Slashdot Mirror
PGP 8.0 Beta Released
James Evans writes "With a release date seemingly scheduled in December, the new PGP Corporation has today released PGP 8.0 Beta. It features Smart Card functionality, Unicode support, Novell Groupwise support, among other things. A Mac OS X Beta is out as well, also with a robust feature set. One word of caution however: On Friday, December 6th, 2002, the beta will expire, at which time access to encrypted data will be prevented."
I've never used PGP, only GPG. What's good in PGP that GPG doesn't have?
{{.sig}}
... they will ever develop "Really Good Privacy", PGP is just too M$'esque for my liking ;)
Before everyone gets too riled up, take a look at their web page. They will be releasing a free version of PGP that will do e-mail, files, and instant messaging. This is a BETA and you shouldn't be using the beta after the final version is released.
It's kind of like saying, "So wait, your Diablo 2 characters will disappear at the end of the beta? Why would anyone play it?" Well okay, the analogy isn't quite the same :).
For starters you could export your keys and go use an older version of PGP (or you could use GPG, assuming you just used crypto supported by GPG) to decrypt whatever encrypted documents you made with the beta. At least that should work. I think they should choose new phrasing in their warning.
Anyway, they are probably planning to release a full version by then. So if you have your little smart cards and want to go on using them, you could just upgrade.
The Right Reverend K. Reid Wightman,
Just a quick comment to all those ppl out there who are too thick to see the utility of this (expiry or no):
It's for sending thing's across a network. Which means you send it, recieve it, and unencrypt it. Then it's done it's job.
How irresponsible would they be to leave beta encryption sitting around in use? They've prevented those too thick to ditch the beta from harming themselves... good job PGP.
-1 Uncomfortable Truth
Whatever happend to PGPhone?
For those of you that dont remember it... it was a secure voice communcations system.
With the improvements in sound encoders, standarized crypto libs (OpenSSL) and the huge amounts of processing powering that the avg desktop has it would seem to be much easier then it was in the early 90s.
Are there projects out there?
-M
I don't think you guys are reading the website correctly, or understanding what is going on. The release is a BETA one, i.e. it is for testing purposes only: access to encrypted data expires after two months possibly because in later BETAs and perhaps the final version, changes might be made that would render the encrypted data incompatible with the final version; and also because they do not want you to go on using the beta after the final version is released.
Of course, to look at it from this perspective, it might be a ploy on their part so that people don't get away without paying by simply using the beta instead of paying for the final version: but coming from a closed-sourced, profit-making company, that seems like a typical, perhaps even rational thing that they might do.
So whats the hullabaloo all about?
I thought this was your public key!
1) It isn't "forcing" - the public doesn't have to buy it. It isn't like choosing an office suite.
2) Paying for products isn't "totally against what we stand for here at Slashdot." Did the name change to GNU/Slashdot, or are you just making assumptions. If a product is free, use it. If a product is good, pay for it. If a product is both good and free, all the better.
3) No one is making them pay to protect themselves. They could use GPG if they really want a free encryption solution.
4) Paying for security is not like paying for music. Relate PGP to your data as you relate locks to your hardware. If you think everything should be free, you probably aren't in the right country (doesn't matter which one you're in, true communism doesn't exist most places).
5) I've said it before, but:
Freedom of information doesn't mean information should be free. Just because you can read the book doesn't mean you don't have to pay for it.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
It appears as if PGP Corporation has changed the PGP business model: perpetual licenses are now available. I see this with mixed feelings: it's good for PGP and use of encryption in general, but one major incentive to invest into GnuPG instead of PGP is gone...
(And BTW, they've managed to fix their web shop; it seems to be working now.)
To use it for what beta's are for: testing, not as a demo or a free as in beer solution. No person in his/her right mind would use a beta to do something useful.
beauty is only a light switch away
Did a fast googling and found that its already supported :)
:)
See http://www.opensc.org/
GnuPG is a better choice for *nix users because it can be used
from KDE or in your console mail client mutt,pine etc
Never learn by your mistakes, if you do you may never dare to try again
That is precisely what is meant by 'plan accordingly', it could have been worded more carefully though. This beta in not meant for the people who are freaking out in this discussion and say 'watch out, it's a lock in', 'they are trying to screw you!'. As with any beta, people experienced with the product are the prefered beta testers, and they have received the beta, which incidentally has been out since last Thursday, pretty well. There were some glitches upgrading from previous versions, but by what I hear it's pretty good.
For those still interested, I recommend you grab copy and pound on it. After the beta expires you can decide to buy it if you like it or move your keys over to GnuPG and still have access to all your data and friends.
There are PGP for a number of platforms.
The international version (for ppl outside of US) are here.
