I use, and love, PGP for mac, and I was wondering if anyone else here used it...I am assuming most of y'all use it or something similar...

PGP came with a nice pdf intro to crytography with a rather self-serving (IMHO) chapter by Phil Zimmerman, the creator of PGP, so I am uploading it here...

Ok, Looks like I can't upload the pdf here, it seems to be too big, or have some other bug...

I haven't used PGP for a while actually, I've been constantly re-installing systems and so havemn't had a system working long enough to install crypto software...

However, I now face a small dilemma:

PGP 6.5.8 or PGP 7.0.3?

I don't think that pdf files are allowed. Try putting it in a zip file.

And yes, I do use pgp for windows, and opengp for linux.

Affirmative on PGP, i presently use the last version 7.0.3 before it migrated to 7.0.4(?) and got a big company name. I bought that one also but haven't used it, just loaded it on a spare unit to see how it works. Am fairly confident in the integrity of 7.0.3. and the only backdoor I've read about is is someone gets you to send them your private key or something like that, pretty complicated and IMHO fairly remote unless you send your keysets to people you don't know or something. several small security holes in pre 7.0.3 versions according to the evaluations, but probably no problem unless you're a target organization, company, etc. Zimmerman went to doing consulting and is on the board of a couple of security computer and internet companies after 7.0.3, and so if you're concerned about deliberate backdoors in programs and had to bet on one being clean, I'd probably bet on 7.0.3, and keep your keys among your private circle of tr :D ust. Hey, that's just MHO. Have fun in D.C.!

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=222874#post482404) by Rewandythal
I haven't used PGP for a while actually, I've been constantly re-installing systems and so havemn't had a system working long enough to install crypto software...

However, I now face a small dilemma:

PGP 6.5.8 or PGP 7.0.3?
IMHO 7.0.3 is probably the one i would choose for anything serious. There is a small (remote) hole in 7.0.3 (not home so can't give you the white paper reference) but is fairly complicated and involves someone talking you into giving them your keysets then a message and a couple of other things i can't remember right now. The previous versions according to the white papers have more security flaws that may be exploitable more easily. One thing i would really recommend, keep your keysets, your signature and pgp on a drive you aren't constantly reloading/flatening. Saves a lot of rebuilding after an OS reload, IMHO anyway. :D

Thanks.

I'd like to read the white paper if you have the link anywhere, but I'll download 7.0.3 anyway.

keep your keysets, your signature and pgp on a drive you aren't constantly reloading/flatening

Keep them on a floppy disk, so you don't have to worry if some gets access to you computer.

Here's another thread with the PDF attached: http://www.antionline.com/showthread.php?s=&threadid=221255&highlight=pgp

PGP rocks!! I just wish more people (neophytes) knew how to use it.....

Proactive -

Thanks for the link man, this is one of the best short PDFs you can read about crypto and PGP...everyone should read it....maybe it should be put on Acids FAQ?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=222874#post482424) by Rewandythal
Thanks.

I'd like to read the white paper if you have the link anywhere, but I'll download 7.0.3 anyway.
OK, be glad to, will send it as soon as get home and the inbasket halfway down, about midway thru next week; i have a collection of comments from quite awhile back on pgp. Seems the single weakness in 7.0.3 was discovered by a hi-tech lady professor and another professor in one of the Baltic countries. When i read it, it didn't ring many alarm bells, as it took some amount of trusting someone you don't know, sending them stuff you probably wouldn't anyway, and then sending them an encrypted (not just signed) message. Since that would be outside the realm of your normal corporate or business operation it didn't seem to be too critical. There was some discussion on another AO thread about the commercial version maybe having an NSI backdoor, but I don't give that too much credence because it was packaged too soon after the pgp purchase, and they have almost quit marketing it anyway. Besides, if NSI wants to see what I encrypt, they can be a cc addressee. Will get back to you with the white paper on the 7.0.3 "flaw" in about ten days. :D

Fair enough!

Use PGP 7.0.3, with only minimal installed components...and using the Wipe utility can result in a misrepresentation of free space (according to FAT32 and Win9x)...just fair warning...

Any fixes for this problem?

Ouroboros

NTFS?

Aww, crap...I hate Windows...thanks R, that is it...

Ouroboros

I have been using PGP for a while, currently 7.** version. Keep getting an error message when I do a free space wipe on the HD.. Runs for a while then says - "cannot continue wipe, another application wrote to the cluster being wiped" Perhaps not the correct wording but close enough. I am using windows ME ( apologies to all windows haters, just not clever enough to use anything else) Also the PGP option won't come up on the right click menu when I want to wipe temp files? Any ideas good people? Thanks!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use PGP 7.0.4 and it works great for me. I also use NTFS with EFS.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPMjy40RLO5KuII5vEQIRpgCgw57MmBIQI67IqeXVeyih/N7LFDgAnjDY
Vida1OPfQWZV4vMucnY4reho
=adRc
-----END PGP SIGNATURE-----

I have been using PGP Corp desktop for a while now (at work) and I have not found any big problems, except that NAI decided to stop supporting the product :(.

PGP Corp desktop should not be worth the price for a homeuser though even if NAI should continue to support the product.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Rewandythal
Thanks.

I'd like to read the white paper if you have the link anywhere, but I'll download 7.0.3 anyway.
Sorry for the long wait. info comin' atcha in pm.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by micael
I have been using PGP Corp desktop for a while now (at work) and I have not found any big problems, except that NAI decided to stop supporting the product :(.

PGP Corp desktop should not be worth the price for a homeuser though even if NAI should continue to support the product.
Hmmm, I didn't think it was that bad on cost, considering the nice box with a celophane wrapper, the pgp features in a GUI environment, etc... most of us probably still use PGP 7.0.3 for all that stuff, figurin' it might be the last for sure 'clean' iteration... but then we gotta do all the work ourselves, don' 'cha know...
:D

PGP rocks... was just p*ssed at Zimmerman for "selling out" a long while back (and I'm not confident enough in boneheads like NAI to not backdoor the thing). I think I still have UN*X servers running, ehhh... like 2.6.2 or something. *eek*

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by draziw
PGP rocks... was just p*ssed at Zimmerman for "selling out" a long while back (and I'm not confident enough in boneheads like NAI to not backdoor the thing). I think I still have UN*X servers running, ehhh... like 2.6.2 or something. *eek*
Hmmm, can't generate any irritation with PZ, no matter how hard i might try... He went thru hell for several years defending our right to security, cost him years, money and sleepless nights... just imagine the entire DOJ, DOD and whatever other bureaucrats in D.C. wanted to jump on the bandwagon to burn your little private citizen arse. Don't even *ask* a good lawyer what he'd charge to defend you against a federal charge, it'd give you heart palpatations! PZ has just moved on to another phase of his life while he still has the energy; consultant for a couple of major security companies, private consultant on his own ticket, ... Most of us don't sit with out feet in the same mudhole all our lives, and we shouldn't expect PZ to either, just wish him well in his new endeavors. Besides, i do believe that 7.0.3 was finished and available before he branched out. you might be right about not trusting someone else with a revision, but 7.0.3 is reasonably secure. Unless maybe you're passing tempting corporate secrets thru unsecured portals and don't really know how to make 7.0.3 work... and your key is posted in public... :D