why cissp says this about PGP/GnuPG?
Philipp Gühring
pg at futureware.at
Wed Aug 23 12:52:59 CEST 2006
Hi,
> Be warned that the CISSP certification is not universally loved. Many
> people feel that it is of dubious quality.
Are there any facts or reasons against CISSP?
Are there any alternatives?
> > top-secret encryption algorithm; conversely, it is not a good idea to
> > send intercepted spy information using PGP. Each type of encryption
> > mechanism has its place and purpose."
> >
> > I wonder why PGP is not good enough to encrypt spy information?
> Excellent question, given that AES has been certified for use with TS
> material, and the recent SHAs are on the fast track for similar
> approval. I think this reflects more the prejudices of the book author
> and/or the CISSP exam than it does actual reality.
My personal opinion is that PGP was designed to protect normal confidential
data, not to protect spy information. Spy communication has more demand for
steganography (making sure that you don´t even notice the transmission and
not just that you can´t read it), and less demand for "public" key
systems ;-)
Perhaps it is also means that you should not use PGP, but GnuPG instead,
because of the --hidden-recipient function in GnuPG (which is missing in PGP,
if I am not mistaken), which is also an essential feature for spies.
Best regards,
Philipp Gühring
More information about the Gnupg-users
mailing list