REQUEST FOR DIGITAL SIGNATURE OF PGP 5.0 FOR WIN INSTALL FILE
JamesTracy95820
I use PGP 5.0 for windows and just love it.
I'd like to get 10 or more people to send me a digital signature
(detached) of the installation EXE file so I can verify that it hasn't
been tampered with, if that's possible.
I'm at:
I'll post the results here for the benefit of all.
I'm just concerned about any back-doors. I've used this program for
years now, but you never can be too careful.
THANKS!!
David W. Hodgins
> I'd like to get 10 or more people to send me a digital signature
> (detached) of the installation EXE file so I can verify that it hasn't
> been tampered with, if that's possible.
Given that one person could set up 10 ids/keys, the above would
be pointless.
See http://en.wikipedia.org/wiki/Web_of_trust
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Tamzen Cannoy
"David W. Hodgins" <dwho...@nomail.afraid.org> wrote:
> On Mon, 23 Mar 2009 01:05:02 -0400, JamesTracy95820
> <jamestr...@gmail.com> wrote:
>
> > I'd like to get 10 or more people to send me a digital signature
> > (detached) of the installation EXE file so I can verify that it hasn't
> > been tampered with, if that's possible.
>
> Given that one person could set up 10 ids/keys, the above would
> be pointless.
>
> See http://en.wikipedia.org/wiki/Web_of_trust
>
> Regards, Dave Hodgins
It you are installing PGP 5 you clearly don't care about security. The
amount of bugs that have been fixed in the last 15 years alone makes
using a current version worth it.
JamesTracy95820
wrote:
> On Mon, 23 Mar 2009 01:05:02 -0400, JamesTracy95820 <jamestracy95...@gmail.com> wrote:
> > I'd like to get 10 or more people to send me a digital signature
> > (detached) of the installation EXE file so I can verify that it hasn't
> > been tampered with, if that's possible.
>
> Given that one person could set up 10 ids/keys, the above would
> be pointless.
>
>
> Regards, Dave Hodgins
>
> --
> Change nomail.afraid.org to ody.ca to reply by email.
> (nomail.afraid.org has been set up specifically for
> use in usenet. Feel free to use it yourself.)
Point taken.
I've picked someone at random, and asked for their signature. I
figure if I can gather 10 signatures, and they all match, it's a
pretty good bet everything is OK. But, yes - you're right - it's not
an absolute.
I'm asking for a digital signature, because I can't be sure that at
some point through the years (I've used the program since it first
came out), and unbeknowst to me, a virus could have modified the
installation file.
So - any chance you could provide a digital signature? I'd be happy
to supply mine, just email me:
OR - perhaps I'm missing something else? Any comment or suggestion is
welcome.
...jimbo
JamesTracy95820
> In article <op.uq8cawx6a3w0dxd...@hodgins.homeip.net>,
> "David W. Hodgins" <dwhodg...@nomail.afraid.org> wrote:
>
> > On Mon, 23 Mar 2009 01:05:02 -0400, JamesTracy95820
> > <jamestracy95...@gmail.com> wrote:
>
> > > I'd like to get 10 or more people to send me a digital signature
> > > (detached) of the installation EXE file so I can verify that it hasn't
> > > been tampered with, if that's possible.
>
> > Given that one person could set up 10 ids/keys, the above would
> > be pointless.
>
>
> > Regards, Dave Hodgins
>
> It you are installing PGP 5 you clearly don't care about security. The
> amount of bugs that have been fixed in the last 15 years alone makes
> using a current version worth it.
Thanks for your comment! Bugs? Not good!
I've read about some bugs that don't affect me, with the exception of
one which I'm going to correct. Perhaps there are others I'm not
aware of.
Could you perhaps elaborate on what those bugs are? Or is it just too
numerous to mention?
My problem is that I've convinced many people to use PGP 5.0 - so
changing them to something different would be a real problem. It was
hard enough convincing people to use any kind of security, let alone
having them switch horses now.
But, if the bugs are bad enough - I would.
So, if you can point me to where I could find out more about the bugs,
that would be great.
Thanks
Sincerely,
James Tracy
JamesTracy95820
wrote:
> HI FOLKS:
>
> I use PGP 5.0 for windows and just love it.
