Slashdot Mirror
PGP 8.0 Beta Released
James Evans writes "With a release date seemingly scheduled in December, the new PGP Corporation has today released PGP 8.0 Beta. It features Smart Card functionality, Unicode support, Novell Groupwise support, among other things. A Mac OS X Beta is out as well, also with a robust feature set. One word of caution however: On Friday, December 6th, 2002, the beta will expire, at which time access to encrypted data will be prevented."
I've never used PGP, only GPG. What's good in PGP that GPG doesn't have?
{{.sig}}
Isn't focing users to pay for products totally against what we stand for here at Slashdot? How is making someone pay to protect themselves any different from forcing them to pay for music downloads or mafia "protection"?
... they will ever develop "Really Good Privacy", PGP is just too M$'esque for my liking ;)
I think you've misunderstood it. If not, I have. Read that line again
Before everyone gets too riled up, take a look at their web page. They will be releasing a free version of PGP that will do e-mail, files, and instant messaging. This is a BETA and you shouldn't be using the beta after the final version is released.
2 months till data is lost? Seems odd... Why would htey impliment such an item? would that not keep people from using it on the pure basis of, no matter how much they like it, having to change it to something elselater? Or... are they going to make it upgradeable to pgp 8.0 directly from the beta? That would seem to me(in my grosly uninformed ignorance...) to lead to all kinds of stability isues.... unless the upgrade did nothing but take out the lock out? again....
It's kind of like saying, "So wait, your Diablo 2 characters will disappear at the end of the beta? Why would anyone play it?" Well okay, the analogy isn't quite the same :).
For starters you could export your keys and go use an older version of PGP (or you could use GPG, assuming you just used crypto supported by GPG) to decrypt whatever encrypted documents you made with the beta. At least that should work. I think they should choose new phrasing in their warning.
Anyway, they are probably planning to release a full version by then. So if you have your little smart cards and want to go on using them, you could just upgrade.
The Right Reverend K. Reid Wightman,
"One word of caution however: On Friday, December 6th, 2002, the beta will expire, at which time access to encrypted data will be prevented."
Is there something I am misunderstanding? I would believe that few people would use this if the data was unusable past December. Wouldn't not doing this make more people use it, and in turn more rigorously test the program?
PGP is only for windows and macs, for linux try GnuPG -- complete and free replacement for PGP. There are front-end available for windows as well.
Just a quick comment to all those ppl out there who are too thick to see the utility of this (expiry or no):
It's for sending thing's across a network. Which means you send it, recieve it, and unencrypt it. Then it's done it's job.
How irresponsible would they be to leave beta encryption sitting around in use? They've prevented those too thick to ditch the beta from harming themselves... good job PGP.
-1 Uncomfortable Truth
Whatever happend to PGPhone?
For those of you that dont remember it... it was a secure voice communcations system.
With the improvements in sound encoders, standarized crypto libs (OpenSSL) and the huge amounts of processing powering that the avg desktop has it would seem to be much easier then it was in the early 90s.
Are there projects out there?
-M
I don't think you guys are reading the website correctly, or understanding what is going on. The release is a BETA one, i.e. it is for testing purposes only: access to encrypted data expires after two months possibly because in later BETAs and perhaps the final version, changes might be made that would render the encrypted data incompatible with the final version; and also because they do not want you to go on using the beta after the final version is released.
Of course, to look at it from this perspective, it might be a ploy on their part so that people don't get away without paying by simply using the beta instead of paying for the final version: but coming from a closed-sourced, profit-making company, that seems like a typical, perhaps even rational thing that they might do.
So whats the hullabaloo all about?
I thought this was your public key!
It appears as if PGP Corporation has changed the PGP business model: perpetual licenses are now available. I see this with mixed feelings: it's good for PGP and use of encryption in general, but one major incentive to invest into GnuPG instead of PGP is gone...
(And BTW, they've managed to fix their web shop; it seems to be working now.)
