Pretty Good Privacy (PGP)

Outline
• History of the software
• How does it work
• How safe is it
• Who is using PGP
• Availability of software
• Alternatives
 Who Created PGP?
• Philip Zimmermann wrote the initial program. He
worked as a computer security consultant in
Boulder, Colorado during the original days of PGP.

• Other programmers around the world have

created subsequent versions of PGP.
• The newest versions of PGP are created by a
California based corporation called Network
Associates, which bought a previous company, co-
founded by Zimmermann, called PGP, Inc.
 What Is PGP?
• PGP is a type of Public Key cryptography.
• It is a computer program that encrypts
(scrambles) and decrypts (unscrambles) data.
• When you begin using PGP , it generates two keys
that belong uniquely to you. One PGP key is
Private and stays in your computer, while the
other key is Public. You give this second key to
your correspondents
• For example, PGP can encrypt the word “Andre”
so that is reads, “457mrt%$354.”
• It can also decrypt this back into “Andre” if you
have PGP.
 How Does PGP Work?
• You take a message and encrypt it, then you send it out and the
message is decrypted to the reader. When a message is sent out, it
also must have a digital signature.This allows persons who have PGP
and my public key to verify that I wrote the document, and that
nobody has altered the text since I signed it.
• Here is an example, Suppose Jane wants to correspond with Fred. If
Jane prepares a message and encrypts it with Fred’s Public Key, only
Fred can decrypt the message using his Private Key. If Jane prepares
a message and encrypts it with her Private Key, then anyone,
including Fred can decrypt the message. But only Jane could have
encrypted the message, therefore the encrypted message is, in
effect,signed by Jane.
• PGP is similar to your telephone number. You can advertise your
Public Key the same way as you do your telephone number. If I have
your telephone number, I can call you, however I cannot answer your
telephone. Similarly, if I have your Public Key, I can send you mail,
however I cannot read your mail.
 How Safe Is PGP?
• Will it protect my privacy?
• Top-rate cryptographers and computer experts have
tried unsuccessfully to break PGP
• PGP’s most knowledgeable users around the world
would broadcast the news at once if it happens
• To date, nobody has publicly demonstrated the skill
to outsmart PGP. (September 1999)
 Aren’t Computers and E-mail
Already Safe?
• Your computer files unless encrypted can be read by
anyone with access to your machine.
• Typical E-mail travels through many computers, the
individuals who run these computers can read, copy and
store your mail.
• Many competitors are highly motivated to intercept your
E-mail.
• Sending your business, legal, and personal mail through
computers is even less confidential then sending the same
material on a postcard.
• PGP is one secure envelope that keeps busybodies,
competitors, and criminals from victimizing you.
 Who Uses PGP Encryption?
• Individuals who are valuing privacy are the ones
using PGP.
• Taxpayers storing IRS records, politicians running
election campaigns and journalists protecting their
sources are just a few examples of individuals using
PGP to keep their computer files and their E-mail
confidential.
• Businesses also use PGP to protect their customers,
their employees and themselves.
 Availability of PGP
• There are many versions of PGP available for use.
DOS, Windows, and various Unixes, Macintosh,
Amiga, Atari ST, and OS/2 systems.
• The versions of PGP are mutually compatible.
• Many versions of PGP are free. Individuals from
New Zealand to Mexico use these versions every
day. They are free from the Massachusetts
Institute of Technology web site.
• The corporate-produced versions of PGP are
normally priced software.
 McAfee PGP Version
• McAfee created it’s own version of PGP that adds some
extra tools for encrypting just about anything.
• McAfee created a new version, 6.5.1 for customers to
purchase now. It is also available in retail outlets for $19.95
and costs $14.95 for current customers to upgrade.
• It has a base level of encryption at 4906 bits, PGP goes far
beyond the security levels in most encryption software.
• Browsers often come with low-level 40-bit encryption keys,
which a hacker can break relatively easily. The more bits in
the key, the more secure your data will be.
• The White House has now approved export of encryption
products of any length, except to a handful of countries.
 Added Features
• McAfee added automated electronic data
shredding, intended to keep hackers from
recovering files that you have deleted or files in
the free space area of your hard drive
• Usually the recipient of an encrypted file needs a
copy of the encrypting software to open it.
McAfee’s program provides self-decrypting
archives, so you can exchange information with
people who do not have PGP
• It also creates an invisible password-protected
drive on your computer to protect information