Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Is 15 Years Old

Posted by ryuzaki0 on from the happy-secure-birthday dept.

An anonymous reader writes "PGP Corporation salutes the 15th anniversary of PGP encryption technology. Developed and released in 1991 by Phil Zimmermann, Pretty Good Privacy 1.0 set the standard for safe, accessible technology to protect and share online information."

23 of 119 comments (clear)

  1. First encrypted post by Anonymous Coward · · Score: 5, Funny

         -----BEGIN PGP MESSAGE-----
         Version: 2.6.2

         hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ 2fve87lMlDlx4Oj
         eW4GDdBfLbJE7VUpp13N19GL8e/AqbyyjHH4aS0YoTk10QQ9n nRvjY8nZL3MPXSZ
         g9VGQxFeGqzykzmykU6A26MSMexR4ApeeON6xzZWfo+0yOqAq 6lb46wsvldZ96YA
         AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMpp7UQ2IzBrXg6Gtuk S8NxbukLeamqVW3
         1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OCi8=
         =zzaA
         -----END PGP MESSAGE-----

    1. Re:First encrypted post by Anonymous Coward · · Score: 4, Funny
      hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ 2fve87lMlDlx4Oj
      eW4GDdBfLbJE7VUpp13N19GL8e/Aqbyyj HH4aS0YoTk10QQ9n nRvjY8nZL3MPXSZ
      g9VGQxFeGqzykzmykU6A26MSMexR4Apee ON6xzZWfo+0yOqAq 6lb46wsvldZ96YA
      AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMp p7UQ2IzBrXg6Gtuk S8NxbukLeamqVW3
      1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OC i8=
      =zzaA
      Yup, It tastes exactly like chicken.

      Regards,
          The NSA.
    2. Re:First encrypted post by mattwarden · · Score: 3, Funny

      Leave my mother out of this.

  2. too bad by Lord+Ender · · Score: 2, Interesting

    Unfortunately, in the real world, 99% of email users can not or do not want to maintain a web of trust. That is why S/MIME is going to kill the PGP market. PGP/MIME is only big because it was first on the scene.

    Hell, even mutt supports S/MIME. Imagine SSL with a web of trust--yuck!. PKI is the way to go...

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:too bad by poliopteragriseoapte · · Score: 4, Interesting

      I checked, via pgp.mit.edu. In my university, with 16000+ people, I am the only one with a PGP key signed by someone outside of my university, and I think that no more than 20 people have a PGP key uploaded to pgp.mit.edu. And there is simply NO WAY I can convince staff (or pretty much anyone) to accept my PGP-signed emails as something especially valuable (and as a replacement for a paper signature), or to send me confidential information via encrypted email instead of having me go pick up paper folders somewhere. On the other hand, everybody seems to accept as "signed" the pdf letters I produce, which include a photographed copy of my signature. I have given up.

    2. Re:too bad by technicalandsocial · · Score: 5, Informative

      I think you're confusing a few things.

      Web of Trust (WoT) is a PKI model. Certificate Authorities (CA) is a competing PKI model, and the one apparently you prefer. Have you taken a look at the CA list of trust in your browser lately? I for one prefer WoT, although more work on the part of the user to maintain, the trust model is based on me, not "Staat de Nederlanden" or any other company I've never heard of. Not to mention the stolen Microsoft certificates of a few years ago. There is nothing to stop us from moving to a WoT model for our browser PKI, just as there is nothing stopping us from using the CA model for email, it's just how it's been implemented for us thus far, and which we choose to use.

      MIME vs Inline are competing ways of using PKI in email, it appears you prefer MIME which does appear to be the merging standard.

    3. Re:too bad by Llanfairpwllgwyngyll · · Score: 2, Interesting

      "PKI - there is no P and no I.... in practice it is just a bunch of K...." - me

      S/MIME is great. Inside a single organisation. But beyond that.... forget it. And I have seen many MANY attempts across MANY serious organisations.

      Webs of trust are not the only trust model PGP can implement. In the serious business world, PGP Universal is making steady progress; policy driven, nice and easy for the users. Of course, it supports S/MIME too for all the poor souls in external organisations stuck with that :-)

  3. Thanks, Phil!!! by jamstar7 · · Score: 3

    I used PGP back in the day when it was still illegal due to the 'fact' that it was considered a 'munition'. Thanks, Phil, for giving me the amount of encryption enjoyed by many small governments of the day...

