Tech Insider					   Technology and Trends


			   USENET Archives

Path: sparky!uunet!mcsun!sun4nl!ooc.uva.nl!hacktic!utoop!Bronto
From: Bro...@utoop.hacktic.nl (Bronto)
Newsgroups: alt.security
Subject: PGP 2.0
Message-ID: <69.299D13E9@utoop.hacktic.nl>
Date: 15 Feb 92 15:55:53 GMT
Organization: U.T.O.P.I.A.
Lines: 58

Philip Zimmermann is under threat of lawsuit from the RSA patent
holders, Public Key Partners, if he distributes or updates PGP again.
Zimmermann has abided by that condition and has not distributed PGP
since the threat was made.  So any enhancements for PGP have to be
developed by other people, preferably outside the reach of US patent
law.  The RSA patent does not apply outside the USA.  Accordingly,
PGP Version 2.0 is being developed by a team of software engineers in
Europe and New Zealand, with design guidance from Philip Zimmermann.
It will be released sometime in March by Peter Gutmann in New
Zealand.

The new version has many ergonomic improvements, much better key
management, faster and better conventional cryptography, faster
public key cryptography, and faster and better data compression.  It
also has been ported to SPARC Unix, Ultrix, VAX/VMS, Commodore Amiga,
Atari ST, OS/2, and of course it still runs on MSDOS.

The RSA math functions are about 86% faster (as measured on a 80386).
The new signature hashing algorithm is MD5.  The new compression
routines are similar in functionality to those used in PKZIP, and
were developed in C by a French team.  The new faster conventional
cipher, called IDEA (International Data Encryption Algorithm), was
developed at ETH in Zurich.  Preliminary evidence suggests that IDEA
may be more resistant than the DES to Biham & Shamir's highly
successful differential cryptanalysis attack.  Biham and Shamir are
currently examining the IDEA cipher for weaknesses.

The keys on the public keyring retain their certifying signatures
while on the keyring, and can be automatically checked for tampering
by PGP before using the keys.  They can be individually copied off
the keyring along with their attached signature certificates, in
ASCII form suitable for emailing.  Each key may have several attached
certifying signatures.  User ID's and passwords can be revised by the
key owner.  When a user ID is modified for a key, new certifying
signatures must be created for that key.

The ASCII transport armor will change from uuencoded form to another
ASCII radix-64 representation similar to that used by the Internet PEM
standard.  This will make PGP messages more resistant to mutilation
by strange email gateways.

The new PGP will be more usable in batch mode, returning error result
codes to the DOS shell.  It can also be used to some extent in a
pipeline filter mode for Unix.

There are too many ergonomic improvements to list here.  One example
is a built-in Unix-style "more" function, to optionally display
deciphered plaintext directly on your screen without writing any
plaintext to disk.

There are other improvements still under development, mainly in the area
of key management.  Zimmermann's new key management will be even more
uniquely suited to socially decentralized environments, rather than to
monolithic corporate or government institutions.


---
 * Origin: UTOPIA -> +31-20-6273860 (666:66/235)

Newsgroups: alt.security
Path: sparky!uunet!rsiatl!jgd
From: j...@dixie.com (John De Armond)
Subject: Re: PGP 2.0
Message-ID: <-7=hn!c@dixie.com>
Date: Sun, 16 Feb 92 10:20:48 GMT
Organization: Dixie Communications Public Access.  The Mouth of the South.
References: <69.299D13E9@utoop.hacktic.nl>
Lines: 48

Bro...@utoop.hacktic.nl (Bronto) writes:

>Philip Zimmermann is under threat of lawsuit from the RSA patent
>holders, Public Key Partners, if he distributes or updates PGP again.
>Zimmermann has abided by that condition and has not distributed PGP
>since the threat was made.  So any enhancements for PGP have to be
>developed by other people, preferably outside the reach of US patent
>law.  The RSA patent does not apply outside the USA.  Accordingly,
>PGP Version 2.0 is being developed by a team of software engineers in
>Europe and New Zealand, with design guidance from Philip Zimmermann.
>It will be released sometime in March by Peter Gutmann in New
>Zealand.

[much great news deleted.]

YES!!! This news made my day.  Simultaneously sticking it to PKP and
the NSA Nazis in one fell swoop!  What a deal.  This sounds like
the best thing since sliced bread.  One possible issue to think about,
though.

>The ASCII transport armor will change from uuencoded form to another
>ASCII radix-64 representation similar to that used by the Internet PEM
>standard.  This will make PGP messages more resistant to mutilation
>by strange email gateways.

For PGP to become widespread, it has to be used.  If it is used,
there  is a possibility that the PKP gestapo might single out a
likely  weak target for legal persecution.  Unfortunately
changing the  uuencoded format for PGP encoded messages seems to
make it far easier for someone to electronically troll for
targets.   If a PGP encoded message looked like any  other
uuencoded mail file, it would significantly increase the
complexity  of detection.  There is strength in numbers.  The
way to defeat the Gestapo is to get this code in rapid and
widespread use so that  the targets are diffuse, similar to
compress.   It would seem to me to make it psychologically easier for 
many people to implement if the output looks innocuous.

This is an observation of a crypto novice.  I may be way offbase. 
Nontheless, it should be discussed and considered before the next 
release.

John
-- 
John De Armond, WD4OQC        | "I'm a lawyer but I guess I'm also human." 
Rapid Deployment System, Inc. |             Ian Zimmerman. 
Marietta, Ga                  |      Lawyer for the purse snatcher
j...@dixie.com                 |   scum who sued the taxi driver in 'Frisco.

			   USENET Archives


The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or 
research.


Electronic mail:			      WorldWideWeb:
   tech-insider@outlook.com		         http://tech-insider.org/