Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP 8.0 Beta Released

Posted by timothy on from the pretty-okay-news dept.

James Evans writes "With a release date seemingly scheduled in December, the new PGP Corporation has today released PGP 8.0 Beta. It features Smart Card functionality, Unicode support, Novell Groupwise support, among other things. A Mac OS X Beta is out as well, also with a robust feature set. One word of caution however: On Friday, December 6th, 2002, the beta will expire, at which time access to encrypted data will be prevented."

29 of 122 comments (clear)

  1. GPG vs PGP by chrysalis · · Score: 3, Interesting

    I've never used PGP, only GPG. What's good in PGP that GPG doesn't have?

    --
    {{.sig}}
    1. Re:GPG vs PGP by BurritoWarrior · · Score: 5, Funny

      PGP has two P's, GPG only has one. According to the Gartner Group, 83% of CIO's surveyed said that having 2 P's was vital to their business and something they would implement in the next 18 months. Seriously, though, PGP has a user interface that mere mortals can use. GPG doesn't (or at least didn't last time I tried it).

    2. Re:GPG vs PGP by DrXym · · Score: 5, Informative
      GPG is a command line tool. If you want to put a UI on it it involves the very sucky process of constructing a command line with the arguments for the action you wish to perform, invoking gpg and parsing the results. In short it is a big pain in the butt and error prone and is seriously hampering its adoption. If the gpg folks had any sense they would release an LGPL library version of it. The reasons for not releasing it as a lib (even a GPL one) in their faq are just plain wrong.


      PGP comes with some lovely UI tools and a library for developing more. Speaking from experience of the Win32 impl, the integration with the shell is extremely handy, with encrypt/decrypt/sign options in context menus for example. The PGPDisk utility was also awesome though it doesn't work on XP - hopefully 8.0 will fix that.

    3. Re:GPG vs PGP by Plug · · Score: 4, Informative

      An interface. And corporate support. (Some might say a lack of RMS is a good selling point in itself.)

      There are some wrappers for GPG, which is solely a command line utility. The Windows Privacy Tray is quite good.

      However, one of the terms of sale of PGP IIRC was that there would always be a 'freeware' edition available, and that is definitely the case with PGP 8.0. This will be the first release that correctly supports Windows XP.

    4. Re:GPG vs PGP by pheede · · Score: 3, Informative

      PGPckt's PGPdisk does indeed work under Windows XP - albeit with a few quirks. However, since it is based on the PGP v6 codebase, it is unable to read PGPdisks created by PGP v7.

      The new PGPdisk in PGP v8 is the only one to function under Windows XP with the ability to read all versions of PGPdisks.

      /pah

    5. Re:GPG vs PGP by Zeinfeld · · Score: 5, Informative
      The PGPDisk utility was also awesome though it doesn't work on XP - hopefully 8.0 will fix that.

      XP Pro comes with integrated disk encryption. Come to that Outlook Express, Lotus and Netscape email have had encryption for 5 years now.

      The real problem with secure email is that none of the spec ever had a solution for locating encryption keys.

      One of the things we have been pushing lately is the idea that every ISP should set up an XKMS locate service to act as a key repository. The XKMS service would be linked to the DNS via a DNS SRV record.

      So that if you want to send a message to Alice@slashdot.org you first look up _XKMS_SOAP_HTTP._TCP.slashdot.org, that gives you an XKMS service locate.slashdot.org. You then send a message to locate.slashdot.org to locate a key for alice@slashdot.org via either S/MIME or PGP. The service returns the untrusted key which can be validated by a variety of means (e.g. a local XKMS validate service).

      Back in the mists of PKI time people thought that X.500 or LDAP would do this function. Problem being that X.500 has never been viable as a global infrastructure. Trying to propose a similar feature using LDAP ended up in the weeds because the LDAP mafia thought that we were trying to help them with the great conversion to replace DNS with LDAP...

