PRETTY GOOD PRIVACY (PGP) IS PRETTY GOOD
ALL ABOUT ENCRYPTION OF DATA- VOICE SCRAMBLING AND WHY YOU NEED IT
By Ralph Thomas


"
Email is a kind of open book for anyone who wants to take a look."

"Talking on cordless phones or even cellular phones is about as private as broadcasting your communications over a public radio station."

If you are like me, you haven't really payed that much attention to email privacy. I decided to look into it simply because there has been so much talk these days about an encryption program called PGP (Pretty Good Privacy) I found some very alarming facts about email and, after a very short learning curve, found PGP software pretty good.

I started this study by obtaining and reading a book by Andre Bacard called THE COMPUTER PRIVACY HANDBOOK. This book has some very interesting information in it about privacy in general, encryption technology, how to government doesn't really like encryption technology and how they want everyone to use communications encryption and scrambling they can decode and read via a Clipper Chip. That is, the government wants a Clipper Chip in every form of communications we use which scrambles voice communication and encrypts text communication. That's fine and dandy. You have a clipper chip and the party to whom you are sending can decode it. If need be, the government will be able to decode it also. I'm not sure I appose the clipper chip, I certainly see a law enforcement need for it. However, I'm sure you can think about a great deal of abuses of it like I can. The Clipper Chip has become a very big controversy.



The Computer Privacy Handbook Is A Pretty Good Book

The Computer Privacy Handbook goes into depth about the hows and whys of email and why you should just as easily be broadcasting your message over a public radio station. Email is just not secure and anyone with a little computer savvy can intercept email. When sending email without any coding or encryption, it's like sending a letter on a postcard. On it's way to the sender, anyone can read it's contents. When you route electronic mail through the Internet, you don't know how many systems it's going through to reach the addressee. E-mail messages can be entercepted easily, automatically and in a why in which you'll never have the slightest clue someone else read your private message. Scanned e-mail is more common than the average person thinks. People can scan e mail for key words and/or scan for mail tocertain addresses or mail from certain addresses.

The fact that email is a kind of open book for anyone who wants to take a look alarmed me and it should alrm you. What really alarmed me more than that is how the government attempted to suppress this encryption program called PGP.

The book then goes into a detailed discussion of crypto technology and explained the use of a two key system. You have a public key and a private key. You send your public key to people you want to open encrypted messages from you and you, in turn, obtain their public key so you can open encrypted messages from them.

Unless you have worked around encryption technology before, this seems a little confusing at first, the two key system. You will have both a public key and a private or secret key. You give your public key to whomever you want encrpted messages from. They, in turn, give you their public key. When you send a message you want encrypted, you use the person's public key to encrypt. But you have to have both the public key and secret key to decrypt.

Once I got through reading The Computer Privacy Handbook, I felt like I had gained a much needed grounding in computer privacy and encryption. I became so impressed with the book that we have added it to the PI Library.

My next logical step was to obtain PGP software and try this stuff out myself. I first tried to use some of the freeware and shareware programs floating around but quickly found that you need a little user support, you need some of what we might call extensions to use with the software and you need a very good PGP user manual. I have found the this very situation before when I tried to use other freeware and shareware programs. That is, they either made my system crash because they had bugs in it or when they where bug free, they were too hard to figure out without some user support and a well documented user manual.



Here Is One Of Many Dialog Boxes In ViaCrypt PGP
This Dialog Box Is One You Get Right Before You Decrypt A File
Order PGP

You might have a little more luck with some of this freeware stuff. If you do that's fine. I finally ended up getting the best version of PGP on the market through Joseph Seanor's office (cibir@netcom.com) for a little over a hundred dollars called VIACRYPT PGP. I had studied the different PGP bundles you can obtain and picked this one because of the user support you get when you obtain it, it's widely known easy to use setup, the well written user manual and all the other add ons and extensions that come with it.



Another Dialog Box In ViaCrypt PGP Used To Store Public Keys
Order PGP

When you first start to use this software, there is a short learning curve but I found , after a little trial and error by sending out a few messages, obtaining a few public keys of people who were willing to help me on this and then figuring out what went wrong was easy to work through with the manual by my side. Here is one of the first messages I decrypted. I had sent this friend my public key and he sent me his public key. I then got a message back from him that looked like this:

SAMPLE VIACRYPT PGP ENCRYPTION

Subj: First message
Date: Tue, Jun 25, 1996 1:57 PM EDT
From:
X-From:
To: RThomas007@aol.com

