From owner-freebsd-questions  Thu Mar 16 14:56:22 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from horst.bfd.com (horst.bfd.com [12.9.219.10])
	by hub.freebsd.org (Postfix) with ESMTP id 2058C37BA77
	for <freebsd-questions@FreeBSD.ORG>; Thu, 16 Mar 2000 14:56:18 -0800 (PST)
	(envelope-from ejs@bfd.com)
Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14])
	by horst.bfd.com (8.10.0/8.10.0) with ESMTP id e2GMtxv74498;
	Thu, 16 Mar 2000 14:55:59 -0800 (PST)
Date: Thu, 16 Mar 2000 14:55:59 -0800 (PST)
From: "Eric J. Schwertfeger" <ejs@bfd.com>
To: goodleaf <john@home.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Off Topic AND Newbie-ish! Security...
In-Reply-To: <Pine.BSF.4.21.0003161410210.20064-100000@C702312-A.sttln1.wa.home.com>
Message-ID: <Pine.BSF.4.10.10003161446230.19094-100000@harlie.bfd.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 16 Mar 2000, goodleaf wrote:

> Apologies for off-topic post. <sycophant>But the people on this list have
> the highest average competence I know of--mailing list wise.</sycophant>
> 
> How secure is a pkzipped file that has been zipped with a password? My
> company is considering exchanging data, possibly sensitive, with another
> company who wants to "encrypt" by pkzipping to a password. Isn't the
> algorithm for pkzip too well known to be secure? 

I haven't heard of anyone breaking it, but it isn't considered
cryptographically strong, since it's just an XOR algorithm.


> I think they want to use it because they can easily call it from a command
> line; they batch data from their dbase and ship it out to us. They don't
> like human intervention, and pkzip works with batch files. Does PGP (Yes,
> we would pay for appropriate licenses.) have a similar capability? 

Yes, it has that ability.  Also, GPG is a gnu version of PGP that is GPL
and unencumbered, and we use it here for exactly what you're talking about
doing.  Of course, we specified that when sending information to clients,
we would encrypt but not sign the data, as signing would require private 
keys without a passphrase or human interaction.

There is a Win95/NT port, but it wasn't done by the maintainers as far as 
I can tell, so I'm not sure where to find it or if it is command-line
scriptable.  You can find more info on GPG (it's in the ports) at
http://www.gnupg.org/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message