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. I wonder if... by aussiedood · · Score: 5, Funny

    ... they will ever develop "Really Good Privacy", PGP is just too M$'esque for my liking ;)

  3. There will be a free version by pope+nihil · · Score: 5, Informative

    Before everyone gets too riled up, take a look at their web page. They will be releasing a free version of PGP that will do e-mail, files, and instant messaging. This is a BETA and you shouldn't be using the beta after the final version is released.

  4. Good to see they're still around by ShieldW0lf · · Score: 3, Insightful

    Just a quick comment to all those ppl out there who are too thick to see the utility of this (expiry or no):

    It's for sending thing's across a network. Which means you send it, recieve it, and unencrypt it. Then it's done it's job.

    How irresponsible would they be to leave beta encryption sitting around in use? They've prevented those too thick to ditch the beta from harming themselves... good job PGP.

    --
    -1 Uncomfortable Truth
  5. PGPHone by mmca · · Score: 5, Interesting

    Whatever happend to PGPhone?

    For those of you that dont remember it... it was a secure voice communcations system.

    With the improvements in sound encoders, standarized crypto libs (OpenSSL) and the huge amounts of processing powering that the avg desktop has it would seem to be much easier then it was in the early 90s.

    Are there projects out there?

    -M

    1. Re:PGPHone by unixmaster · · Score: 3, Interesting

      http://sourceforge.net/projects/securephone/ might be interesting

      --
      Never learn by your mistakes, if you do you may never dare to try again
  6. Do-do heads by cerenyx · · Score: 5, Informative

    I don't think you guys are reading the website correctly, or understanding what is going on. The release is a BETA one, i.e. it is for testing purposes only: access to encrypted data expires after two months possibly because in later BETAs and perhaps the final version, changes might be made that would render the encrypted data incompatible with the final version; and also because they do not want you to go on using the beta after the final version is released.

    Of course, to look at it from this perspective, it might be a ploy on their part so that people don't get away without paying by simply using the beta instead of paying for the final version: but coming from a closed-sourced, profit-making company, that seems like a typical, perhaps even rational thing that they might do.

    So whats the hullabaloo all about?

    1. Re:Do-do heads by Pascal+of+S · · Score: 3, Informative

      Not quite. If you just make backups of your keys, uninstall the beta and install another PGP version, even 7.0 freeware will do, you can go on using your data, keys rings and everything else. It is just the beta program will not work anymore. If you forgot to backup your keys, just turn back your clock a bit and it will work again.

      It is not a lock-in ploy, just a beta.

  7. Re:That's called "lock-in" by Oculus+Habent · · Score: 5, Insightful

    1) It isn't "forcing" - the public doesn't have to buy it. It isn't like choosing an office suite.

    2) Paying for products isn't "totally against what we stand for here at Slashdot." Did the name change to GNU/Slashdot, or are you just making assumptions. If a product is free, use it. If a product is good, pay for it. If a product is both good and free, all the better.

    3) No one is making them pay to protect themselves. They could use GPG if they really want a free encryption solution.

    4) Paying for security is not like paying for music. Relate PGP to your data as you relate locks to your hardware. If you think everything should be free, you probably aren't in the right country (doesn't matter which one you're in, true communism doesn't exist most places).

    5) I've said it before, but:
    Freedom of information doesn't mean information should be free. Just because you can read the book doesn't mean you don't have to pay for it.

    --
    That what was all this school was for... to teach us how to solve our own problems. -- janeowit
  8. Perpetual licenses available by Florian+Weimer · · Score: 3, Informative

    It appears as if PGP Corporation has changed the PGP business model: perpetual licenses are now available. I see this with mixed feelings: it's good for PGP and use of encryption in general, but one major incentive to invest into GnuPG instead of PGP is gone...

    (And BTW, they've managed to fix their web shop; it seems to be working now.)

