Newsgroups: sci.crypt Path: sparky!uunet!mcsun!sun4nl!fwi.uva.nl!gene.fwi.uva.nl!lankeste From: lank...@fwi.uva.nl (Branko Lankester) Subject: PGP 2.0 Announcement Message-ID: <1992Sep7.202207.12500@fwi.uva.nl> Sender: ne...@fwi.uva.nl Nntp-Posting-Host: gene.fwi.uva.nl Organization: FWI, University of Amsterdam Date: Mon, 7 Sep 1992 20:22:07 GMT Lines: 66 PGP version 2.0 Available ------------------------- This note assumes you are familiar with PGP (Pretty Good Privacy), the freeware public key cryptographic software package. Philip Zimmermann is under threat of lawsuit from the RSA patent holders, Public Key Partners, if he distributes or updates PGP again. Zimmermann has abided by that condition and has not distributed PGP since the threat was made. So any enhancements for PGP have to be developed by other people, preferably outside the reach of US patent law. The RSA patent does not apply outside the USA. Accordingly, PGP Version 2.0 was developed by a team of software engineers in Europe and New Zealand, with design guidance from Philip Zimmermann. It was released September 3 by Branko Lankester in Amsterdam and Peter Gutmann in New Zealand. The new version has many ergonomic improvements, much better key management, faster and better conventional cryptography, faster public key cryptography, and faster and better data compression. It also has been ported to SPARC Unix, Ultrix, VAX/VMS, Commodore Amiga, Atari ST, OS/2, and of course it still runs on MSDOS. The RSA math functions are about 2.28 times as fast (as measured on an MSDOS system). The new signature hashing algorithm is MD5. The new compression routines are similar in functionality to those used in PKZIP, and were developed in C by a French team. The new faster conventional cipher, called IDEA (International Data Encryption Algorithm), was developed at ETH in Zurich by James L. Massey and Xuejia Lai. Preliminary evidence suggests that IDEA may be more resistant than the DES to Biham & Shamir's highly successful differential cryptanalysis attack. Biham and Shamir have tried unsuccessfully to find any weaknesses in the IDEA cipher. The keys on the public keyring retain their certifying signatures while on the keyring, and can be automatically checked for tampering by PGP before using the keys. They can be individually copied off the keyring along with their attached signature certificates, in ASCII form suitable for emailing. Each key may have several attached certifying signatures. User ID's and passwords can be revised by the key owner. When a user ID is modified for a key, new certifying signatures must be created for that key. The ASCII transport armor changed from uuencoded form to another ASCII radix-64 representation similar to that used by the Internet PEM standard. This makes PGP messages more resistant to mutilation by strange email gateways. The new PGP is more usable in batch mode, returning error result codes to the DOS shell. It can also be used to some extent in a pipeline filter mode for Unix. There are too many ergonomic improvements to list here. One example is a built-in Unix-style "more" function, to optionally display deciphered plaintext directly on your screen without writing any plaintext to disk. Also, all the PGP user messages and prompts can be displayed in German, Dutch, Spanish, French, Italian, and Russian. There are other improvements in the area of key management. Zimmermann's new key management is even more uniquely suited to socially decentralized environments, rather than to monolithic corporate or government institutions. PGP 2.0 is available on ghost.dsi.unimi.it in directory pub/crypt.