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

hIwDrfDL8htQ1j8BA/wMjiPjJbKXvV2ceNsII91zqcw
VYgIUU6z0zH2sBqpAdPu5ngCv5z31LQw64h+D0s
BoqSrZw4QkAIBbat5dKeTFmokUAfAqiVwok7NyM
Qb+6gWi8N2rsduIE82Fawscx8Ml0JpVo5DwA/qcwVC9
MGCh/ptJcOIYatZqaqvwV8jUnoSMA2HWc0IOam/9AQ
QAqGmAFkQUqsa5KHG4v++7Fs8ZGpc+EkIqHs2ze1uEn
YMkIvmIa6jaJMQVmEJX1NCszJvrisXYPH2xInEgDE14Og
4CcHRTlBm8ZeTiSWshtLCZ3CgwOoxXvzj5C9c+ATrpDOX
i9mZhsPMgUZnpeXxOSHG5H78Ateuq7gQzzJQNJCmAAAC
Gu8LBfjgg0G1th2rpzxUfz9BjIhmvaGt+GqVEEQvDJBtysa5y
DAXv1nIF2XNrhxNqzlOIn74dHwwcVULDPMTgFSmocivt
uym9Pcw3OMEfvaOgENZG+7Fsm6FENgPq4npENdPCsRt
sq9itiqq4gHqOoRPhyKE8ZRrrXWqtWYIjCbEG6UbQDDglD
UjDHt8bIABcLg7w4Q3Msr+Hoom4jdJDu9nqTBbr89RSXx3s
6EOGYbaK+/kYClu7sNcflUC71v9D3Mrmxi31wHMBVjwIo
28YnVvGDFLmaIhBc/j74kOLOfj/2itLdqWnR3XThUPOmQluy
PwM7ETuBivqQQ3+4B8IgLcjw7tl3CIi04RRpA6yHAeMxHi/z
UMLgWBUOsSdX41ttYErSnOV+pRdOrg4ljh9E9OwGJInvh
0PWQFXhrWP97IHy9ugq2LpUvnVhVLLDgH2NSKiQZsN8K
39YgU/dIGwYZWLZApM/YjwkigJ6NUJrwLZPbdceS7M86L3r
2fvsEwrAqeqNDt4S/eQGf1wXVUxiOA9SblZxIyXsy/XyK3rJfz
HFRzFHHC4gFJULql+0pvJJW3MD5JMW3rlXJwgbdVQDGM
f18/WpTEWZ7Yk3rcLzyqdMll2jnM8th0RMltiX5eDouKvMr2PP
/dr/2ctQiGDF8LL1UOUkyjnmk5MalWy+mEHuYZCwl6YPYo/
vwsUlj0RNl1/c738H+qJM==xriH

-----END PGP MESSAGE-----

(GEE WIZ-TRY RUNNING THE ABOVE THROUGH YOUR SPELLING CHECKER!)

With his public key and my public key and secret key, the sender simple sent me the above crypted message that only I could open and decode. Once decoded the message read:

Hello Ralph. Your message with attached file was encrypted conventionally , so without a pass phrase, I can't read it. Your message with public key was ok, and I added it to my public key ring. You need to sign your key and when you do, please send it again.

Did you get my public key and did you add it to your public key ring? I am using PGP Windows Shell here but also know how to use the DOS commands. Let me know if you decipher this. Then we can talk about other things if it is ok with you.
Regards,

Jeff


Through a little trial and error, I was able to quickly start using PGP with ease. This software has some other features that is very nice. You can select options in which the file you send can only be opened one time and then not saved to another file. As you can see by reading the decrypted message, I had not signed my key so Jeff could utilize decryption on his end to decode my original message. I also used the wrong type of encryption which was then corrected. The second try, everything worked well. It took maybe two or three hours to install this program and learn how to use it but I have found it well worth the protection you get.

After a little time and effort, I was able to configure the software correctly and sent this message:

SAMPLE VIACRYPT PGP ENCRYPTION

-----BEGIN PGP MESSAGE-----
Version: 2.7.1

hIwD0MUFXHrA77UBBADqsMfIv2m7aJCE7oqg3LP8sElZklAtjgQzi9j
DzzgR5MUG588cqjWI1hVKfk4O1+nlWoWs9TFmP04C9xfxXaFL4RCg
gX7bydtakyb2Ov8E6Oxkyi5IxJgcL6E/93KlOiVYDGOuZsV7ykMihm5O
doOvBYTj5nc4Mo7/+AlvwxPPw6YAAAHW4uVLyE0TGSWWa63JL0s
x3Mg+fckrUrJge+qmX2Rx6SzbvTir5KyWNDrUuIKOlBRCf4YHHWFw
oQoUYFa7t7aQ6WnB5qoywBKWWCVUQJpzr7y3ZT0W1wFFwmpn
4968x9hWd3NNmw4V5hritQjW/F0coUAJC+MMbMZCkGqDYqko22oft
DhOLVtJBtfIZkLCu/Ke0+YKOCKRP18NdeT7zOfwTVqndUqys7oC8iVhI
AOg9N63/OHnMEXHdA10vkN0e7j4jKxHl5qDIeXkhsxGHvfTTpHqb1yIV
pRoh+1cWMO+fw/DQVJqXzjF0ebpsE89NBgwzHYUZAtofVuEc9TSUp/9
ZBY670qcGol36ULz8hdXmhiB/s0l8w9LtphTvOP2sJxb+puHtAS9J2Rl6TgK
eX4XQcQRPElXrg5IyeD5vl6n2YAyUrHXpUUlUKup2gx6V569eg+uccDGY
LulXgihsizGexc6LduRRb8rHx4wsici2LQZNeqNJZ8eByHwMXddXw0OQy
RwVUA/dNSYU78mvS/uAoe2qK86NpYsevY/o6KWrRxbeF6FkOdpcqbYNisq
FORENpIMAaZX9RoLcZSQoqDQ3PA/TJo18PgPrSYx+Pq6GlGT730GKw
E= =EHt7