  9. Smart Card support with GnuPG? by unixmaster · · Score: 4, Informative

    Did a fast googling and found that its already supported :)
    See http://www.opensc.org/

    GnuPG is a better choice for *nix users because it can be used
    from KDE or in your console mail client mutt,pine etc :)

    --
    Never learn by your mistakes, if you do you may never dare to try again
  10. You will not lose your data by Pascal+of+S · · Score: 5, Informative
    Just to put a couple of items straight, after the Beta expires, your data WILL NOT BE LOST. That is, if you do what you should do and backup your keys. It is only the beta program that will not work anymore. PGP keys can be freely interchanged between versions, heck, even accross platforms if you are a bit careful.


    That is precisely what is meant by 'plan accordingly', it could have been worded more carefully though. This beta in not meant for the people who are freaking out in this discussion and say 'watch out, it's a lock in', 'they are trying to screw you!'. As with any beta, people experienced with the product are the prefered beta testers, and they have received the beta, which incidentally has been out since last Thursday, pretty well. There were some glitches upgrading from previous versions, but by what I hear it's pretty good.


    For those still interested, I recommend you grab copy and pound on it. After the beta expires you can decide to buy it if you like it or move your keys over to GnuPG and still have access to all your data and friends.

  11. Not so. by haeger · · Score: 4, Informative
    Are you drunk?
    There are PGP for a number of platforms.
    The international version (for ppl outside of US) are here.
    Download PGP

    .haeger

    --
    You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
  12. Re:That's called "lock-in" by svzurich · · Score: 3, Informative

    There is a freeware version scheduled to come out in 4th Quarter called PGP Freeware 8.0. http://www.pgp.com/display.php?pageID=31

  13. Mac version requires 10.2 by dasboy · · Score: 3, Informative

    A lot of articles about this are just saying that it supports 10.2 when in fact it requires 10.2. On my 10.1.5 system, double-clicking on the install package brings up the installer and just stops there. No error message, nothing.

    1. Re:Mac version requires 10.2 by FatRatBastard · · Score: 3, Informative

      The OS X version is also pretty unstable. Its crashed every time I've run it within 5 seconds of startup sans once. Have tried running it off of a clean reboot with nothing else running and it still goes "bonk". Has anyone else seen this?

    2. Re:Mac version requires 10.2 by Rick+Zeman · · Score: 3, Informative

      The OS X version is also pretty unstable. Its crashed every time I've run it within 5 seconds of startup sans once. Have tried running it off of a clean reboot with nothing else running and it still goes "bonk". Has anyone else seen this?
      I had that, too, after importing my old (v.6-era) keys. Trashed the prefs (search for pgp...they're obvious) and then all is well.

  14. PGP support in Windows mail clients by Plug · · Score: 5, Interesting

    I'm on some mailing lists where people like to GPG (GNU's PGP clone) sign email, and our LUG have had a couple of GPG keysignings.

    So, being a OSS supporting Windows user, I thought I'd try this out.

    My normal mail client is Outlook Express (don't complain, when used by someone with a clue there's no more security risk than with any other mailer), and the method that PGP plugs into Outlook Express is digusting. There's a GPG Outlook Express plugin that suffers from the same problem. Basically, when a message windows is loaded, the decoder automatically copies all the text from the window into a buffer, runs the text through PGP, and then pastes the results back into the window. In the case of the version of PGP I tried, in 8pt font.

    This also doesn't help when you have a Windows mailer that doesn't support MIME types correctly (Evolution especially likes to send mail with the PGP block as an 'attachment', which basically means your message appears blank in OE with two attachments). No PGP verification there.

    I hear Outlook isn't much better; Outlook's IMAP support isn't as polished as OE's, and I guess they don't really want to make it better at the expense of Exchange licenses.

    What's the answer? Enigmail. You have to use Mozilla Mail, of course, but that's something that can be adjusted to (and if it's too hard to adjust, it can be customized in XUL of course.) But it seems to be the only way to get correct behaivour for PGP email verification in Windows. And it's all OSS, too.

