg from outside
the US?
Unless it is the "shitty 40 bit" type. It can be built abroad, for
example, IDEA was made in switzerland, or something like that..., PGP
2.6.3i was made legally, I think. Domestic use is being threatened
by Nazi Motherfuckers like Billy-Bob Clinton [spit], The FBI, and the
NSA. Oppose them. Go to www.crypto.com and do some of the stuff
there. Sending and recieving mail from the outside of the US *is
legal*.
>4. How strong is strong? My MS Explorer has the 128 bit encryption
scheme to secure domestic financial transactions (such as credit
cards). How "un-encryptable" is this? I read some recent postings
here re difficulty of breaking 128 bit keys -- but this had reference
to stronger methods of encryption than MS Explorer uses, right? So
128 bits is hard to break (umptyump years, terrawatts, etc.)? Then
why does my PGP 5.0 software offer keys that are 768, 1024, etc. up
to 4096 bits in length? Are these numbers on the same scale?
Unencryptable? What the fuck are you talking about? If you mean
crackable, let's just say it'd take several time the age of the
Universe to crack it. The RSA keys are weaker than symmetric
cyphers, unless we're talking about DSS/Diffie-Hellman keys with
4096bits. They are not on the same scale.
>Any "strength" differences between RSA, DSS, and Diffie-Hellman? IS
there some layman-understandable difference between these?
Well, RSA's are patented and RSA is really anal with their patents.
DSS/Diffie-Hellman keys are unpatented. You can change hashes on RSA
keys (RIPEM160, MD5 [was broken already], and SHA-1). But to use
those RSA's with older PGP's, use only MD5.
>5. Is international data traffic somehow monitored (or monitorable)
to detect encrypted traffic?
It can be detected that you're using encryption. Breaking PGP is
another thing.
If any other cypherpunks want to correct me here, do so.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBM9065B0+FhmmTrSJAQEdsgQAmRAJR7CxQCy4Wfny8YM6oJ3chLKnJCnA
E45EElRsAVS8zyAWy06/ZJFG8XjInjgAzmx+fRvGoN0qHvObyFfrDMPML0w+405s
cddgcApc0DfbjP8narKHVBQnbOhwuSjdDbwTbFF9F+EG0OkXewgYKXS/QnS11ov/
ofr4ooPGcr0=
=rowH
-----END PGP SIGNATURE-----
Return to July 1997
Return to “Dave K-P <dkp@iname.com>”