However I have a few misc. things to add to the mix.
-a friend of mine who's in the area of our gov't involved with security
tells me that DES is not good anymore and that AES is best to date and that
given enough resources (which I'm sure Bill has) PGP as it stands now
can(/has?) be broken
-also since I use NM(netmeeting and msn messenger) alot...are both these
truely P2P after initial connections are made with other party OR is Bill
"listening"....I will do my own experiments with a sniffer to prove this
out.
Consider that even if "true" P2P after initial connection setup...the
peers could still "call home" with info. My concern is with the tracking of:
voice calls, whiteboard sessions and chat.
-how does one counter that kind of threat----PLEASE NOTE I HAVE INCLUDED
BILL's BUDDIES ON THIS posting as well so we can see what they have to
say.......
Can one :
1) use PGP's VPN capability ...or will this interfere with the app's
2) dump Bill's pervasively intrusive s/w altogether and move to ICQ or
another IM??--would these have same probs?
3) Give up and move back to snail mail :-( ---I hope not!!
Thanks again.
GC
"George Chapman" <gfch...@hotmail.com> wrote in message
news:d79c851e.0202...@posting.google.com...
> Ok I'm a newbie to the area ..I'll admit it now and get it over with.
> My question should be quick for the experts in the area:
> -how secure is PGP7.0.3 or 7.1.1 has any of the crypto stds been broken?
> and which one is the most secure.
>
> My concern is that I do alot of business discussions over hotmail and send
> my encrypted files.. I just Assume Bill is watching...and don't want them
> read!!!
>
> Thanks.
> George
NetMeeting audio/video connnections are P2P ( unless a conference server is
involved) - NetMeeting data connections are P2P2P -- if more than one party
is in the call ( the T.120 protocol at least one party in the call handle
routing for all if more than 2 are in the call)
Messenger IM Messages are P2S2P -- so Bill could be listening (not that he
would care)-- other Messenger operations are P2P.
We successfully used PGPNet with Netmeeting and MS Portrait for secure
communications, confirmed with sniffers. This was with Win 98 and PGP 6.5.8
ckt. After 98 there are no open source IPSec (VPN ) applications available
for Windows (that I know of). The TCP stack in 2k and XP are different. It
is hoped that later versions of CKT will include compatibility with the
2k/XP TCP. Walk throughs and results of those experiments are available for
public download at -
http://groups.yahoo.com/group/PracticalEncryption/files/
Just dodge the damn cookies and the new popups.
The next round of experiments is to try the native VPN in Win2k, SSH
Sentinel (again after its been upgraded) and the IPSec of IPv6. The problem
is they are all closed source as is the PGPNet in the later PGP 7...series
(except for the native IPSec in MS's experimental IPv6 release , but it is
authentication only, no encryption). Some may recommend a hardware solution
with a small router/firewall/VPN configuration but once again, its all
closed. I would avoid Cisco's security solutions as Bamford in his latest
book reports that the NSA has thoroughly compromised their routers.
With IM encryption we found that Spyshield for MS Messenger worked the best
with near transparent encryption/decryption (www.commandcode.com) . It
combines with a previous install of PGP and uses the current keyrings. Once
again the problem is, closed source. If entering a passphrase for an
existing key into such a program makes you nervous, create a throwaway/IM
key.
If none of these approaches appeal, then you may have to go to some open
source combination SSH file transfer and encrypted Voice over IP like
SpeakFreely (www.speakfreely.org).
The only other solution I know of is to set up Linux boxes at each peer you
will be connecting to as gateways for the networks behind, then run FreeSwan
IPSec between the gateways. But an advanced working knowledge of Unix/Linux
is needed as there is no easy install or operation of FreeSwan.
Hope this helps.
Yours-
Ridge Cook
---PGP Keys---
Signing 0x4AF823E3
Encrypting 0x43537711
"George Chapman" <gfch...@hotmail.com> wrote in message
news:%Lde8.1977$tA.3...@news20.bellglobal.com...
<snip>
> Messenger IM Messages are P2S2P -- so Bill could be listening (not that he
> would care)-- other Messenger operations are P2P.
>
Bill, did you ever see the movie ANTI-TRUST. I would think it would be
incredibly tempting for someone in Bill's position to "filter" all traffic
that he could control (via his spin offs and enticing free services--eg.
email) with a list of select keywords (eg. patent; "new concept"..etc.) and
"harvest" whatever he likes from the net.
I have no doubt that the technology exists and it wouldn't take too much
imagination as to how to apply it to circumvent any personal security the
average user could employ.
Take for example:
-capture users keystrokes
-encrypt them (thus circumventing any sniffer)
-timeshift the relay of them back home (so as to circumvent even "smart"
sniffer/firewall combinations)
Steve: what do you think....how would one even concieve of protecting
against this????
> DES is broken. The design for special cracking machines is public knowledge, and
> well within the reach of many to implement.
Cryptographically, DES is not broken. The only known attack against it is still
a brute force attack. However, since the key length is only 56 bit, this can be
done now reasonably fast.
> The original design of DES is also suspect.
It turned out to be optimized against differential cryptanalysis - proving that
the NSA knew this technique before the civilian crypto world.
> The full details of the S-Box were never made known, and it has been suggested
> that some implementations deliberately leak key bits.
Than those implementations are flawed. But the DES code in pgp (used for the
3DES
implementation) is free for anyone to check.
--
ir. J.C.A. Wevers // Physics and science fiction site:
joh...@iae.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html