>
> I'd like to get 10 or more people to send me a digital signature
> (detached) of the installation EXE file so I can verify that it hasn't
> been tampered with, if that's possible.
>
> I'm at:
>
>
> I'll post the results here for the benefit of all.
>
> I'm just concerned about any back-doors. I've used this program for
> years now, but you never can be too careful.
>
> THANKS!!
>
> www.JamesEdwardTracy.com
Here is my digital signature of the copy of PGP 5.0 for windows:
http://www.JamesEdwardTracy.com/STUFF/2009-03/PGP-50-SIGNATURE.zip
http://www.JamesEdwardTracy.com/STUFF/2009-03/PGP-50-SIGNATURE.zip.sig
THANKS!
...jimbo
David W. Hodgins
> So - any chance you could provide a digital signature? I'd be happy
> to supply mine, just email me:
I don't have a copy of pgp5 on my system anymore. I'm using gpg on linux.
If you want a command line program, use the latest gpg. If you want a
gui program, use the latest pgp.
As with any security related software, it's always a good idea to keep the
software up-to-date.
JamesTracy95820
wrote:
Good points! My problem is that I can't really upgrade because I've
got so many people in line with PGP 5.0 - and if I ask them to
upgrade, they'll hit me over the head.
Getting people to use PGP is like pulling teeth in my experience. For
me, I'd upgrade in a heartbeat - but the family and friends I've
convinced to use PGP will drop like flies if I ask them to upgrade.
It's a conundrum.
But you don't have an old copy of 5.0, so thanks for writing anyway.
...jimbo
Otto Sykora
> Good points! My problem is that I can't really upgrade because I've
> got so many people in line with PGP 5.0 - and if I ask them to
> upgrade, they'll hit me over the head.
>
> Getting people to use PGP is like pulling teeth in my experience. For
> me, I'd upgrade in a heartbeat - but the family and friends I've
> convinced to use PGP will drop like flies if I ask them to upgrade.
>
you see it too dramatic!
the keys are compatible with the latest version, there is no problem to
fear. The current pgp will work in the freeware version very similar to
the 5.0, so there is no problem at all.
Well it comes to the point which operating system do your correspondence
partnes use.
I doubt that there is a currect version which will work really on w98
for example, but there are enough kind of updated versions around which
will work.
If they all use XP or vista, get them some current free version and let
them install it , keys can be imported, all should be compatible. I use
often a key created by the early dos version of pgp, and it still works
taday.
Otto Sykora
> HI FOLKS:
>
> I use PGP 5.0 for windows and just love it.
>
> JamesTr...@gmail.com
>
oko here detached sig of the pgp5i
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt
Comment: RSA key on server
iQCVAwUASc92pfxEhYEy2jP5AQHqgwP+MEGcrIZDEsFWjrpSG7XM9p5H/nrd7n87
7enuGax28M9Wt7lErfRjyXTafXbS7Lfk9rrUdVrzrE65i+tIQZXGScrQBigKjWG5
1gDDm8c7ZLsWwtc6ZFnYl1WxJkGG7IbwZc+aREDPZq5GFFQhIRKSk1BPPA2szS6s
XLz/i/z5PPk=
=uOkm
-----END PGP SIGNATURE-----
since pgp5.0 original seems not to be readily available for download any
more, it might be quite difficult.
the pgp5.0 was done for w95 and NT4 at that time and did live only very
short time due to its numerous problems and was then replaced by the
version 6.x of which the version 6.5.8 was most used at that time and is
still today in use for example on XP where the original freeware version
and better the pgp6.5.8 ckt (last one was 9 I think) is around.
JamesTracy95820
> On 23.03.2009 22:38, JamesTracy95820 wrote:
>
> > Good points! My problem is that I can't really upgrade because I've
> > got so many people in line with PGP 5.0 - and if I ask them to
> > upgrade, they'll hit me over the head.
>
> > Getting people to use PGP is like pulling teeth in my experience. For
> > me, I'd upgrade in a heartbeat - but the family and friends I've
> > convinced to use PGP will drop like flies if I ask them to upgrade.
