Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Is 15 Years Old

Posted by ryuzaki0 on from the happy-secure-birthday dept.

An anonymous reader writes "PGP Corporation salutes the 15th anniversary of PGP encryption technology. Developed and released in 1991 by Phil Zimmermann, Pretty Good Privacy 1.0 set the standard for safe, accessible technology to protect and share online information."

16 of 119 comments (clear)

  1. First encrypted post by Anonymous Coward · · Score: 5, Funny

         -----BEGIN PGP MESSAGE-----
         Version: 2.6.2

         hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ 2fve87lMlDlx4Oj
         eW4GDdBfLbJE7VUpp13N19GL8e/AqbyyjHH4aS0YoTk10QQ9n nRvjY8nZL3MPXSZ
         g9VGQxFeGqzykzmykU6A26MSMexR4ApeeON6xzZWfo+0yOqAq 6lb46wsvldZ96YA
         AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMpp7UQ2IzBrXg6Gtuk S8NxbukLeamqVW3
         1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OCi8=
         =zzaA
         -----END PGP MESSAGE-----

    1. Re:First encrypted post by Anonymous Coward · · Score: 4, Funny
      hIwDY32hYGCE8MkBA/wOu7d45aUxF4Q0RKJprD3v5Z9K1YcRJ 2fve87lMlDlx4Oj
      eW4GDdBfLbJE7VUpp13N19GL8e/Aqbyyj HH4aS0YoTk10QQ9n nRvjY8nZL3MPXSZ
      g9VGQxFeGqzykzmykU6A26MSMexR4Apee ON6xzZWfo+0yOqAq 6lb46wsvldZ96YA
      AABH78hyX7YX4uT1tNCWEIIBoqqvCeIMp p7UQ2IzBrXg6Gtuk S8NxbukLeamqVW3
      1yt21DYOjuLzcMNe/JNsD9vDVCvOOG3OC i8=
      =zzaA
      Yup, It tastes exactly like chicken.

      Regards,
          The NSA.
    2. Re:First encrypted post by mattwarden · · Score: 3, Funny

      Leave my mother out of this.

  2. Thanks, Phil!!! by jamstar7 · · Score: 3

    I used PGP back in the day when it was still illegal due to the 'fact' that it was considered a 'munition'. Thanks, Phil, for giving me the amount of encryption enjoyed by many small governments of the day...

    --
    Understanding the scope of the problem is the first step on the path to true panic.
  3. it's too bad... by technicalandsocial · · Score: 5, Insightful

    It's too bad after 15 years, probably > one percent of internet users have even used it, or any of its OpenPGP standard derivatives (GnuPG) for example. Sort of like the NSA telephone spying fiasco this year in the U.S, you know the various bureacracies are watching all the packets they can. If you want privacy, now is the time to take control of your own. Encrypt your emails and files, IPSEC, SSH, HTTPS wherever possible, and demand it where it is not yet available for you.

    1. Re:it's too bad... by SEAL · · Score: 4, Informative

      While your points are on-target, it is easy to forget how much the U.S. government locked down encryption prior to Phil's efforts. We take for granted being able to make purchases over a 128-bit encrypted connection with SSL-enabled webbrowsers. Secure global e-commerce is a direct result of political change brought around by Phil Zimmerman.

      So even though use of PGP / GPG have not penetrated the mainstream, there were other beneficial aspects of its existence.

  4. Re:too bad by poliopteragriseoapte · · Score: 4, Interesting

    I checked, via pgp.mit.edu. In my university, with 16000+ people, I am the only one with a PGP key signed by someone outside of my university, and I think that no more than 20 people have a PGP key uploaded to pgp.mit.edu. And there is simply NO WAY I can convince staff (or pretty much anyone) to accept my PGP-signed emails as something especially valuable (and as a replacement for a paper signature), or to send me confidential information via encrypted email instead of having me go pick up paper folders somewhere. On the other hand, everybody seems to accept as "signed" the pdf letters I produce, which include a photographed copy of my signature. I have given up.

  5. Re:too bad by technicalandsocial · · Score: 5, Informative

    I think you're confusing a few things.

    Web of Trust (WoT) is a PKI model. Certificate Authorities (CA) is a competing PKI model, and the one apparently you prefer. Have you taken a look at the CA list of trust in your browser lately? I for one prefer WoT, although more work on the part of the user to maintain, the trust model is based on me, not "Staat de Nederlanden" or any other company I've never heard of. Not to mention the stolen Microsoft certificates of a few years ago. There is nothing to stop us from moving to a WoT model for our browser PKI, just as there is nothing stopping us from using the CA model for email, it's just how it's been implemented for us thus far, and which we choose to use.

