Comparison of GnuPG & NAI/PGP features.

Simpson, Sam
Fri, 7 Jan 2000 11:59:38 +0000

Hash: SHA1


Thanks for the quick answers.   See points in-text below.

> -----Original Message-----
> From: Werner Koch []
> Sent: 07 January 2000 11:48
> To:
> Subject: Re: Comparison of GnuPG & NAI/PGP features.
> On Fri, 7 Jan 2000, Simpson, Sam wrote:
> > I note that the GnuPG web page says: "Better functionality
> > PGP and some security enhancements.". Apart from more
> > & better ability to select algorithms, what does this
> * You have the real source code and everone is able to build
> executable from this source. I am not sure whether you can
> this with the PGP books and noone can be sure that these
> reflect the actual PGP executables delivered by NAI.
AFAIK the NAI distribution is just a build of the normal files. You can't do a byte-by-byte comparison of the executable though because VC++ includes date/time stamps etc.
> * Stores secret keys in a memory area which will not be swapped
> out to the disk.
A sexy feature, to be sure. I know the NAI/PGP Windows version also includes this feature, but I'm not sure about the UNIX versions...
> * All operations involving confidential material (session keys,
> hashs, secret keys, intermediate results) are althoug done in
> memory area.
> * It can use ElGamal for signing by creating all ElGamal keys
in a
> secure way. Uses this algorith even for DSA keys, just in
> I think PGP now uses the same Lim-Lee algorithm now and I am
> sure whether this is at all an advantage.
> * It never uses any temporary files.
> * Has quite a lot of features you expect from a Unix tool.
> > I have constructed a (very) small table to compare the
> > available, it's at:
> Please get this Skipjack out of the list. It whish I never
wrote this
> module - it used to be just an experiment.
> As I only have this 6.5.1 pgp here and it even refuses to
create keys
> with a message saying it can't open the keyrings (although
> strace show
> that it indeed opens them), I don't know what this SHA-1x is.
This is a "double-width" version of SHA-1, as per Hash Algorithm ID 4 in [RFC2440]. PGP v5.x allowed the verification of signatures using this scheme and some CKT versions allow you to employ this hash as part of a signature. Regards, Sam Simpson Communications Analyst - -- for ScramDisk hard-drive encryption & Delphi Crypto Components. PGP Keys available at the same site. -----BEGIN PGP SIGNATURE----- Version: 6.0.2ckt iQA/AwUBOHXWCu0ty8FDP9tPEQJzTgCg5kbvgMIuZeUPF9DGJQIq0hVjF8oAoLfQ eug6CilRpWeUSkeydaKfxOOR =onlg -----END PGP SIGNATURE-----