    That said, it didn't handle decryption at all. But I was running a beta on a nightly with a 2 day old GPG build, etc. You get what you pay for.

    What would I like to see happen? Outlook Express to become a bit more modular, with actual support for PGP (even the free PGP Home edition would be better than nothing). Or Mozilla Mail evolve a little bit more so I can tolerate using it as my mail client ;)

  15. Re:PGPfone by Raetsel · · Score: 5, Informative

    PGPfone still exists. It's not only an IP telephony solution, one can also have two computers dial each other directly and have an encrypted conversation. It was for the severely paranoid; not originally intended as a way to bypass long distance charges, this was intended, first and foremost, for security.

    A quick Google search turns up this MIT site as the first hit, which has pointers to where the program can be found. They're still listing version 1.0 beta 2, not changed since July 11, 1996! (I never saw that much interest in it...) People know there are so many ways to compromise /eavesdrop on a conversation, and a computer (even a laptop) is a bulky way to make a phone call.

    (God, look at how much cellphone tech has changed in 6+ years!)

    The PGPi site lists a PGPfone version 2.1 (Windows and Mac), but notes that NAI has the rights to it:

    "PGPfone 2.x is a commercial product, but NAI has shown no interest in it, so it is probably O.K. to use it anyway."
    I imagine the PGP Corporation owns that now -- did they get everything PGP-related from NAI?

    I think you're right, though. There's OpenSSL -- heck, there's OpenSSH, too! Set up a heavily-encrypted tunnel, run your favorite VoIP program through that. Since you have to worry about your computer being trojan-free in either case (both software and hardware), you can use a program that's a lot more mature than PGPfone.

    --

    "...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
  16. I'm more worried about the EULA... by wirelessbuzzers · · Score: 5, Informative

    Paragraph 3:

    YOU HEREBY EXPRESSLY CONSENT TO PGP'S PROCESSING OF YOUR PERSONAL DATA (WHICH MAY BE COLLECTED BY PGP OR ITS DISTRIBUTORS)...

    Remind again me why I want that feature in my crypto software...

    And it's not open source anymore... so you can't really tell what they're sending...

    --
    I hereby place the above post in the public domain.
    1. Re:I'm more worried about the EULA... by mcoca · · Score: 3, Informative
      Maybe you should have read Paragraph 2:

      [...] FOR THE LICENSE OF BETA SOFTWARE YOU ARE ABOUT TO DOWNLOAD OR INSTALL (THE "SOFTWARE"). "PGP" MEANS PGP CORPORATION. [...] (emphasis mine)

      So it's not the software that is collecting the information, but PGP Corporation. I guess at some point during download or installation it asks you to register.

      Maybe it's not a really good privacy policy, but it's not spyware either.
  17. This will be open source?? by mbadolato · · Score: 3, Interesting

    I didn't realize this would be open source (or have I not been paying attention, and it has always been OSS??)

    From The CTO Letter:

    First of all continuity - you will be glad to hear that we will publish source code. This is very important to us. It's very important to our investors, too. They understand that one of the main reasons people trust PGP is that its source is available. Our forthcoming source release will be for PGP 8.

  18. PGP Infrastructure by cryptor3 · · Score: 3, Interesting

    What the PGP community really needs is a fast, reliable, and comprehensive public key directory. All the ones I've tried to use in the past have been really slow.

  19. For the last time... by wirelessbuzzers · · Score: 3, Informative

    You can still get your data. They do not erase it. They do not erase your keys. They do not erase anything, the program just doesn't work anymore. If you want your data back, you can still get it back with the freeware version which will be released by then, or with GPG, or with an older version of the software, or whatever.

    The exception is if you have your data on a PGP disk, in which case you will have to go through some trouble, like buying the commercial version. The idea is that you are just testing that feature in the beta, not relying on it to store your data. But, hey, you can always set the date to December 6, launch the program, decrypt your data, and go on your merry way.

    --
    I hereby place the above post in the public domain.