Slashdot Mirror
GnuPGP article on CNN
Ed Goodwin writes "CNN had an article about a 128 bit encryption program released under the Gnu license. Not alot of technical info but the developer comes across as a serious OpenSource advocate. "
← Back to Stories (view on slashdot.org)
I refuse to use any encrpytion method that wasn't developed by a 16 year old girl.
It's actually called GnuPG for Gnu Privacy Guard.
I use GPG to sign my mail with mutt. It works flawlessly, I don't have any complaints.
/dev/random. That's great -- ideal, even -- for linux, but most people don't run linux, and ported versions are considerably less robust because they don't have a solid PRNG.
It's a nice program, and if you're still using pgp 2.x, I'd suggest going OSS with gpg rather than generating a new key with a recent PGP.
There are some pretty serious problems with gpg, though. The least important is sparse documentation.
A bigger problem with GPG is its dependence on
PK crypto programs are about communication -- multi platform support is important, and so is integration into existing mail clients. Those issues seem to be beyond the scope of the current project, so I'm not sure how well it will catch on.
But it is very good at what it does on linux.
Although "mass market" software is considered exempt from these controls, the software that falls into this category is not very secure, according to Moechel. "That stuff can be cracked in a matter of milliseconds," he said.
it's good to see CNN quoting the AC rather than vice versa. this is the kind of thoughtful, well-informed discourse that made free software what it is today. whatever that is.
:)
actually, on mature reflection, this guy is my kind of "quote machine". sort of a GNU implementation of scott mcnealy.
GPG has been round for a while.It seems fairly stable
Does no-one else see the irony?
Information wants to be free!
Can someone help me use pine to automatically sign my outgoing mail?
GnuPG could easily be adapted for Windows, Koch said, but "I'm not going
to do that for free. I'm not that interested in Windows," he said.
He's not going to do that for free. Hmm.. Now that means.. He's going to charge for GNU software? Maybe he ment something else. But the whole concept of GNU seems to be lost. Also there is no mention of GNU or it's value to this piece of software.
GnuPG could easily be adapted for Windows, Koch said, but "I'm not going to do that for free. I'm not that interested in Windows," he said.
He's not going to do that for free. Hmm.. Now that means.. He's going to charge for GNU software? Maybe he ment something else. But the whole concept of GNU seems to be lost. Also there is no mention of GNU or it's value to this piece of software.
Although "mass market" software is considered exempt from these controls, the software that falls into
this category is not very secure, according to Moechel. "That stuff can be cracked in a matter of
milliseconds," he said.
*WHAT* kind of machines are able to crack "mass market" encrypted messages in few milliseconds??!
You mean 10^n Alphas in parallel running Beowulf? Or do mass market encryption programs have some kind of backdoors or what?
I though at least PGP was up to 512 bit (even up to 8000 bit in gurilla flavors) encryption. Isn't GPG interchangable with PGP? 128 yes no?
...is for sale. The bidding starts at one hundred million dollars.
They use that phrase at least 3 times (I stopped reading when I read it the third time). How blatantly incorrect.
here's my opinion on that:
Z 3GzaPUGdSEOPxLpE
:)
-----BEGIN PGP MESSAGE-----
Version: 2.6.2
pgAAAC3X92V/VZV7hVVNY4TOUBuxVbh8IC3HnXJwuqndVtV
sMU=
=NHcT
-----END PGP MESSAGE-----
...the password is everyone's favorite metasyntactic syllable, three letters, lowercase. (nope, it's not 'bar'.
pb Reply or e-mail; don't vaguely moderate.
I'm currently using the latest release of GnuPG, and have been for a little while... surprised it's never been mentioned on Slashdot before. it seems to be very high quality, conforming to the OpenPGP spec, and can be broken to play nice with PGP 5 and 6, and somewhat with 2.x.
Odd this should turn up... I posted to my local LUG list about it this morning, just on a whim.
http://www.gnupg.org, if anyone needs a link.
This is the kind of technology that needs to be integrated somehow into GNOME/KDE so that a significant number of people are using strong encryption, so that the government's attack on privacy can be curtailed. With strong encryption, the government cannot eavesdrop, and that is something that you don't get with many technologies.
How can GnuPG be integrated into GNOME without breaking certain laws. Is there any way to have GNOME/KDE-aware programs that can be downloaded and installed easily off of foreign sites?
Is there any way to link the installation of these as part of the installation of GNOME/KDE on a desktop?
I think this should be one area that should be explored, because stronger encryption means we get authenticated E-mail, etc., and this should all be an integral part of the user experience. This is something that Microsoft cannot offer and something that, if done right, could really be a selling point for OSS.
Any comments?
"GnuPG could easily be adapted for Windows, Koch said, but 'I'm not going to do that for free. I'm not that interested in Windows,' he said.
Classic.
Hey, it's just a beta.
FreeBSD/OpenBSD are explicitly mentioned as ports with no comment about unavailable RNGs, and from what I've heard about these they have crypto in the kernel.
Sure, GPG needs its own RNG. Someone will have to write one. Anyone?
It is designed to be a drop-in replacement for PGP (identical command line switches for the basic operations) and to be compatible to PGP5 upwards (PGP2 is not difficult because of RSA and IDEA being patented and therefore not implemented in GPG).
umm, kill the "not" in "not difficult" in my above response. Changed wording and missed that.
Maybe you should read some of the infos on www.gnu.org.
Hint: it's not what someone pays for something to be programmed, but what you can do with the resulting sources.
Free software does not mean that programmers are slaves. They are also free, and if they don't program what you want/need, you can try to motivate them to program that for you.
Also, this is nothing new. Happens all the time.
That's the way that it should be--you can make money off of causing progress in the workings, or off of distribution (selling to those who want to buy a CD-ROM just because it's easier than downloading the entire GNU system, or whatever), but taking money for the privilage of using (or even seeing) software? Ick.
It's too bad that most misinterpret `free' as meaning 'gratis'....
-Rozzin
-rozzin.
I installed a Debian/Slink beta this week and GPG seems to be well integrated into the mail-user-agent "exmh".
Packages are signed somehow, but I think the sig is only checked when the package-maintainers upload the software. (And I don't know if everyone uses GPG already.)
Please note that GPG can't be an integral part of any free GNU/Linux-System, since US-Gov. doesn't permit reexporting.
What other kind of "integration" might be needed in the near future?