To use it for what beta's are for: testing, not as a demo or a free as in beer solution. No person in his/her right mind would use a beta to do something useful.
beauty is only a light switch away
Did a fast googling and found that its already supported :)
:)
See http://www.opensc.org/
GnuPG is a better choice for *nix users because it can be used
from KDE or in your console mail client mutt,pine etc
Never learn by your mistakes, if you do you may never dare to try again
That is precisely what is meant by 'plan accordingly', it could have been worded more carefully though. This beta in not meant for the people who are freaking out in this discussion and say 'watch out, it's a lock in', 'they are trying to screw you!'. As with any beta, people experienced with the product are the prefered beta testers, and they have received the beta, which incidentally has been out since last Thursday, pretty well. There were some glitches upgrading from previous versions, but by what I hear it's pretty good.
For those still interested, I recommend you grab copy and pound on it. After the beta expires you can decide to buy it if you like it or move your keys over to GnuPG and still have access to all your data and friends.
There are PGP for a number of platforms.
The international version (for ppl outside of US) are here.
Download PGP
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
It is good to see PGP free from the clutches of Network Associates which was slowly strangling it over the years to the point that I could never find it, often could not afford it, and then they shut it down altogether. There just is no substitute for this application, and I'm overjoyed to see a well-funded company bring it back and breathe new life in it.
I downloaded the Mac OS X beta version and it's so cool looking. Very few of the applications that I get for Mac OS X look like real Mac OS X apps, but this one looks like it was built from the ground up for this OS. Excellent job, keep up the good work PGP!
Yes: MAKE A BACKUP OF YOUR KEYS! This beta version does not have 'special encryption thingies so you cannot use it with any other version'. That would be quite pointless because they make a lot of effort making it interoperate with other PGP versions.
I am just curious, but have you *ever* sent encrypted mail? On a regular basis?
The obvious solution here is to have it switch to read-only mode when the beta expires.
At least then people can still get at their data, presumably to move it to the full release version.
Hearing the words "inhibiting access" in the same line as "encrypted data" makes me not want to go anywhere near their product.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
The freeware PGP8.0 is scheduled for release in Q4 2002. Can anyone comment about the release date? I see no problems using PGP Beta if PGP freeware will be available to download (at least several days) before the beta expires. In any case, I imagine we can still access our encrypted data using GPG?
I notice that Win95 isn't supported. Does this mean that I should upgrade (side-grade more like it)? What was so different between Win95c and Win98 that should cause that incompatibility? Microsoft has released Win95a, Win95b, Win95c, Win98, Win98SE, WinME, Win2k home, Win2k pro, WinXP home, and WinXP pro in the past seven or eight years...they can't possibly have changed that much between the versions. More likely than not, Win95c is missing some important dlls that were only available with a certain version of IE that won't install on Win95 machines. PGP is nuts if they think I'm going to move away from Win95 for them ;)
Seriously, though, I've bought my last Microsoft operating system.
A lot of articles about this are just saying that it supports 10.2 when in fact it requires 10.2. On my 10.1.5 system, double-clicking on the install package brings up the installer and just stops there. No error message, nothing.
I'm on some mailing lists where people like to GPG (GNU's PGP clone) sign email, and our LUG have had a couple of GPG keysignings.
;)
So, being a OSS supporting Windows user, I thought I'd try this out.
My normal mail client is Outlook Express (don't complain, when used by someone with a clue there's no more security risk than with any other mailer), and the method that PGP plugs into Outlook Express is digusting. There's a GPG Outlook Express plugin that suffers from the same problem. Basically, when a message windows is loaded, the decoder automatically copies all the text from the window into a buffer, runs the text through PGP, and then pastes the results back into the window. In the case of the version of PGP I tried, in 8pt font.
This also doesn't help when you have a Windows mailer that doesn't support MIME types correctly (Evolution especially likes to send mail with the PGP block as an 'attachment', which basically means your message appears blank in OE with two attachments). No PGP verification there.
I hear Outlook isn't much better; Outlook's IMAP support isn't as polished as OE's, and I guess they don't really want to make it better at the expense of Exchange licenses.
