PGP and HMG
David Howe
DHowe at Hawkswing.demon.co.uk
Tue, 8 May 2001 15:43:36 +0100
> > So, are you saying that PGP is not of 'government strength' then?
> Actually you could criticise PGP for its complexity. If you have
> something very sensitive to send, you need to encrypt it with
> something that is simple enough to be audited.
Actually I consider the PGP format quite simple - PKencrypt(recipent,
Session key) + SymmetricEncrypt(Session Key, message) for some random
session key.
each of the four components (PKencrypt, SymmetricEncrypt, recipient's Public
Key, Random number generator for Session key) can be tested separately and
heavily without the message coming into the equation at all.