Encryption software ensures messages are for your eyes only

For the security-conscious, PGP for Personal
Privacy 5.0 has better key distribution features and a better graphical interface than its
previous incarnations.

Earlier versions of the encryption package are in use at NASA, the Treasury Department
and some Defense Department offices.

You can now encrypt through the Microsoft Windows 95 or Windows NT system tray or the
Microsoft Internet Explorer file menu. Also, you can directly encrypt or decrypt messages
from within your mail client if you use Eudora Pro or Eudora Lite from Qualcomm Inc. of
San Diego, Claris Emailer from Claris Corp. of Santa Clara, Calif., Microsoft Outlook or
Microsoft Exchange.

If you want to try PCP before you buy, Pretty Good Privacy has released PGPfreeware 5.0
for private use. The company also released PGPcookie.cutter 1.5, which filters Web cookies
used to collect information from your browser about your surfing habits.

PGP encrypts, decrypts and authenticates electronic messages and files via strong
cryptography and a public-private key system. Strong cryptography has 56K or larger keys.

After installing the program, you generate a pair of digital keys. It took me less than
a minute to generate key sets on a 200-MHz Pentium running Windows 95.

Once the keys are generated, you distribute your public key to everyone with whom you
want to communicate securely. Colleagues use your public key to encrypt messages and files
destined for you. You then use your private key to unlock these messages and files.

Your public key can't be used to decrypt messages. Not even senders can use the public
key to decipher messages they encode.

To send an encrypted message, the recipient must first generate a personal key pair and
send you the public key, which you use to encrypt your message. Your own key digitally
signs the message. The recipient then authenticates your messages using your public key.

Because public keys can't be used to decrypt your messages, they can be freely and
openly distributed. A new feature in this version of PGP is the ability to post public
keys to a key server, making them widely available.

Pretty Good Privacy Inc. maintains a key server, currently mirrored on seven World Wide
Web sites around the world. If you prefer, you can set up your own key server. PGP can
automatically search the key servers if you know someone's name or e-mail address.

PGP offers a choice of encryption algorithms for creating key pairs. You can choose RSA
Data Security Inc.'s Rivest-Shamir-Adleman algorithm, a solid, peer-proven plan based on
the mathematical principle that it's easy to multiply two large prime numbers but hard to
factor the numbers from the result.

PGP can also generate keys using the government's Digital Signature Standard and the
Diffie-Hellman algorithm, but such keys won't be compatible with RSA keys. If your
correspondents send you data encrypted with Diffie-Hellman-encrypted messages, they must
have a copy of your Diffie-Hellman key and a copy of PGP 5.0.

In general, it's best to stick with RSA keys if your public key has been widely
distributed.

Pretty Good Privacy's documentation suggests that DSS combined with Diffie-Hellman
offers more secure transactions than RSA. Although the Diffie-Hellman algorithm has been
around for years, PGP has always used RSA.

Pretty Good Privacy spokesman Paul T. Lanyi said the reason for supporting an algorithm
that's almost two decades old is that PGP must pay a royalty to RSA Data Security of
Redwood City, Calif., for each copy of the RSA algorithm distributed. But patents on the
Diffie-Hellman technology expire this fall, so Pretty Good Privacy will be able to use the
algorithm without paying royalties.

Pretty Good Privacy wants the encryption industry to adopt Diffie-Hellman as the new de
facto encryption standard.

Sameer Parekh, president of CDNet Software Inc. of Oakland, Calif., and a developer of
World Wide Web encryption products, said the Diffie-Hellman algorithm is as strong as RSA.
He said both algorithms have undergone extensive peer review and are considered roughly
equal by cryptographers.

Another compatibility issue is the still-evolving Multipurpose Internet Mail Extensions
protocol for secure communications. Pretty Good Privacy's own PGP/MIME has been accepted
as a proposed standard by the Internet Engineering Task Force.

But it's incompatible with S/MIME, a specification that uses an RSA algorithm and is
championed by a growing number of industry players.

S/MIME security relies on set standards for public-key cryptography. Its strength is
interoperability--any two packages that implement S/MIME should be able to communicate
securely with each other.

S/MIME and PGP/MIME take different approaches to make sure you know who provided the
public key and that it is genuine and not tampered with.

Unless you receive a key directly from your correspondent, you have no way of knowing
that the person who signed the key also generated it.

Without a trust system, you could be tricked into corresponding with an impostor.

Trust systems let people you know vouch for the authenticity of public keys. S/MIME
takes a formal, hierarchical approach via certifying authorities for public keys. This
works well in large, structured organizations that have a chain of command.

Some analysts have expressed concern about S/MIME's 40-bit RC2 symmetric encryption
algorithm, because it uses only one key for both encryption and decryption.

PGP/MIME relies on users to establish trust with each other. This "web of
trust" is informal and flexible like the open Web culture. However, trust webs get
hard to manage as users join. The practical limit is about 100 members.

Interoperability between S/MIME packages is elusive. There are several incompatible
versions of S/MIME floating around. For example, Netscape Communicator and Microsoft
Explorer browsers are incompatible.

Fortunately, it isn't an either-or situation. Many applications support both MIME
types. Only time will tell which the market will accept, and both protocols likely will
undergo modification as the Internet community evaluates them.

A 1977 challenge to factor a 429-bit, 129-digit key was met in 1994, after 600
volunteers and 1,500 computers worked on it for eight months.

The Data Encryption Standard, adopted by the federal government in 1977, recently
succumbed to a distributed attack over the Internet that took more than five months of
concerted effort by thousands of users around the world.

They made 8 quadrillion attempts at rates up to 601 trillion keys per day, consuming 10
million hours of time on 14,000 computers to find the right key out of 72 quadrillion
possibilities.

So RSA- and Diffie-Hellman-encrypted messages seem secure, not because deciphering them
is impossible but because it's expensive and time-consuming.

I used PGP to encrypt and decrypt several messages with and without attachments. The
larger the key, the longer it took to encrypt and decrypt. At worst, it took only moments
with single-page documents--even using 4,096-bit keys, the largest PGP supports.

When I tried an earlier version of this product years ago, it took so long that daily
use would have been untenable except for the most sensitive messages. Now you compress the
contents of a file as part of encryption, which speeds things up and adds security.

Some features in PGP 4.5 aren't in 5.0. For example, a corporate master key is no
longer available, and minimum pass phrases aren't enforced. The lack of a Netscape
Navigator plug-in isn't critical because all PGP functions are accessible through the
Windows system tray.

One drawback to secure messaging is that you must maintain two address books--one for
routine communications and a second with key lists for secure communications.

PGP for Personal Privacy is solid for securing information, and it has ample
documentation. Source code for Version 5.0 was only recently released for peer review,
however, so a weakness could yet come to light.

Eudora users should be aware that Qualcomm Inc. plans to integrate a
DSS/Diffie-Hellman-only version of PGP into its mail client. Pretty Good Privacy will
provide RSA capability for $5 more. You won't need to buy PGP 5.0 if you plan to upgrade
your Eudora package--see a beta version at http://www.eudora.com.