What's the answer? Enigmail. You have to use Mozilla Mail, of course, but that's something that can be adjusted to (and if it's too hard to adjust, it can be customized in XUL of course.) But it seems to be the only way to get correct behaivour for PGP email verification in Windows. And it's all OSS, too.
That said, it didn't handle decryption at all. But I was running a beta on a nightly with a 2 day old GPG build, etc. You get what you pay for.
What would I like to see happen? Outlook Express to become a bit more modular, with actual support for PGP (even the free PGP Home edition would be better than nothing). Or Mozilla Mail evolve a little bit more so I can tolerate using it as my mail client
PGPfone still exists. It's not only an IP telephony solution, one can also have two computers dial each other directly and have an encrypted conversation. It was for the severely paranoid; not originally intended as a way to bypass long distance charges, this was intended, first and foremost, for security.
A quick Google search turns up this MIT site as the first hit, which has pointers to where the program can be found. They're still listing version 1.0 beta 2, not changed since July 11, 1996! (I never saw that much interest in it...) People know there are so many ways to compromise /eavesdrop on a conversation, and a computer (even a laptop) is a bulky way to make a phone call.
(God, look at how much cellphone tech has changed in 6+ years!)
The PGPi site lists a PGPfone version 2.1 (Windows and Mac), but notes that NAI has the rights to it:
I imagine the PGP Corporation owns that now -- did they get everything PGP-related from NAI?I think you're right, though. There's OpenSSL -- heck, there's OpenSSH, too! Set up a heavily-encrypted tunnel, run your favorite VoIP program through that. Since you have to worry about your computer being trojan-free in either case (both software and hardware), you can use a program that's a lot more mature than PGPfone.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
It's there to protect the rest of us from irresponsible accident prone morons who would never get an insurance if it were not mandatory.
No, the legal system and the police are there to protect you from "irresponsible accident prone morons". The sad fact is, the legal system in this country is so fucking broken that nobody would ever see any compensation if the gov't hadn't sent the whole thing into capitalist userspace.
Should you be insured against the possibility that you might break into our houses and steal our furniture? And don't say you wouldn't - thousands, just from reading your post, now consider you to be among the "morons".
It's the best Windows mail client.
http://www.ritlabs.com/the_bat/
From its wep page:
"
The Bat! is a powerful, highly configurable, yet easy to use email client. We've designed it especially to help you deal with your growing volume of email as quickly and efficiently as possible, saving much of your precious time. Use all its powerful features at home or at the office to handle your email naturally - the way you want and how you want, simply and directly.
* Support for an unlimited number of accounts and users
* Fully customizable message templates that save hours of typing
* Powerful filtering for automated message handling
* Support for S/MIME and PGP versions from 2.6x through 6.5
* Mail Dispatcher for managing email on remote servers
* Simultaneous mail processing in the background for all accounts
* Familiar Explorer-style folders for organizing messages
* Easily configurable user interface with message preview option
* Built-in HTML email viewer and message editor with spell-as-you-go
* Sophisticated address book for storing all personal information
* Unique Mail Ticker(TM) for email notification
* Multi-lingual interface supporting 15 languages on the fly
* Import message bases from all major email clients
* Many more features for managing email quickly and easily...
"
Hello,
Recently I noticed that my teenage son Ezekiel had begun to encrypt his emails with a program called PGP. I was concerned because I'd always covertly monitored their email for any hints of illegal activity, drug use or interest in the occult - some of his classmates have begun playing Dungeons and Dragons and listening to KISS. Since Ezekiel was now using PGP, his activites were hidden from me!
Additionally, I also overheard him talking of using a program called Stegasaurus to embed secret information into normal-looking pictures.
Terrified that my son might be speaking in some sort of sinful code, I immediately grounded him for a month. He was only allowed to go to school and Bible study.
Anyways, I've done several days worth of research on this and discovered a few things about PGP that I'd like to share with the readers of these web sites. To begin with, I realized that many of the claims made by the creators of PGP are blatently false. Although I do not have a background in mathematics (I have an AA in Photography) I was easily able to rebuild Ezekiel's private key via his public key and one of his encrypted messages.