    MIME vs Inline are competing ways of using PKI in email, it appears you prefer MIME which does appear to be the merging standard.

  6. Re:It's sad... by Noksagt · · Score: 5, Informative

    PGPfone does still run under Windows and the source is available. Zfone (also by Phil Zimmerman, is a new secure VoIP program. Gizmo and Skype also have encryption (though they're closed source).

  7. S/MIME has been around a long time too by Beryllium+Sphere(tm) · · Score: 4, Interesting

    And it has not killed the PGP market or even gotten major traction. What percentage of your legitimate incoming email is S/MIME signed? Even from your bank?

    Also, bear in mind that CA-based PKI is a strict subset of web of trust.

    The lesson is that crypto goes nowhere in the market unless it's as transparent as TLS.

    >can not or do not want to maintain a web of trust

    PKI shouldn't be difficult, but from what I've seen it does seem to be beyond human comprehension.

  8. Too bad it isn't better integrated into things by Soong · · Score: 4, Interesting

    Once upon a time I generated a key, and discovered there was no one around to swap keys with. My best guess is that it has never been common enough or easy enough to get started. It needs to be as easy as hitting send on an email, automatically sign it, and if the recipient is known to have a key then encrypt it to them. I could be bothered to go through some hassle to get this going, but I think most people don't care enough and probably most of their email doesn't matter enough to bother with encrypting or signing. I still wish it was more common though.

    --
    Start Running Better Polls
  9. The title is wrong. Quit perpetuating the myth by Anonymous Coward · · Score: 5, Informative

    Jeez, will this fairy tail never end? Phil NEVER released PGP. Crap, I was there and I remember it. Phil had to be browbeaten and bribed to give up the software (for which he had already been paid to develop).

    There were two people who were hauled up in front of the Federal Grand Jury. Phil was one. Kelly Goen was the other. It was Kelly who paid Phil, who researched the law (so that the release could be done legally) and who had been pushing for developing public key cryptography for years before he ever met Phil. And it was Kelly who had the guts to do the actual release. Phil thought he was completely safe at the time (and legally speaking he probably was, not that innocence has ever stopped the Feds before).

    If you want to search, you might be able to find the original Jim Warren articles in Microtimes around, who Kelly kept in touch with during the actual release. Jim thought Kelly was paranoid as hell until the FBI showed up on his door, and he wrote at least one article about it.

    For your amusement, Kelly went around the San Francisco Bay area with an old acoustic coupler modem to various pay phones and would upload it onto a different server. Then he'd call Jim to tell him where it was at, in case something happened to him. He was under the impression that the single best thing the NSA could do was to knock him off before he put it on those servers. Looking back at it now, he was quite right.

    And no, this isn't being posted by Kelly. Just someone else who was there at the time.

    So please, get your facts straight and give Kelly some credit while he's still alive. Thanks.

  10. Re:Speaking of PGP... by billstclair · · Score: 3, Informative

    The free trial is also hard to find, likely intentionally so.

    http://www.pgp.com/downloads/desktoptrial2.php

    It's fully functional for 30 days, then falls back to the functionality of the old PGP Freeware product, i.e. you can encrypt and decrypt files, windows, and the clipboard, and you can create, import, and manage keys.

  11. Re:Finally Legal! by dubbreak · · Score: 4, Funny

    In Canada it can get jiggy with other encryption technology as long as it isn't >5years senior (and was able to last year as well). It'll have to wait until 16 to consent for any age and 18 if it is interested in encryption with influential power over them. I'm not sure if there are laws about related algorithms. In my neck of the woods we don't code that way.

    --
    "If you are going through hell, keep going." - Winston Churchill
  12. For the history files by Beryllium+Sphere(tm) · · Score: 3, Informative

    I don't know enough to say who's right, but here's Phil Zimmermann's acount of PGP history. Also check out Adam Back's PGP timeline, which he warns is probably inaccurate. Microtimes columnist's recollections of PGP history.

  13. Inappropriate PGP usage: my sin. by dotmax · · Score: 3, Funny

    In the early 90s i spent (way too much of) my energy in the marijuana movement. Not wholly surprisingly, i got a little paranoid about marajuana-movement organizations' mailing lists being confiscated in various busts around the country.

    So i relentlessly harangued a national organization to distribute a windows/DOS/Mac PGP release to all of their chapters.

    I felt pretty good about it until i got a call from someone in another state:

            "duuuude. i forgot my passphrase..."

    How did you do that?

              "we were rilly baked ..."

    i've always wondered how much damage i did to the marijuana movement by handing a bunch of stoners a tool that required memorizing a passphrase...

    my bad!