why cissp says this about PGP/GnuPG?

Philipp Gühring pg at futureware.at
Wed Aug 23 12:52:59 CEST 2006


> Be warned that the CISSP certification is not universally loved.  Many
> people feel that it is of dubious quality.

Are there any facts or reasons against CISSP?
Are there any alternatives?

> > top-secret encryption algorithm; conversely, it is not a good idea to
> > send intercepted spy information using PGP. Each type of encryption
> > mechanism has its place and purpose."
> >
> >   I wonder why PGP is not good enough to encrypt spy information?

> Excellent question, given that AES has been certified for use with TS
> material, and the recent SHAs are on the fast track for similar
> approval.  I think this reflects more the prejudices of the book author
> and/or the CISSP exam than it does actual reality.

My personal opinion is that PGP was designed to protect normal confidential 
data, not to protect spy information. Spy communication has more demand for 
steganography (making sure that you don´t even notice the transmission and 
not just that you can´t read it), and less demand for "public" key 
systems ;-)

Perhaps it is also means that you should not use PGP, but GnuPG instead, 
because of the --hidden-recipient function in GnuPG (which is missing in PGP, 
if I am not mistaken), which is also an essential feature for spies.

Best regards,
Philipp Gühring

More information about the Gnupg-users mailing list