Comparison of GnuPG & NAI/PGP features.

L. Sassaman rabbi at quickie.net
Sat Jan 8 02:49:24 CET 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 7 Jan 2000, Werner Koch wrote:

> On Fri, 7 Jan 2000, Simpson, Sam wrote:
> 
> > I note that the GnuPG web page says: "Better functionality than
> > PGP and some security enhancements.".  Apart from more algorithms
> > & better ability to select algorithms, what does this mean????
> 
> * You have the real source code and everone is able to build the
>   executable from this source.  I am not sure whether you can do 
>   this with the PGP books and noone can be sure that these books
>   reflect the actual PGP executables delivered by NAI.
> * Stores secret keys in a memory area which will not be swapped
>   out to the disk. 
> * All operations involving confidential material (session keys, some
>   hashs, secret keys, intermediate results) are althoug done in this
>   memory area.
> * It can use ElGamal for signing by creating all ElGamal keys in a
>   secure way.  Uses this algorith even for DSA keys, just in case.
>   I think PGP now uses the same Lim-Lee algorithm now and I am not
>   sure whether this is at all an advantage.
> * It never uses any temporary files.
> * Has quite a lot of features you expect from a Unix tool.
> 
> > I have constructed a (very) small table to compare the algorithms
> > available, it's at: http://www.scramdisk.clara.net/compare.html 
> 
> Please get this Skipjack out of the list.  It whish I never wrote this
> module - it used to be just an experiment.

Not that I use it, but what exactly is wrong with it? Has there been a
successful cryptanalysis, or are you just wary of anything NSA?
 
> As I only have this 6.5.1 pgp here and it even refuses to create keys
> with a message saying it can't open the keyrings  (although strace show
> that it indeed opens them), I don't know what this SHA-1x is.
> 
> -- 
> Werner Koch at guug.de           www.gnupg.org           keyid 621CC013
>   
>      Boycott Amazon!  -  http://www.gnu.org/philosophy/amazon.html
> 
> 

__

L. Sassaman

System Administrator                |  "I've done my sentence
Technology Consultant               |   But committed no crime..."
icq.. 10735603                      |   
pgp.. finger://ns.quickie.net/rabbi |    --Freddie Mercury, Queen







-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE4duwNPYrxsgmsCmoRAln2AJwIoowPjNgtomgp2UkOVg6+uFTdoACg8B4B
k1XnNSiych7DS/I1yiCx834=
=8de8
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list