Of course I am above-average in intelligence, but PGP is supposedly unbreakable! Perhaps crytogrophers aren't as smart as they believe?
Fortunately in this case Ezekiel was just discussing a girl he met in school - a situation I harshly reprimanded him for. However, while PGP may be a program with flaws, it got me thinking about other programs.
Perhaps someone will construct a PGP-like program that cannot be so easily broken; one that would take days of computer time to hack!
My concern with a program like this is that people who use cryptography always do so because they have something to hide. A sense of guilt and shame seems to drive them. They know that they are doing something wrong and desperately want to hide it from the eyes of the world (although hiding it from the eyes of God is another matter! LOL!)
A study recently released by the Institute for Family Computing revealed that the top three uses of cryptography were for 1) "terrorist-related activity" 2) pedophillia and 3) drug abuse. In fact as far as I can tell, no legitimate use was on the top ten at all!
What scares me about this is that law-enforcement agencies will be unable to sift through email to find people who are breaking the law, or otherwise engaged in suspicious activity. At a time when our nation is under siege, I find it disturbing that people are working on developing cryptography that cannot be broken, even by our protectors in the FBI and CIA! Only those with something to hide truly need cryptography.
Thus I urge cryptogrophers world wide to refrain from working on such programs, until our nation is no longer at war. I would ask those of other countries to respect our right to self-defense and aid us in our time of trouble. Your cryptographic skills can be better put to use trying to find terrorists than to assist them.
Thank you for your time.
Paragraph 3:
YOU HEREBY EXPRESSLY CONSENT TO PGP'S PROCESSING OF YOUR PERSONAL DATA (WHICH MAY BE COLLECTED BY PGP OR ITS DISTRIBUTORS)...
Remind again me why I want that feature in my crypto software...
And it's not open source anymore... so you can't really tell what they're sending...
I hereby place the above post in the public domain.
Just in case...
Although I do not have a background in mathematics (I have an AA in Photography) I was easily able to rebuild Ezekiel's private key via his public key and one of his encrypted messages.
If parent is not a troll, and you have figured out a way to reconstruct a PGP user's private key, then please immediately report the details of your crack to PGP Inc and to CERT. If this is real, it's groundbreaking, and your work could get published in a prominent journal of mathematics.
-- PinocchioWhat Are Your Plans for Linux?
Our current products will not run on Linux. However, we realize the installed base for Linux is growing and our future product plans will include Linux support.
I didn't realize this would be open source (or have I not been paying attention, and it has always been OSS??)
From The CTO Letter:
First of all continuity - you will be glad to hear that we will publish source code. This is very important to us. It's very important to our investors, too. They understand that one of the main reasons people trust PGP is that its source is available. Our forthcoming source release will be for PGP 8.
No, the legal system and the police are there to protect the interests of the victim and the state after something bad has happened. Mandatory auto insurance is there to protect us before something bad happens.
I wonder how much of Slashdot is made up of 13-year-olds with a decent vocabulary and a spell-checker?
You aren't kidding! I was driving late last night and fell asleep. Fortunately, my auto insurance was all paid up so my car didn't hurt anything. Send in those premiums!
With the US government detaining "suspected terrorists" (and suspending their US Constitutional rights) as well as tapping the communication and private records of whomever they please, I've been looking more and more at ways of securing my communications and documents from prying eyes.
Cryptography is great as long as I'm the only person controlling the data. So it's great for the documents I want to protect.
But as far as encrypting my communications, I have to wonder if the effort is really worth it. Sure, encrypting my communication stream to the other party prevents a man-in-the-middle.
But that's not the only part that needs protecting. What happens when it gets to my lady friend, Ima Muslim? She could really be someone pretending to be her. She could be forced into compromising her password. There's no way to keep secret that I'm communicating with her, which can be as damning as if they knew what the message said.
