BKOPGPUG.RVW 950530 "The Official PGP User's Guide", Philip Zimmermann, 1995, 0-262-74017-6, U$14.95 %A Philip R. Zimmermann prz@acm.org %C 55 Hayward Street, Cambridge, MA 02142-1399 %D 1995 %G 0-262-74017-6 %I The MIT Press %O U$14.95 curtin@mit.edu %P 127 %T "The Official PGP User's Guide" Aficionados of the ironic must dearly love the story of Pretty Good Privacy. Therefore, it is somehow appropriate that the original, official guide comes as the last of five, following the books by Stallings (BKPRTPRV.RVW), Garfinkel (BKPGPGAR.RVW), Schneier (BKEMLSEC.RVW) and Bacard (BKCMPRHB.RVW). The irony is compounded by the fact that this is basically a printed version of the documentation included with the (2.6+) freeware version of the program, and, therefore, presumably has been available for a while. Still, this work has the advantages of being: (a) the original; and, (b) the smallest of the five. The details of the program operation are the highest priority. Those chapters devoted to concepts are brief, but very cogent. Chapter seven warns against those who are promoting encryption systems which are either untried or known to be insecure. As Zimmermann points out, it is impossible to tell whether an encryption algorithm is strong or weak just by looking at the ciphertext. This is quite apposite to the current marketing of corporate "groupware," and systems for "digital cash". American companies are at a serious disadvantage because of U.S. federal regulations--a disadvantage they try to hide by parading strong algorithms and hiding weak key lengths. Zimmermann does not go into the details of cryptanalysis as do Stallings, Garfinkel, and Schneier, but one can have more confidence in his assessment in chapters ten and eleven than in Bacard's overenthusiastic promises. Those who know the story might expect a diatribe in chapter twelve, "Legal Issues," but-- in another irony--the restrained "just the facts" presentation is probably a more effective argument than any commentary could be. Zimmermann is also prudent in regard to the availability of the freeware version of the program-- but still manages to provide valuable information. No security library should be complete without this book. And, for those who are using the freeware program, ordering a copy would both help you and say thanks to the developer at the same time. copyright Robert M. Slade, 1995 BKOPGPUG.RVW 950530 ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0