why cissp says this about PGP/GnuPG?

Robert J. Hansen rjh at sixdemonbag.org
Wed Aug 23 08:18:40 CEST 2006

Beff Con wrote:
>    I'm reading a book named "ALL-in-One CISSP Certification Exam
> Guide" by Shon Harris, 3ed.  And in "Chapter 8 Cryptography", I came
> across a paragraph like this:

Be warned that the CISSP certification is not universally loved.  Many
people feel that it is of dubious quality.

> top-secret encryption algorithm; conversely, it is not a good idea to
> send intercepted spy information using PGP. Each type of encryption
> mechanism has its place and purpose."
>   I wonder why PGP is not good enough to encrypt spy information?

Excellent question, given that AES has been certified for use with TS
material, and the recent SHAs are on the fast track for similar
approval.  I think this reflects more the prejudices of the book author
and/or the CISSP exam than it does actual reality.

More information about the Gnupg-users mailing list