-----END PGP MESSAGE-----


Decrypted by the other party, it reads:

OK BY GEORGE:

I think I got this this time. This PGP ViaCrypt software is nice. Took an hour or so to figure out all these buggy things you have to do first but it's likely just me getting use to this new program.
If you are reading this you have decrypted it. Please let me know.

Ralph Thomas
NAIS

http://www/pimall.com/nais/home.html



You have several levels of encryption you can use. The manual states that the higher level of encryption you use, the longer it takes to decode and open files but I found that coding and decoding higher level encryption doesn't take hardly any longer if you are running a computer at 75 Mhz or above. It make make somewhat of a difference if you are running slower machines. When you create your RSA keys, this program asks you the following concerning your key:


I tried all three and on a 75 Mhz machine, it didn't seem to make much difference as to speed unless you get down to measurements in seconds.

The other nice thing about this program is it is completely password protected and the manual goes to great lengths on how to develop a good password that would be very difficult to crack. Unless you know the password, you can not use ViaCrypt PGP. Moreover, I keep another password protection program that locks the actual file in which my PGP resides. Still further, there is a password boot lock. What all that means is that if you happen to break into the place where my computer is located and try and use my PGP, you'll have to:

  • 1) CRACK THE PASSWORD ON SYSTEM BOOT
  • 2) CRACK THE PASSWORD ON THE UTILITIES FOLDER
  • 3) CRACK THE PASSWORD TO GET INTO MY PGP

  • That's all just extra addded protection from a physical security standpoint. An alarm will be going off long before anyone could ever attempt to crack the first code.


    One of the strange little twists of PGP is that the US Government does not want these programs exported outside the USA. That means, of course, that PGP must work pretty good. Can the files be decoded? Given enough time and money likely they can. In fact, a group of 900 people who worked on individual parts of a message were able to crack PGP codes in something like nine months. I'd say that's still pretty good privacy. If it takes 900 people nine months to crack such an encryption code, I would feel fairly safe. If, one the other hand, you are still worried about something you send across the internet being able to be cracked with 900 people in nine months, that type of stuff doesn't belong on the Internet in the first place.


    AND SOME IMPORTANT INFORMATION ON VOICE PRIVACY

    Voice communications can also be very important. Everyone should know that telephone lines can easily be tapped into with today's technology by anyone with a twenty dollar bill. Despite the fact that it's illegal, it's widespread. With a inexpensive scanner and attached tape recorder, anyone can tap into and record your wireless communications these days over wireless telephones and cellular telephones. Recently federal government codes took effect that ban all scanner equipment that scan cellular frequencies. Although you can no longer walk into Radio Shake and purchase a $79.95 scanner that will scan cellular frequencies, this type of equipment is still widely available and scanner frequency ranges are easy to modify.

    SAMPLE VOICE SCRAMBLE CONVERTED TO TEXT

    Bob did you get that contract I sent you?


    verfrom tital sanko lang juvcom etkumm


    Just like email can become an open book when sent across the internet, voice communications over telephone lines can also be an open book. Talking on cordless phones or even cellular phones is about as private as broadcasting your communications over a public radio station. Just like PGP will scramble your text messages, voice scrambling equipment is easy to use and moderately priced.



    High Quality Portable Voice Scramblers

    If you want to impress and new or important client, give them a portable voice scrambler to call you on. Not only are you insuring communications between you and your client, your client is going to be very impressed. You are telling the client that you are concerned about the privacy of their case and are giving a level of secure telephone communications to them. Every time I have done this in the past, a large percentage of clients evidently ask where they can obtain some of these voice scramblers.

    RELATED LINKS
    REVIEW NEW BOOK SUBJECT ON COMPUTER INVESTIGTIONS FOR THE PI
    REVIEW COMPUTER PRIVACY HANDBOOK
    REVIEW VOICE SCRAMBLER AND OTHER PRIVACY EQUIPMENT
    READ REVIEW OF VIACRYPT PGP SOFTWARE
    REVIEW ALL KINDS OF PRIVACY PRODUCTS

    RETURN TO NAIS NEWSLETTER MENU