Download PGP
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
It is good to see PGP free from the clutches of Network Associates which was slowly strangling it over the years to the point that I could never find it, often could not afford it, and then they shut it down altogether. There just is no substitute for this application, and I'm overjoyed to see a well-funded company bring it back and breathe new life in it.
I downloaded the Mac OS X beta version and it's so cool looking. Very few of the applications that I get for Mac OS X look like real Mac OS X apps, but this one looks like it was built from the ground up for this OS. Excellent job, keep up the good work PGP!
Yes: MAKE A BACKUP OF YOUR KEYS! This beta version does not have 'special encryption thingies so you cannot use it with any other version'. That would be quite pointless because they make a lot of effort making it interoperate with other PGP versions.
I am just curious, but have you *ever* sent encrypted mail? On a regular basis?
The obvious solution here is to have it switch to read-only mode when the beta expires.
At least then people can still get at their data, presumably to move it to the full release version.
Hearing the words "inhibiting access" in the same line as "encrypted data" makes me not want to go anywhere near their product.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
The freeware PGP8.0 is scheduled for release in Q4 2002. Can anyone comment about the release date? I see no problems using PGP Beta if PGP freeware will be available to download (at least several days) before the beta expires. In any case, I imagine we can still access our encrypted data using GPG?
There is a freeware version scheduled to come out in 4th Quarter called PGP Freeware 8.0. http://www.pgp.com/display.php?pageID=31
A lot of articles about this are just saying that it supports 10.2 when in fact it requires 10.2. On my 10.1.5 system, double-clicking on the install package brings up the installer and just stops there. No error message, nothing.
I'm on some mailing lists where people like to GPG (GNU's PGP clone) sign email, and our LUG have had a couple of GPG keysignings.
;)
So, being a OSS supporting Windows user, I thought I'd try this out.
My normal mail client is Outlook Express (don't complain, when used by someone with a clue there's no more security risk than with any other mailer), and the method that PGP plugs into Outlook Express is digusting. There's a GPG Outlook Express plugin that suffers from the same problem. Basically, when a message windows is loaded, the decoder automatically copies all the text from the window into a buffer, runs the text through PGP, and then pastes the results back into the window. In the case of the version of PGP I tried, in 8pt font.
This also doesn't help when you have a Windows mailer that doesn't support MIME types correctly (Evolution especially likes to send mail with the PGP block as an 'attachment', which basically means your message appears blank in OE with two attachments). No PGP verification there.
I hear Outlook isn't much better; Outlook's IMAP support isn't as polished as OE's, and I guess they don't really want to make it better at the expense of Exchange licenses.
What's the answer? Enigmail. You have to use Mozilla Mail, of course, but that's something that can be adjusted to (and if it's too hard to adjust, it can be customized in XUL of course.) But it seems to be the only way to get correct behaivour for PGP email verification in Windows. And it's all OSS, too.
That said, it didn't handle decryption at all. But I was running a beta on a nightly with a 2 day old GPG build, etc. You get what you pay for.
What would I like to see happen? Outlook Express to become a bit more modular, with actual support for PGP (even the free PGP Home edition would be better than nothing). Or Mozilla Mail evolve a little bit more so I can tolerate using it as my mail client
PGPfone still exists. It's not only an IP telephony solution, one can also have two computers dial each other directly and have an encrypted conversation. It was for the severely paranoid; not originally intended as a way to bypass long distance charges, this was intended, first and foremost, for security.
A quick Google search turns up this MIT site as the first hit, which has pointers to where the program can be found. They're still listing version 1.0 beta 2, not changed since July 11, 1996! (I never saw that much interest in it...) People know there are so many ways to compromise /eavesdrop on a conversation, and a computer (even a laptop) is a bulky way to make a phone call.
(God, look at how much cellphone tech has changed in 6+ years!)
The PGPi site lists a PGPfone version 2.1 (Windows and Mac), but notes that NAI has the rights to it:
I imagine the PGP Corporation owns that now -- did they get everything PGP-related from NAI?I think you're right, though. There's OpenSSL -- heck, there's OpenSSH, too! Set up a heavily-encrypted tunnel, run your favorite VoIP program through that. Since you have to worry about your computer being trojan-free in either case (both software and hardware), you can use a program that's a lot more mature than PGPfone.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
Hello,
Recently I noticed that my teenage son Ezekiel had begun to encrypt his emails with a program called PGP. I was concerned because I'd always covertly monitored their email for any hints of illegal activity, drug use or interest in the occult - some of his classmates have begun playing Dungeons and Dragons and listening to KISS. Since Ezekiel was now using PGP, his activites were hidden from me!
Additionally, I also overheard him talking of using a program called Stegasaurus to embed secret information into normal-looking pictures.
