updated 09:20 pm EST, Fri February 2, 2001
PGP Security has posted PGPfreeware 7.0.3, a major update its security application (for non-commercial use). It brings several enhancements, including AES and IKE support, peer-to-peer VPN on multiple adapters, a new RSA key, key reconstruction options, support for X.509 certificates and many other features. (The commercial PGP Desktop Security 7.0 was released last fall, while a PGP Desktop v7.03 updater was made available earlier this month to registered users.)
Here\'s an annotated list of new features:
- AES support. This release of PGP adds support for the new Advanced Encryption Standard algorithm (Rijndael). AES is the new NIST standard algorithm for the highest security with a 256-bit symmetric key size.
- IKE Aggressive Mode support, which enables users to use usernames/passwords in combination with dynamic addresses to establish a secure VPN connection and IKE Extended Authentication support, which provides the ability to use legacy authentication methods such as RADIUS and SecurID when establishing VPN connections with compatible gateways.
- RSA 4096 support. The new RSA V4 key type now supports the full range of key sizes supported by DH/DSS keys up to 4096 bits.
- PGP 7.0 includes peer-to-peer VPN capabilities that can be quickly enabled on multiple network adapters. It will optionally attempt to communicate via IPsec whenever an IP-based connection is attempted to or from another network device and will optimize performance via new MTU path discovery for adjusting packet size.
- New RSA key format, which offers support for designated revoker, multiple encryption subkeys, and photo ID features (previously only available to Diffie-Hellman key users). PGP will continue to support users who have RSA Legacy keys.
- Key reconstruction feature helps users recover from lost or forgotten passphrases to regain access to their encrypted data after answering five \"personal\" questions.
- Support for using X.509 certificates for secure email and automatic X.509 certificate lookup from LDAP directories.
- PGP now performs automatic, unattended keyring maintenance such as key synchronization, trusted introducer updates, CRL downloading, etc. and alsooprovides an automatic backup feature. It is also able to open to multiple keyrings at once.
- PGP introduces the option of encrypting email, files and ICQ instant messages using Twofish, a relatively new, but well regarded 256-bit cipher. Twofish is one of five finalists for NIST\'s new Advanced Encryption Standard (AES).
- Users now have the option of having files automatically wiped as soon as they are deleted. Version 7 also has significantly improved disk wiping time.