How does PGP address those issues? If PGP doesn't address them, what solutions do exist?
obviously no deficiencies vs. no obvious deficiencies
What the PGP community really needs is a fast, reliable, and comprehensive public key directory. All the ones I've tried to use in the past have been really slow.
You can still get your data. They do not erase it. They do not erase your keys. They do not erase anything, the program just doesn't work anymore. If you want your data back, you can still get it back with the freeware version which will be released by then, or with GPG, or with an older version of the software, or whatever.
The exception is if you have your data on a PGP disk, in which case you will have to go through some trouble, like buying the commercial version. The idea is that you are just testing that feature in the beta, not relying on it to store your data. But, hey, you can always set the date to December 6, launch the program, decrypt your data, and go on your merry way.
I hereby place the above post in the public domain.
No sir, I have *never* sent an encrypted email in my life. But I have used it to encrypt files on the hard disk. The issue here is that the product will stop working and *according to them* you will lose access to your files.
Of course you can make backup of your keys/data, dcrypt your files before the beta expires or upgrade your software to the final version but all that *is not mentioned* in the desclaimer. I read the disclaimer as "test our product on our conditions and at our mercy".
Surely you meant 'important', not 'useful'?
I use beta software all the time to do useful stuff, especially when there's no non-beta equivalent. I'd be a bit hesitant to use beta software for anything important, though...
Liam
I imagine the PGP Corporation owns that now -- did they get everything PGP-related from NAI?
From their products page at http://www.pgp.com/display.php?pageID=2
The following products were NOT part of the PGP technology acquisition and must continue to be purchased from Network Associates:
o PGP E-Business Server
o PGP Command Line
"On Friday, December 6th, 2002, the beta will expire, at which time access to encrypted data will be prevented"
Let's make sure Al-Qaeda get a copy of this!!
--- Why are you wearing that stupid bunny suit? | Why are you wearing that stupid man suit?
I'd rather have Fucking Good Privacy, thank you very much.
Who knows how reliable "Really Good" or "Pretty Good" actually is...
John Gillotte is a such a fag.
You're right, that's what I meant
(I guess my English can still use a little work)
beauty is only a light switch away
What are you talking about? You pay for food don't you? Isn't that even more of a base necessity than encryption?
Your statement tells me the following:
1) You are a freeloader, and you want everything for free. You should get a good job and pay for things like the rest of the free market.
2) On top of that, you cry wolf that someone is trying to screw you when you don't want to pay for something. That just discredits everything you say.
3) You are a communist. If you want everything handed to you without working for it, the move to post-Soviet Ukraine and find out first hand how that works out for people.
Here is what I think: a vast majority of you "anti-corp", "anti-MS" trolls are communists, plain and simple. Prove me wrong.
i'm a big fan on pgp and have used it on various platforms but i can't get th enew version to install on macs with remote login (i.e. net info). something about the storage of keys seems to be the problem. the where. can't create or get a key. has anyone encountere dthis problem?
The Gurus of Unix Meeting of Minds (GUMM) takes place Wednesday, April
1, 2076 (check THAT in your perpetual calendar program), 14 feet above
the ground directly in front of the Milpitas Gumps. Members will grep
each other by the hand (after intro), yacc a lot, smoke filtered
chroots in pipes, chown with forks, use the wc (unless uuclean), fseek
nice zombie processes, strip, and sleep, but not, we hope, od. Three
days will be devoted to discussion of the ramifications of whodo. Two
seconds have been allotted for a complete rundown of all the user-
friendly features of Unix. Seminars include "Everything You Know is
Wrong", led by Tom Kempson, "Batman or Cat:man?" led by Richie Dennis
"cc C? Si! Si!" led by Kerwin Bernighan, and "Document Unix, Are You
Kidding?" led by Jan Yeats. No Reader Service No. is necessary because
all GUGUs (Gurus of Unix Group of Users) already know everything we
could tell them.
-- "Get GUMMed," Dr. Dobb's Journal, June '84
- this post brought to you by the Automated Last Post Generator...