    --
    Understanding the scope of the problem is the first step on the path to true panic.
    1. Re:Thanks, Phil!!! by tomstdenis · · Score: 2, Informative

      Um, it was illegal to EXPORT not use. Get your fud straight.

      That not withstanding he [and people like him] went through hell to free up crypto projects for the rest of us. I, myself, give out a crypto library that slips through relaxed regulations on free software.

      Kudos to Phil, his supporters, and PGP as a whole. [except Jon Callas, he's a jerk and I still hate him]

      Tom

      --
      Someday, I'll have a real sig.
  4. it's too bad... by technicalandsocial · · Score: 5, Insightful

    It's too bad after 15 years, probably > one percent of internet users have even used it, or any of its OpenPGP standard derivatives (GnuPG) for example. Sort of like the NSA telephone spying fiasco this year in the U.S, you know the various bureacracies are watching all the packets they can. If you want privacy, now is the time to take control of your own. Encrypt your emails and files, IPSEC, SSH, HTTPS wherever possible, and demand it where it is not yet available for you.

    1. Re:it's too bad... by SEAL · · Score: 4, Informative

      While your points are on-target, it is easy to forget how much the U.S. government locked down encryption prior to Phil's efforts. We take for granted being able to make purchases over a 128-bit encrypted connection with SSL-enabled webbrowsers. Secure global e-commerce is a direct result of political change brought around by Phil Zimmerman.

      So even though use of PGP / GPG have not penetrated the mainstream, there were other beneficial aspects of its existence.

  5. Re:It's sad... by Noksagt · · Score: 5, Informative

    PGPfone does still run under Windows and the source is available. Zfone (also by Phil Zimmerman, is a new secure VoIP program. Gizmo and Skype also have encryption (though they're closed source).

  6. S/MIME has been around a long time too by Beryllium+Sphere(tm) · · Score: 4, Interesting

    And it has not killed the PGP market or even gotten major traction. What percentage of your legitimate incoming email is S/MIME signed? Even from your bank?

    Also, bear in mind that CA-based PKI is a strict subset of web of trust.

    The lesson is that crypto goes nowhere in the market unless it's as transparent as TLS.

    >can not or do not want to maintain a web of trust

    PKI shouldn't be difficult, but from what I've seen it does seem to be beyond human comprehension.

  7. Too bad it isn't better integrated into things by Soong · · Score: 4, Interesting

    Once upon a time I generated a key, and discovered there was no one around to swap keys with. My best guess is that it has never been common enough or easy enough to get started. It needs to be as easy as hitting send on an email, automatically sign it, and if the recipient is known to have a key then encrypt it to them. I could be bothered to go through some hassle to get this going, but I think most people don't care enough and probably most of their email doesn't matter enough to bother with encrypting or signing. I still wish it was more common though.

    --
    Start Running Better Polls
  8. Speaking of PGP... by FooAtWFU · · Score: 2, Interesting
    ... can anyone recommend any good Windows XP PGP/GPG-type tools? You used to be able to download a little cute PGP program as freeware to sit in your tray, hold your key, and encrypt/decrypt a window or the clipboard. Now all I can find like that is WinPT, and while it's serviceable for me, it's also incredibly ugly and not very refined, and is confusing by comparison. Gak! You can still download the old PGP freeware versions but they refuse to run on WinXP - there's just a 30-day trial out there now.

    If there's one thing that annoys me it's when a program disappears like that...

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
    1. Re:Speaking of PGP... by billstclair · · Score: 3, Informative

      The free trial is also hard to find, likely intentionally so.

      http://www.pgp.com/downloads/desktoptrial2.php

      It's fully functional for 30 days, then falls back to the functionality of the old PGP Freeware product, i.e. you can encrypt and decrypt files, windows, and the clipboard, and you can create, import, and manage keys.

  9. The title is wrong. Quit perpetuating the myth by Anonymous Coward · · Score: 5, Informative

    Jeez, will this fairy tail never end? Phil NEVER released PGP. Crap, I was there and I remember it. Phil had to be browbeaten and bribed to give up the software (for which he had already been paid to develop).

