w32 installation paths (C. D. Rok)

[vedaal at hush.com]

>Message: 3
>Date: Tue, 16 Nov 2004 00:55:38 +0000
>From: "C. D. Rok" <cedar at 3web.net>
>Subject: Re: w32 installation paths
>To: gnupg-users at gnupg.org
>Message-ID: <4199500A.50807 at 3web.net>

>Is there any reason to believe that with the right choice of
>cipher and key length 2.6.3a multi 6 would be cryptographically
>less secure than the current PGPG's?

even in multi 6,
the keys must be signed using md5

[and sadly, Disastry is no longer with us to fix this :-(((  ]

so there is some concern that all key trust for v3 keys may become 
compromised to the level that only securely exchanged keys from 
known correspondents, can be trusted

the primary reason for some diehards
(not me, but respected cryptographers)
trust only 2.6.3,
is that it is the only one that they personally have gone over the 
source code

gnupg, which almost everyone agrees is much better and more secure
than any other pgp implementation,
{+/- elgamal signing issues),
has a source code at least an order of magnitude larger than 
Disastry's 2.6.3,
and if the cryptographers haven't been with gnupg since the 
beginning and gone over each of the diffs,
it is too much to check all at once now


with regard to the wipe function in 2.6.x,

it is not as good as Eraser,
and may not work in xp on the ntfs file journaling backup system

even if you need to boot from a floppy and wipe,
Darik's boot and nuke is excellent,
(but is 'all or none' 
[all hard drives, or nothing,
no ability to wipe just one file]

so, besides communication with other pgp 2.x user's
who insist on only 2.6.x,

gnupg is much more secure


vedaal



Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427