BEGIN PGP SIGNED MESSAGE
Frequently Asked Questions about PGP
by Andre Bacard, Author of> THE COMPUTER PRIVACY HANDBOOK [Version February 25, 1995]
This article offers a nontechnical overview of PGP to help you decide whether or not to use this globally popular computer software to safeguard your computer files and e-mail. I have written this especially for persons with a sense of humor. You may distribute this (unaltered) FAQ for non-commercial purposes.
What is PGP? PGP (also called "Pretty Good Privacy") is a computer program that encrypts (scrambles) and decrypts (unscrambles) data. For example, PGP can encrypt "Andre" so that it reads "457mRT&%354." Your computer can decrypt this garble back into "Andre" if you have PGP. Who created PGP? Philip Zimmermann wrote the initial program. Phil, a a hero to many pro-privacy activists, works as a computer security consultant in Boulder, Colorado. Phil Zimmermann, Peter Gutmann, Hal Finney, Branko Lankester and other programmers around the globe have created subsequent PGP versions and shells. PGP uses the RSA public-key encryption system. RSA was announced in 1977 by its inventors: Ronald Rivest of MIT, Adi Shamir of the Weizmann Institute in Israel, and Leonard Adelman of USC. It is called "RSA" after the initials of these men. PGP also employs an encryption system called IDEA which surfaced in 1990 due to Xuejia Lai and James Massey's inventiveness. Who uses PGP encryption [or other RSA-based systems]? People who value privacy use PGP. Politicians running election campaigns, taxpayers storing IRS records, therapists protecting clients' files, entrepreneurs guarding trade secrets, journalists protecting their sources, and people seeking romance are a few of the law abiding citizens who use PGP to keep their computer files and their e-mail confidential. Businesses also use PGP. Suppose you're a corporate manager and you need to e-mail an employee about his job performance. You may be required by law to keep this e- mail confidential. Suppose you're a saleswoman, and you must communicate over public computer networks with a branch office about your customer list. You may be compelled by your company and the law to keep this list confidential. These are a few reasons why businesses use encryption to protect their customers, their employees, and themselves. PGP also helps secure financial transactions. For example, the Electronic Frontier Foundations uses PGP to encrypt members' charge account numbers, so that members can pay dues via e-mail. Thomas G. Donlan, an editor at BARRON'S [a financial publication related to THE WALL STREET JOURNAL], wrote a full-page editorial in the April 25, 1994 BARRON'S entitled "Privacy and Security: Computer Technology Opens Secrets, And Closes Them." Mr. Donlan wrote, in part: RSA Data Security, the company founded by the three inventors, has hundreds of satisfied customers, including Microsoft, Apple, Novell, Sun, AT however, I cannot answer your telephone. Similarly, if I have your PUBLIC KEY, I can send you mail; however, I cannot read your mail. This PUBLIC KEY concept might sound a bit mysterious at first. However, it bcomes very clear when you play with PGP for awhile. How safe is PGP? Will it really protect my privacy? Perhaps your government or your mother-in-law can "break" PGP messages by using supercomputers andor pure brilliance. I have no way of knowing. Three facts are certain. First, top-rate civilian cryptographers and computer experts have tried unsuccessfully to break PGP. Second, whoever proves that he or she can unravel PGP will earn quick fame in crypto circles. He or she will be applauded at banquets and attract grant money. Third, PGP's programmers will broadcast this news at once. Almost daily, someone posts a notice such as "PGP Broken by Omaha Teenager." Take these claims with a grain of salt. The crypto world attracts its share of paranoids, provocateurs, and UFO aliens. To date, nobody has publicly demonstrated the skill to outsmart or outmuscle PGP. Is PGP available for my machine? Versions are available for DOS and Windows, as well as various Unixes, Macintosh, Amiga, Atari ST, OS/2, and CompuServe's WinCIM & CSNav. Many persons are working to expand PGP's usability. Read the Usenet alt.security.pgp news group for the latest developments. Are these versions of PGP mutually compatible? Yes. For example, a document encrypted with PGP on a PC can be decrypted with someone using PGP on a Unix machine. As of September 1, 1994, Versions 2.6 and higher can read previous versions. However, pre-2.6 versions can no longer read the newer versions. I strongly recommend that everyone upgrade to Versions 2.6.2 or 2.7. Where do I get PGP? For computer non-experts, the easiest way to get PGP is to telephone ViaCrypt (a software company) in Phoenix, Arizona at (602) 944-0773. PGP is available from countless BBSs (Bulletin Board Systems) and ftp ("File Transfer Protocol") sites around the world. These sites, like video stores, come and go. To find PGP, here are two options: 1) Learn how to use ARCHIE to search for files on the Internet. 2) Read BOARDWATCH magazine to find the BBSs in your area. How expensive is PGP? The PGP versions that you will find at BBSs and ftp sites are "freeware." This means that they are free. People from New Zealand to Mexico use these versions every day. Depending on where you live, this "freeware" may or may not violate local laws. I use PGP Version 2.7 which is distributed by ViaCrypt in the United States [see below]. Is PGP legal in the United States? Yes. MIT's PGP Version is licensed for non-commercial use. You can it from ftp sites or BBSs. ViaCrypt's PGP Version is licensed for commercial use. You can get it from ViaCrypt.