    There were two people who were hauled up in front of the Federal Grand Jury. Phil was one. Kelly Goen was the other. It was Kelly who paid Phil, who researched the law (so that the release could be done legally) and who had been pushing for developing public key cryptography for years before he ever met Phil. And it was Kelly who had the guts to do the actual release. Phil thought he was completely safe at the time (and legally speaking he probably was, not that innocence has ever stopped the Feds before).

    If you want to search, you might be able to find the original Jim Warren articles in Microtimes around, who Kelly kept in touch with during the actual release. Jim thought Kelly was paranoid as hell until the FBI showed up on his door, and he wrote at least one article about it.

    For your amusement, Kelly went around the San Francisco Bay area with an old acoustic coupler modem to various pay phones and would upload it onto a different server. Then he'd call Jim to tell him where it was at, in case something happened to him. He was under the impression that the single best thing the NSA could do was to knock him off before he put it on those servers. Looking back at it now, he was quite right.

    And no, this isn't being posted by Kelly. Just someone else who was there at the time.

    So please, get your facts straight and give Kelly some credit while he's still alive. Thanks.

  10. Re:Finally Legal! by dubbreak · · Score: 4, Funny

    In Canada it can get jiggy with other encryption technology as long as it isn't >5years senior (and was able to last year as well). It'll have to wait until 16 to consent for any age and 18 if it is interested in encryption with influential power over them. I'm not sure if there are laws about related algorithms. In my neck of the woods we don't code that way.

    --
    "If you are going through hell, keep going." - Winston Churchill
  11. PGP didnt Invent RSA encryption by EEPROMS · · Score: 2, Interesting

    I remember watching an English documentary about 5 or so years ago on the history of encryption and cyphers. One thing I remember was how the RSA public and private key encryption wasn't invented by PGP even though they were awarded a patent , it was invented by an english researcher while working for one of the many U.K government secret service shadow projects at the time. The UK security services have been using RSA encryption for many years before PGP ever figured it out but wouldn't admit to this fact because it would assist the Russians efforts to decrypt messages sent by the UK secret service.

    So even though PGP got the patent for this technology they were not the first to invent it.

  12. For the history files by Beryllium+Sphere(tm) · · Score: 3, Informative

    I don't know enough to say who's right, but here's Phil Zimmermann's acount of PGP history. Also check out Adam Back's PGP timeline, which he warns is probably inaccurate. Microtimes columnist's recollections of PGP history.

  13. Re:What's been the problem with encrypted voice? by gnoshi · · Score: 2, Informative

    Yes, yes there are.

    Twinkle (Linux) supports both SRTP and ZRTP.
    Minisip and Minisplat (both Linux) presently support SRTP and are working toward ZRTP support.
    Eyebeam (Windows) supports SRTP
    ZFone (Windows, Linux, MacOSX) uses ZRTP and can work with any SIP-based software (because it intercepts and encrypts the stream).
    OpenWengo (Windows, Linux) is in the process of implementing SRTP, with some automated key exchange, and later ZRTP is planned.

    So really, the answer is: yes, yes there are implementations.

  14. Because they're not. by SanityInAnarchy · · Score: 2, Insightful

    When signing, in fact, the exact opposite happens.

    Public and private isn't too bad, it's just that no one ever, EVER bothers to learn them. I mean, come on, if people can learn words like "clutch", "gearshift", "ignition", and so on, why can't they understand that the PUBLIC key is what you send to everyone, and the PRIVATE key is what you don't even share with your lover?

    --
    Don't thank God, thank a doctor!
  15. Inappropriate PGP usage: my sin. by dotmax · · Score: 3, Funny

    In the early 90s i spent (way too much of) my energy in the marijuana movement. Not wholly surprisingly, i got a little paranoid about marajuana-movement organizations' mailing lists being confiscated in various busts around the country.

    So i relentlessly harangued a national organization to distribute a windows/DOS/Mac PGP release to all of their chapters.

    I felt pretty good about it until i got a call from someone in another state:

            "duuuude. i forgot my passphrase..."

    How did you do that?

              "we were rilly baked ..."

    i've always wondered how much damage i did to the marijuana movement by handing a bunch of stoners a tool that required memorizing a passphrase...

    my bad!