From: lank...@fwi.uva.nl (Branko Lankester)
Subject: PGP 2.0 Announcement
Organization: FWI, University of Amsterdam
Date: Mon, 7 Sep 1992 20:22:07 GMT
PGP version 2.0 Available
This note assumes you are familiar with PGP (Pretty Good Privacy),
the freeware public key cryptographic software package.
Philip Zimmermann is under threat of lawsuit from the RSA patent
holders, Public Key Partners, if he distributes or updates PGP again.
Zimmermann has abided by that condition and has not distributed PGP
since the threat was made. So any enhancements for PGP have to be
developed by other people, preferably outside the reach of US patent
law. The RSA patent does not apply outside the USA. Accordingly,
PGP Version 2.0 was developed by a team of software engineers in
Europe and New Zealand, with design guidance from Philip Zimmermann.
It was released September 3 by Branko Lankester in Amsterdam and
Peter Gutmann in New Zealand.
The new version has many ergonomic improvements, much better key
management, faster and better conventional cryptography, faster
public key cryptography, and faster and better data compression. It
also has been ported to SPARC Unix, Ultrix, VAX/VMS, Commodore Amiga,
Atari ST, OS/2, and of course it still runs on MSDOS.
The RSA math functions are about 2.28 times as fast (as measured on
an MSDOS system). The new signature hashing algorithm is MD5. The
new compression routines are similar in functionality to those used
in PKZIP, and were developed in C by a French team. The new faster
conventional cipher, called IDEA (International Data Encryption
Algorithm), was developed at ETH in Zurich by James L. Massey and
Xuejia Lai. Preliminary evidence suggests that IDEA may be more
resistant than the DES to Biham & Shamir's highly successful
differential cryptanalysis attack. Biham and Shamir have tried
unsuccessfully to find any weaknesses in the IDEA cipher.
The keys on the public keyring retain their certifying signatures
while on the keyring, and can be automatically checked for tampering
by PGP before using the keys. They can be individually copied off
the keyring along with their attached signature certificates, in
ASCII form suitable for emailing. Each key may have several attached
certifying signatures. User ID's and passwords can be revised by the
key owner. When a user ID is modified for a key, new certifying
signatures must be created for that key.
The ASCII transport armor changed from uuencoded form to another
ASCII radix-64 representation similar to that used by the Internet
PEM standard. This makes PGP messages more resistant to mutilation
by strange email gateways.
The new PGP is more usable in batch mode, returning error result
codes to the DOS shell. It can also be used to some extent in a
pipeline filter mode for Unix.
There are too many ergonomic improvements to list here. One example
is a built-in Unix-style "more" function, to optionally display
deciphered plaintext directly on your screen without writing any
plaintext to disk. Also, all the PGP user messages and prompts can
be displayed in German, Dutch, Spanish, French, Italian, and Russian.
There are other improvements in the area of key management.
Zimmermann's new key management is even more uniquely suited to
socially decentralized environments, rather than to monolithic
corporate or government institutions.
PGP 2.0 is available on ghost.dsi.unimi.it in directory pub/crypt.