[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Queries from a Cyper-newbie?
1. Thanks for the comments. I indeed meant "crackable" when I said "unencryptable", as you surmised. I'll learn.
2. I don't precisely know what it means to "change hashes" on RSA keys, though I get the drift. Where can I go for details?
3. I'll do the www.crypto.com thing, thanks for the pointer. This may be a critical last stand on the privacy of communications issue. What gets me is the blind arrogance with which govt "servants" assume that their (even if legitimate) pursuit of crime somehow excuses or justifies diminishing privacy rights for everyone else. There must be some kind of ratio: 1,000,000 rights diminished for 1 criminal activity detected? Doesn't make sense.
Thnks.
----------
From: [email protected][SMTP:[email protected]]
Sent: Monday, July 28, 1997 5:35 PM
To: Chris Avery
Cc: [email protected]
Subject: Re: Queries from a Cyper-newbie?
-----BEGIN PGP SIGNED MESSAGE-----
At 03:45 PM 7/28/97 -0700, you wrote:
>Anybody willing to offer a bit of help to a cypher-newbie? I'm
trying to sort out a few of the basics:
Well as long as you ask like that instead of what most newbies do,
such as try and subscribe by sending "Add me to the mailing list" to
the list.
>1. PGP 5.0 -- good software?
It's better integrated for Mac Lusers and Windows 95ers. It is,
however, flawed in some respects.
>If not, what problems? Why to use DSS vs/ RSA keys? How is 5.0
different than 2.6.3i ? Which is better?
2.6.3i cannot use CAST, or (who would want to , it's DES!) Triple-
DES. It does however, can use other hashes with RSA, thanks to
someone's discovery on PGP-USERS. 2.6.3i is dos native, and complex.
A shell integrates nicely, but it's still not the same.
>2. Are emails encrypted using PGP 5.0 decypherable by PGP 2.6.3i
(and vice versa?) Using RSA keys?
ONLY using RSA keys. DSS/Diffie-Hellman support is being added to
old PGP's. RSAREF is used in PGP 5.0 . MPILIB, Phil Zimmermann's
original PGP RSA algorithm implementation is used in international
versions. It's becuase of RSA's patent stuff.
>3. I understand certain encryption s/w cannot be legally exported, I
am aware that such s/w is nevertheless being used (and built) abroad.
My queries: Is purely domestic use being threatened by the pending
legislation? Is it already illegal to send an encrypted msg out of
the US? If so, is it illegal to receive an encrypted msg from outside
the US?
Unless it is the "shitty 40 bit" type. It can be built abroad, for
example, IDEA was made in switzerland, or something like that..., PGP
2.6.3i was made legally, I think. Domestic use is being threatened
by Nazi Motherfuckers like Billy-Bob Clinton [spit], The FBI, and the
NSA. Oppose them. Go to www.crypto.com and do some of the stuff
there. Sending and recieving mail from the outside of the US *is
legal*.
>4. How strong is strong? My MS Explorer has the 128 bit encryption
scheme to secure domestic financial transactions (such as credit
cards). How "un-encryptable" is this? I read some recent postings
here re difficulty of breaking 128 bit keys -- but this had reference
to stronger methods of encryption than MS Explorer uses, right? So
128 bits is hard to break (umptyump years, terrawatts, etc.)? Then
why does my PGP 5.0 software offer keys that are 768, 1024, etc. up
to 4096 bits in length? Are these numbers on the same scale?
Unencryptable? What the fuck are you talking about? If you mean
crackable, let's just say it'd take several time the age of the
Universe to crack it. The RSA keys are weaker than symmetric
cyphers, unless we're talking about DSS/Diffie-Hellman keys with
4096bits. They are not on the same scale.
>Any "strength" differences between RSA, DSS, and Diffie-Hellman? IS
there some layman-understandable difference between these?
Well, RSA's are patented and RSA is really anal with their patents.
DSS/Diffie-Hellman keys are unpatented. You can change hashes on RSA
keys (RIPEM160, MD5 [was broken already], and SHA-1). But to use
those RSA's with older PGP's, use only MD5.
>5. Is international data traffic somehow monitored (or monitorable)
to detect encrypted traffic?
It can be detected that you're using encryption. Breaking PGP is
another thing.
If any other cypherpunks want to correct me here, do so.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBM9065B0+FhmmTrSJAQEdsgQAmRAJR7CxQCy4Wfny8YM6oJ3chLKnJCnA
E45EElRsAVS8zyAWy06/ZJFG8XjInjgAzmx+fRvGoN0qHvObyFfrDMPML0w+405s
cddgcApc0DfbjP8narKHVBQnbOhwuSjdDbwTbFF9F+EG0OkXewgYKXS/QnS11ov/
ofr4ooPGcr0=
=rowH
-----END PGP SIGNATURE-----