Slashdot Mirror
PGP 8.0 Beta Released
James Evans writes "With a release date seemingly scheduled in December, the new PGP Corporation has today released PGP 8.0 Beta. It features Smart Card functionality, Unicode support, Novell Groupwise support, among other things. A Mac OS X Beta is out as well, also with a robust feature set. One word of caution however: On Friday, December 6th, 2002, the beta will expire, at which time access to encrypted data will be prevented."
Before everyone gets too riled up, take a look at their web page. They will be releasing a free version of PGP that will do e-mail, files, and instant messaging. This is a BETA and you shouldn't be using the beta after the final version is released.
PGP is only for windows and macs, for linux try GnuPG -- complete and free replacement for PGP. There are front-end available for windows as well.
I don't think you guys are reading the website correctly, or understanding what is going on. The release is a BETA one, i.e. it is for testing purposes only: access to encrypted data expires after two months possibly because in later BETAs and perhaps the final version, changes might be made that would render the encrypted data incompatible with the final version; and also because they do not want you to go on using the beta after the final version is released.
Of course, to look at it from this perspective, it might be a ploy on their part so that people don't get away without paying by simply using the beta instead of paying for the final version: but coming from a closed-sourced, profit-making company, that seems like a typical, perhaps even rational thing that they might do.
So whats the hullabaloo all about?
It appears as if PGP Corporation has changed the PGP business model: perpetual licenses are now available. I see this with mixed feelings: it's good for PGP and use of encryption in general, but one major incentive to invest into GnuPG instead of PGP is gone...
(And BTW, they've managed to fix their web shop; it seems to be working now.)
To use it for what beta's are for: testing, not as a demo or a free as in beer solution. No person in his/her right mind would use a beta to do something useful.
beauty is only a light switch away
Did a fast googling and found that its already supported :)
:)
See http://www.opensc.org/
GnuPG is a better choice for *nix users because it can be used
from KDE or in your console mail client mutt,pine etc
Never learn by your mistakes, if you do you may never dare to try again
That is precisely what is meant by 'plan accordingly', it could have been worded more carefully though. This beta in not meant for the people who are freaking out in this discussion and say 'watch out, it's a lock in', 'they are trying to screw you!'. As with any beta, people experienced with the product are the prefered beta testers, and they have received the beta, which incidentally has been out since last Thursday, pretty well. There were some glitches upgrading from previous versions, but by what I hear it's pretty good.
For those still interested, I recommend you grab copy and pound on it. After the beta expires you can decide to buy it if you like it or move your keys over to GnuPG and still have access to all your data and friends.
There are PGP for a number of platforms.
The international version (for ppl outside of US) are here.
Download PGP
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
Yes: MAKE A BACKUP OF YOUR KEYS! This beta version does not have 'special encryption thingies so you cannot use it with any other version'. That would be quite pointless because they make a lot of effort making it interoperate with other PGP versions.
I am just curious, but have you *ever* sent encrypted mail? On a regular basis?
PGP comes with some lovely UI tools and a library for developing more. Speaking from experience of the Win32 impl, the integration with the shell is extremely handy, with encrypt/decrypt/sign options in context menus for example. The PGPDisk utility was also awesome though it doesn't work on XP - hopefully 8.0 will fix that.
There is a freeware version scheduled to come out in 4th Quarter called PGP Freeware 8.0. http://www.pgp.com/display.php?pageID=31
A lot of articles about this are just saying that it supports 10.2 when in fact it requires 10.2. On my 10.1.5 system, double-clicking on the install package brings up the installer and just stops there. No error message, nothing.
An interface. And corporate support. (Some might say a lack of RMS is a good selling point in itself.)
There are some wrappers for GPG, which is solely a command line utility. The Windows Privacy Tray is quite good.
However, one of the terms of sale of PGP IIRC was that there would always be a 'freeware' edition available, and that is definitely the case with PGP 8.0. This will be the first release that correctly supports Windows XP.
PGPfone still exists. It's not only an IP telephony solution, one can also have two computers dial each other directly and have an encrypted conversation. It was for the severely paranoid; not originally intended as a way to bypass long distance charges, this was intended, first and foremost, for security.
A quick Google search turns up this MIT site as the first hit, which has pointers to where the program can be found. They're still listing version 1.0 beta 2, not changed since July 11, 1996! (I never saw that much interest in it...) People know there are so many ways to compromise /eavesdrop on a conversation, and a computer (even a laptop) is a bulky way to make a phone call.
(God, look at how much cellphone tech has changed in 6+ years!)
The PGPi site lists a PGPfone version 2.1 (Windows and Mac), but notes that NAI has the rights to it:
I imagine the PGP Corporation owns that now -- did they get everything PGP-related from NAI?I think you're right, though. There's OpenSSL -- heck, there's OpenSSH, too! Set up a heavily-encrypted tunnel, run your favorite VoIP program through that. Since you have to worry about your computer being trojan-free in either case (both software and hardware), you can use a program that's a lot more mature than PGPfone.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
PGPckt's PGPdisk does indeed work under Windows XP - albeit with a few quirks. However, since it is based on the PGP v6 codebase, it is unable to read PGPdisks created by PGP v7.
The new PGPdisk in PGP v8 is the only one to function under Windows XP with the ability to read all versions of PGPdisks.
/pah
XP Pro comes with integrated disk encryption. Come to that Outlook Express, Lotus and Netscape email have had encryption for 5 years now.
The real problem with secure email is that none of the spec ever had a solution for locating encryption keys.
One of the things we have been pushing lately is the idea that every ISP should set up an XKMS locate service to act as a key repository. The XKMS service would be linked to the DNS via a DNS SRV record.
So that if you want to send a message to Alice@slashdot.org you first look up _XKMS_SOAP_HTTP._TCP.slashdot.org, that gives you an XKMS service locate.slashdot.org. You then send a message to locate.slashdot.org to locate a key for alice@slashdot.org via either S/MIME or PGP. The service returns the untrusted key which can be validated by a variety of means (e.g. a local XKMS validate service).
Back in the mists of PKI time people thought that X.500 or LDAP would do this function. Problem being that X.500 has never been viable as a global infrastructure. Trying to propose a similar feature using LDAP ended up in the weeds because the LDAP mafia thought that we were trying to help them with the great conversion to replace DNS with LDAP...
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Paragraph 3:
YOU HEREBY EXPRESSLY CONSENT TO PGP'S PROCESSING OF YOUR PERSONAL DATA (WHICH MAY BE COLLECTED BY PGP OR ITS DISTRIBUTORS)...
Remind again me why I want that feature in my crypto software...
And it's not open source anymore... so you can't really tell what they're sending...
I hereby place the above post in the public domain.
Have you heard of GPGME? It's the official library for using GnuPG from other programs, and it does everything you mentioned. From the application point of view, it's just the same as if the crypto operations were in a library.
It does have some performance problems, because it must run a new gpg process for every operation, but those will be fixed in the future.
You can still get your data. They do not erase it. They do not erase your keys. They do not erase anything, the program just doesn't work anymore. If you want your data back, you can still get it back with the freeware version which will be released by then, or with GPG, or with an older version of the software, or whatever.
The exception is if you have your data on a PGP disk, in which case you will have to go through some trouble, like buying the commercial version. The idea is that you are just testing that feature in the beta, not relying on it to store your data. But, hey, you can always set the date to December 6, launch the program, decrypt your data, and go on your merry way.
I hereby place the above post in the public domain.