Saturday, January 24, 2015, 04:00 PMWhile looking for Symantec PGP 10.x alternatives, I started to think about using old versions of PGP, too. At least the ADK problem should be fixed (see http://senderek.ie/research/security/ke ... ments.html ), so I had to start with 6.5.8ckt or newer.
Posted by Administrator
Posted by Administrator
Unfortunately PGP 7, PGP 8 (which I think personally was the best of all) are not really working in Windows 7, and PGP 9 and newer can be used, but should not be used due to considerations about trusting Symantec (they will cooperate with the NSA for sure and they offered the source only 'til version 10.0.1 from 2011, but they offer and deliver newer versions meanwhile only without source code review possibility).
Also, I read some dumb comments additional keys in the NAI versions.
So I started with the original 6.5.8 PGP version from NAI.
The PGP Memory Page Locking Driver does NOT work with Windows 7, but the programs are still running, if you're giving them administrative rights (that problem is unfortunately not solved yes, but it depends from the installation directory and because this version wants to write his keyring by default into the program directory).
You can fix this by setting a registry value to 1 (the name of it: ClearPageFileAtShutdown), so you can be sure after shutting down the PC, the pagefile is at least cleared.
I created a PGP keypair and encrypted a file (with "PGP tools").
After that, I uninstalled the original PGP 6.5.8 and installed Imad R. Faiad's "ckt build" version 8 (and later 9b3, which shows 9b2, a bit weird), using the already created key. It gaves exactly the same result.
Then, I created a new key (with similar parameters) and encrypted again the above used file. Again the resulting file had at least exactly the same size.
Just for testing purposes, I added an additional key - again with the same file.
I got a different file size for the encrypted file - as expected.
So I can't see any difference between using the NAI version and the "ckt builds".
But you have to use the "ckt builds" for two reasons at least:
There is no ADK weakness in the "ckt builds" (see above) and you can use much longer keys, although most of the cryptographers say, more than 3072 bit key length is wasted effort.
Meanwhile it's a bit difficult to get these ckt builds as a binary.
Try it with the "related link" below, at least you can search the web for "pgp658ckt09b3.zip" and/or "pgp658ckt08.zip", and for the source try to search for "pgp658ckt08s.zip".