THE WHATIS.COM WORD-OF-THE-DAY August 20, 2002 Pretty Good Privacy ______________ TODAY'S SPONSOR: VeriSign - The Value of Trust
Secure all your Web servers now - with a proven 5-part strategy. The FREE Server Security Guide shows you how to deploy the latest encryption and authentication techniques, deliver transparent protection with the strongest security without disrupting users, and more. Get your FREE Guide now: http://WhatIs.com/r/0,,5063,00.htm?FreeGuide ______________ TODAY'S WORD: Pretty Good Privacy See our definition with hyperlinks at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214292,00.html Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. Available both as freeware and in a low-cost commercial version, PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders. How It Works PGP uses a variation of the public key system. In this system, each user has a publicly known encryption key and a private key known only to that user. You encrypt a message you send to someone else using their public key. When they receive it, they decrypt it using their private key. Since encrypting an entire message can be time-consuming, PGP uses a faster encryption algorithm to encrypt the message and then uses the public key to encrypt the shorter key that was used to encrypt the entire message. Both the encrypted message and the short key are sent to the receiver who first uses the receiver's private key to decrypt the short key and then uses that key to decrypt the message. PGP comes in two public key versions - Rivest-Shamir-Adleman (RSA) and Diffie-Hellman. The RSA version, for which PGP must pay a license fee to RSA, uses the IDEA algorithm to generate a short key for the entire message and RSA to encrypt the short key. The Diffie-Hellman version uses the CAST algorithm for the short key to encrypt the message and the Diffie-Hellman algorithm to encrypt the short key. For sending digital signatures, PGP uses an efficient algorithm that generates a hash (or mathematical summary) from the user's name and other signature information. This hash code is then encrypted with the sender's private key. The receiver uses the sender's public key to decrypt the hash code. If it matches the hash code sent as the digital signature for the message, then the receiver is sure that the message has arrived securely from the stated sender. PGP's RSA version uses the MD5 algorithm to generate the hash code. PGP's Diffie-Hellman version uses the SHA-1 algorithm to generate the hash code. To use PGP, you download or purchase it and install it on your computer system. Typically, it contains a user interface that works with your customary e-mail program. You also need to register the public key that your PGP program gives you with a PGP public-key server so that people you exchange messages with will be able to find your public key. Network Associates maintains an LDAP/HTTP public key server that has 300,000 registered public keys. This server has mirror sites around the world. Where Can You Use PGP? Originally, the U.S. government restricted the exportation of PGP technology. Today, however, PGP encrypted e-mail can be exchanged with users outside the U.S if you have the correct versions of PGP at both ends. Unlike most other encryption products, the international version is just as secure as the domestic version. The freely available PGP cannot legally be used for commercial purposes - for that, one must obtain the commercial version from Network Associates (formerly PGP, Inc.). There are several versions of PGP in use. Add-ons can be purchased that allow backwards compatibility for newer RSA versions with older versions. However, the Diffie-Hellman and RSA versions of PGP do not work with each other since they use different algorithms. RELATED TERMS: digital signature http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html freeware http://searchsolaris.techtarget.com/sDefinition/0,,sid12_gci212159,00.html public key http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212845,00.html encryption http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212062,00.html private key http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212830,00.html algorithm http://searchvb.techtarget.com/sDefinition/0,,sid8_gci211545,00.html Rivest-Shamir-Adleman http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci214273,00.html IDEA http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213675,00.html MD5 http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci527453,00.html ________________________ SELECTED LINKS: SearchSecurity.com offers selected links to more information about Pretty Good Privacy. http://searchsecurity.techtarget.com/bestWebLinks/0,,sid14_tax281916,00.html The home of PGP is now at Network Associates. http://www.nai.com/ You can find out more about PGP and also download the current version from the International PGP Page. http://www.pgpi.com/ SearchEBusiness.com offers information about the use of PGP in Internet commerce. http://searchebusiness.techtarget.com/bestWebLinks/0,,sid19_tax283037,00.html ______________________ RELATED NEWS | Beware of PGP 'con job' The recently announced security flaw in PGP (Pretty Good Privacy), the popular e-mail encryption software, relies more on social engineering than a glitch in the actual technology. It won't wreak havoc unless a user is tricked into hitting the reply button. News writer Edward Hurley spoke with Jonathan Callas, the principal author of the OpenPGP standard, about the flaw and how it affects users. http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci844562,00.html ______________________ WHATIS DISCUSSION FORUM | Challenge #12: Defraggers Anthony, an end-user on a large enterprise network, began to notice a significant decrease in performance on his six-month-old Win2000/XP machine. Anthony figured he would just run his workstation's built-in defragger, but his network administrator had something else in mind. THE CHALLENGE: How often should workstations be defragged? Is a built-in defragger the best tool for the job? Who is the best person for the job? >> Take the challenge http://whatis.discussions.techtarget.com/WebX?[EMAIL PROTECTED]@.1dcfae0e/105!viewtype= ______________________ QUIZ #7 | Protocols How much do you know about IT protocols? Take our quiz and find out! http://searchsystemsmanagement.techtarget.com/sDefinition/0,,sid20_gci558485,00.html ______________________________ RECENT ADDITIONS AND UPDATES [1] characteristic impedance of free space http://whatis.techtarget.com/definition/0,,sid9_gci845268,00.html [2] pixelation http://whatis.techtarget.com/definition/0,,sid9_gci844539,00.html [3] vertical line http://whatis.techtarget.com/definition/0,,sid9_gci844400,00.html [4] messaging http://searchsystemsmanagement.techtarget.com/sDefinition/0,,sid20_gci212554,00.html [5] HDCD http://whatis.techtarget.com/definition/0,,sid9_gci843768,00.html ____________________________________________________________________ ::::::::::::::::::: WHATIS.COM CONTACTS ::::::::::::::::::: LOWELL THING, Site Editor ([EMAIL PROTECTED]) ____________________________________________________________________ MARGARET ROUSE, Assistant Editor ([EMAIL PROTECTED]) ___________________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER ::::::::::::::::::::: Published by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you would like to sponsor this or any TechTarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] Unsubscribe from 'Word of the Day' - Simply Reply to this Email with REMOVE within the Body or Subject > or - Go to: http://WhatIs.techtarget.com/register - Log in to edit your profile. - Click on the link to Edit e-mail subscriptions. - Uncheck the box next to the newsletter you wish to unsubscribe from. - When finished, click "Save Changes to My Profile."