Terrified that my son might be speaking in some sort of sinful code, I immediately grounded him for a month. He was only allowed to go to school and Bible study.
Anyways, I've done several days worth of research on this and discovered a few things about PGP that I'd like to share with the readers of these web sites. To begin with, I realized that many of the claims made by the creators of PGP are blatently false. Although I do not have a background in mathematics (I have an AA in Photography) I was easily able to rebuild Ezekiel's private key via his public key and one of his encrypted messages.
Of course I am above-average in intelligence, but PGP is supposedly unbreakable! Perhaps crytogrophers aren't as smart as they believe?
Fortunately in this case Ezekiel was just discussing a girl he met in school - a situation I harshly reprimanded him for. However, while PGP may be a program with flaws, it got me thinking about other programs.
Perhaps someone will construct a PGP-like program that cannot be so easily broken; one that would take days of computer time to hack!
My concern with a program like this is that people who use cryptography always do so because they have something to hide. A sense of guilt and shame seems to drive them. They know that they are doing something wrong and desperately want to hide it from the eyes of the world (although hiding it from the eyes of God is another matter! LOL!)
A study recently released by the Institute for Family Computing revealed that the top three uses of cryptography were for 1) "terrorist-related activity" 2) pedophillia and 3) drug abuse. In fact as far as I can tell, no legitimate use was on the top ten at all!
What scares me about this is that law-enforcement agencies will be unable to sift through email to find people who are breaking the law, or otherwise engaged in suspicious activity. At a time when our nation is under siege, I find it disturbing that people are working on developing cryptography that cannot be broken, even by our protectors in the FBI and CIA! Only those with something to hide truly need cryptography.
Thus I urge cryptogrophers world wide to refrain from working on such programs, until our nation is no longer at war. I would ask those of other countries to respect our right to self-defense and aid us in our time of trouble. Your cryptographic skills can be better put to use trying to find terrorists than to assist them.
Thank you for your time.
Paragraph 3:
YOU HEREBY EXPRESSLY CONSENT TO PGP'S PROCESSING OF YOUR PERSONAL DATA (WHICH MAY BE COLLECTED BY PGP OR ITS DISTRIBUTORS)...
Remind again me why I want that feature in my crypto software...
And it's not open source anymore... so you can't really tell what they're sending...
I hereby place the above post in the public domain.
What Are Your Plans for Linux?
Our current products will not run on Linux. However, we realize the installed base for Linux is growing and our future product plans will include Linux support.
I didn't realize this would be open source (or have I not been paying attention, and it has always been OSS??)
From The CTO Letter:
First of all continuity - you will be glad to hear that we will publish source code. This is very important to us. It's very important to our investors, too. They understand that one of the main reasons people trust PGP is that its source is available. Our forthcoming source release will be for PGP 8.
Not quite. The beta will expire, but that doesn't mean you can't access your information ever again. You just have to get a copy of PGP final. If all you have is encrypted files, you can use PGP freeware or even GPG to decode them. If you have PGP disks, make sure you decrypt them before the beta expires, or else you will have to buy the full PGP 8.0 to get your data back.
I hereby place the above post in the public domain.
With the US government detaining "suspected terrorists" (and suspending their US Constitutional rights) as well as tapping the communication and private records of whomever they please, I've been looking more and more at ways of securing my communications and documents from prying eyes.
Cryptography is great as long as I'm the only person controlling the data. So it's great for the documents I want to protect.
But as far as encrypting my communications, I have to wonder if the effort is really worth it. Sure, encrypting my communication stream to the other party prevents a man-in-the-middle.
But that's not the only part that needs protecting. What happens when it gets to my lady friend, Ima Muslim? She could really be someone pretending to be her. She could be forced into compromising her password. There's no way to keep secret that I'm communicating with her, which can be as damning as if they knew what the message said.
How does PGP address those issues? If PGP doesn't address them, what solutions do exist?
obviously no deficiencies vs. no obvious deficiencies
What the PGP community really needs is a fast, reliable, and comprehensive public key directory. All the ones I've tried to use in the past have been really slow.
You can still get your data. They do not erase it. They do not erase your keys. They do not erase anything, the program just doesn't work anymore. If you want your data back, you can still get it back with the freeware version which will be released by then, or with GPG, or with an older version of the software, or whatever.
The exception is if you have your data on a PGP disk, in which case you will have to go through some trouble, like buying the commercial version. The idea is that you are just testing that feature in the beta, not relying on it to store your data. But, hey, you can always set the date to December 6, launch the program, decrypt your data, and go on your merry way.
I hereby place the above post in the public domain.
This is NOT informative, it is WRONG. Please moderate as such.
PGP is available for many platforms.
siri