>
> you see it too dramatic!
>
> the keys are compatible with the latest version, there is no problem to
> fear. The current pgp will work in the freeware version very similar to
> the 5.0, so there is no problem at all.
You know, I downloaded and worked with WinPT for GPG to evaluate it.
The WinPT is crap, for my purposes. It's terribly buggy and getting
my friends and family to upgrade is hard enough - but it's simply TOO
BUGGY and TOO UNRELIABLE. So, now I'm left with the question: What
Now?
For me, using GPG is no problem - and I could easily use it for my
purposes, but understand that I've got barely computer literate people
here folks.
If I had the energy, I'd write my own front-end to GPG or use the
crypt library, but as it is right now - the WinPT interface is simply
not ready for prime time. Not by a long shot.
Is there anything anyone could suggest?
I downloaded a small public key VB 6.0 program and it's not ready for
prime time, but it's pretty close to the simplest interface. But it
wouldn't be the way to go because, of course, it's not OpenPGP
compatible.
What to do! What to do???
...jimbo
JamesTracy95820
> oko here detached sig of the pgp5i
Thanks! I'll get on this ASAP. I'm disabled, and today isn't a good
day for me.
But I'll check the authenticity as soon as I'm better.
Thanks again!
...jimbo
JamesTracy95820
> the keys are compatible with the latest version, there is no problem to
> fear. The current pgp will work in the freeware version very similar to
> the 5.0, so there is no problem at all.
With WinPT (GPG front-end) being too buggy for my purposes, has anyone
used the PGP trial/freeware? Zimmerman says it's full freeware and
that people should download it.
What is the consenses about this program? I'm a little leary about
it. They do publish the source code. This would be a case where I'd
probably re-compile it for assurety - but I don't have the time to
review it.
So - my question is: What's the consenses about using PGP from
PGP.com?
Good? Bad? Ugly? Uglyier??
Thanks!
...jimbo
PS: You know - I appologise - I realized I'm getting off topic here.
Maybe later I'll start a thread speciically for the problem of user
simplicy (GPG is NOT simple enough for the general public, and is so
NOT a viable system).
John Wunderlich
news:1772731f-e7ae-4ee7...@r5g2000prh.googlegroups.com
:
> The WinPT is crap, for my purposes. It's terribly buggy and
> getting my friends and family to upgrade is hard enough - but it's
> simply TOO BUGGY and TOO UNRELIABLE. So, now I'm left with the
> question: What Now?
>
> For me, using GPG is no problem - and I could easily use it for my
> purposes, but understand that I've got barely computer literate
> people here folks.
>
> If I had the energy, I'd write my own front-end to GPG or use the
> crypt library, but as it is right now - the WinPT interface is
> simply not ready for prime time. Not by a long shot.
>
> Is there anything anyone could suggest?
>
I use GPGShell.
<http://www.jumaros.de/rsoft/index.html>
HTH,
John
Otto Sykora
>
> With WinPT (GPG front-end) being too buggy for my purposes
well if the winpt in its latest version and gpg is too buggy, then your
pgp5.0 is absolute disaster. There much more bugs in the 5.0 then in any
of the gpg and its front ends. This is why soon after there was a
version pgp5.02 in which many of the serious bugs were corrected. This
is also the reason, why it is not so simple to find the pgp5.0 for
download , this version is of little practical.
, has anyone
> used the PGP trial/freeware? Zimmerman says it's full freeware and
> that people should download it.
the pgp.com does offer you freeware version for download still. You can
use it, the functionality is sure better then your version 5.0.
OK it has nothing to do with Zimmermann any more, it is simply a
commercial company providing a version with somehow scaled down
functionality against what they have for sale.
>(GPG is NOT simple enough for the general public, and is so
> NOT a viable system).
well, gpg is now in full compatible, front ends provided in variety of
flavours for any operating systems, no command line operations needed
any more. Installation automatic like any other windows apps.
Configuration probably more simple then any of the pgp 5.0 versions.
There is also a java based pgp now on sourceforge for download, works
fine on any operating system with java installed, portable, running from
usb stick, comaptible with pgp , gpg or what ever you want, compatibel
with open pgp standard.