2.6.1. There's a truly vast amount of information out there on PGP,
from current versions, to sites, to keyserver issues, and so
on. There are also several good FAQs on PGP, on MacPGP, and
probably on nearly every major version of PGP. I don't expect
to compete here with these more specialized FAQs.
- I'm also not a PGP expert, using it only for sending and
receiving mail, and rarely doing much more with it.
- The various tools, for all major platforms, are a specialty
unto themselves.
2.6.2. "Where do I get PGP?"
2.6.3. "Where can I find PGP?"
- Wait around for several days and a post will come by which
gives some pointers.
- Here are some sites current at this writing: (watch out for
changes)
2.6.4. "Is PGP secure? I heard someone had...."
- periodic reports, urban legend, that PGP has been
compromised, that Phil Z. has been "persuaded" to....
+ implausible for several reasons
- Phil Z no longer controls the source code by himself
- the source code is available and can be inspected...would
be very difficult to slip in major back doors that would
not be apparent in the source code
- Phil has denied this, and the rumors appear to come from
idle speculation
+ But can PGP be broken?
- has not been tested independently in a thorough,
cryptanalytic way, yet (opinion of tcmay)
- NSA isn't saying
+ Areas for attack
+ IDEA
- some are saying doubling of the number of rounds
should be donee
- the random number generators...Colin Plumb's admission
2.6.5. "Should I use PGP and other crypto on my company's
workstations?"
- machines owned by corporations and universities, usually on
networks, are generally not secure (that is, they may be
compromised in various ways)
- ironically, most of the folks who sign all their messages,
who use a lot of encryption, are on just such machines
- PCs and Macs and other nonnetworked machines are more
secure, but are harder to use PGP on (as of 1994)
- these are generalizations--there are insecure PCs and
secure workstations
2.6.6. "I just got PGP--should I use it for all my mail?"
- No! Many people cannot easily use PGP, so if you wish to
communicate with them, don't encrypt everything. Use
encryption where it matters.
- If you just want more people to use encryption, help with
the projects to better integrate crypto into existing
mailers.
2.6.7. NSA is apparently worried about PGP, worried about the spread
of PGP to other countries, and worried about the growth of
"internal communities" that communicate via "black pipes" or
"encrypted tunnels" that are impenetrable to them.
By Tim May, see README
HTML by Jonathan Rochkind