Important Note
. It is illegal to export PGP out of the United States. Do not even think of doing so! To communicate with friends in, say, England, have your friends get PGP from sources outside the United States. What is a PGP digital signature? At the end of this document, you will see a PGP signature. This "digital signature" allows persons who have PGP and my PUBLIC KEY to verify that 1) I, Andre Bacard, (not a SPORTS ILLUSTRATED superstar pretending to be me!) wrote this document, and 2) Nobody has altered this text since I signed it. PGP signatures might be helpful for signing contracts, transferring money, and verifying a person's identity. How difficult is it to learn PGP? PGP has around two dozen commands. It is a relatively easy program to learn. Where can I learn more about the PGP and related subjects? The following News Groups are a good place to start: alt.privacy [to hear about electronic privacy issues] alt.security.pgp [to learn everything known about PGP] talk.politics.crypto [to keep abreast of legal & political changes] Anything else I should know? YOUR privacy and safety are in danger! The black market price for your IRS records is 500. YOUR medical records are even cheaper. Prolific bank, credit and medical databases, the Clipper Chip Initiative, computer matching programs, cordless & cellular phone scanners, Digital Telephony legislation, and (hidden) video surveillance are just a few factors that threaten every law abiding citizen. Our anti-privacy society gives criminals and snoops computer data about YOU on a silver platter. If you want to protect your privacy, I urge you to join organizations such as the Electronic Frontier Foundation.
Bacard wrote "The Computer Privacy "Privacy permits you Handbook: A Practical Guide to E-Mail to be yourself." Encryption, Data Protection, and PGP Privacy Software" [for novices/experts]. Introduction by Mitchell Kapor, Co-Founder of Electronic FrontierFoundation and Creator of Lotus1-2-3. Book Available Spring 1995. Write for Details [Bacard has been interviewed on hundreds of radio-talk shows abouthis previous book ("Hunger for Power"), technology, and society.]
BEGIN PGP SIGNATURE
Version: 2.7 iQCVAwUBL1ZcUt6pT6nCx/9/AQEczQP+P0yOdeVy06PGQRCeLuBdSEvI1ajvkP2CGEFuSBz3y7t+/qitEUbHAvgwS5lRfAS2KdE2tldAoyChPY+7+DapZYE039daoxuzhbkPQKn0Y9tzaLuqpzk0VqAr8m4liAI9ZLui50O24mp7TncmOuict0+0QDPF80AnPt2BT32+7TM==UL89 END PGP SIGNATURE
DISTRIBUTION: How to obtain this documentThis document has been brought to you in part by CRAM, involved in theredistribution of valuable information to a wider USENET audience (seebelow). The most recent version of this document can be obtained viathe author's instructions above. The following directions apply to retrieve the possibly less-current USENET FAQ version. FTP
This FAQ is available from the standard FAQ server rtfm.mit.edu via FTP in the file /pub/usenet/news.answers Email
Email requests for FAQs go to mail-server@rtfm.mit.edu with commands on lines in the message body, e.g. `help' and `index'. Usenet
This FAQ is posted every 21 days to the groups alt.security.pgp talk.politics.crypto sci.crypt alt.privacy comp.society.privacy comp.privacy alt.answers comp.answers sci.answers news.answers
0 comments:
Post a Comment