Slashdot Mirror
PGP & GPG
Ben Rothke writes "PGP (Pretty Good Privacy), as most Slashdot readers know, is one of the most popular software encryption programs ever. It is so good and so effective that in the early 1990s the FBI launched a multi-year investigation against Phil Zimmerman, the creator of PGP, for possible violation of federal export laws, especially ITAR (International Traffic in Arms Regulation). After many years of investigation, the FBI ultimately dropped its case against Zimmerman. Even though PGP is synonymous with end-user encryption, there have only been a few books written on the subject. Jump to 2006, and PGP & GPG: Email for the Practical Paranoid is a welcome title." Read the rest of Ben's review.
PGP & GPG: Email for the Practical Paranoid
author
Michael Lucas
pages
216
publisher
No Starch Press
rating
8
reviewer
Ben Rothke
ISBN
1593270712
summary
Pretty good overview of PGP & GPG
On page 167 in Appendix A of the book, the author candidly writes that PGP "comes with a very good and complete manual at over 300 pages". With that, one may question why one would spend $24.95 on a book which covers much of the same information as the bundled documentation.
The reality is that there is a large class of people that will simply not read any form of documentation. Rather, they prefer something with an ISBN number. Such people are a boon to authors (of which I am one) and publishers. For that group, PGP & GPG: Email for the Practical Paranoid provides a pretty good overview of how to use PGP.
The book is written for an end-user who, while comfortable with the workings of technology, is new to the sometimes strange world of public key cryptography. The author writes in an easy-to-read style and, through repetition, inculcates the principal ideas of encryption and cryptography to the reader.
The introduction and first chapter provide a good presentation of the concepts of encryption, cryptography and public-key cryptography. The idea of public-key cryptography, on which PGP is based, is not so intuitive, and many people struggle with the basic concepts. The first chapter, appropriately titled 'Cryptography Kindergarten' is a good read for those who are public-key cryptography challenged.
On a side note, the notion that even smart end-users can be intimidated by public key cryptography was detailed in a now seminal research paper 'Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.'
The premise of the paper is that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. The authors argue that effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. The authors conclude that PGP 5.0 is not usable enough to provide effective security for most computer users despite its attractive graphical user interface. Even though PGP is in version 9.x, it still suffers from usability flaws.
Cryptography purists may recoil when the author repeatedly uses the term 'military-grade encryption.' Military-grade encryption and military-grade cryptography are overused terms, most often by marketing departments, but there is no real definition of 'military-grade encryption' -- and even if there were, it would be classified. Most people use 'military-grade encryption' to mean really strong crypto, much like those who use the term 'Olympic-size swimming pool' to refer to a really large pool. But the term 'military-grade encryption' is so misused by so many people that it is a lost cause to try to fight it.
In the rest of the book, chapters 2 - 11, the author details the varied usages of PGP & GPG. The book also details the differences between OpenPGP, PGP and GPG.
The difference between them is that PGP is a commercial piece of software, GPG (Gnu Privacy Guard) is open source, and OpenPGP is a protocol that defines a standard format for encrypted messages, signatures, and certificates for exchanging public keys.
The author astutely writes that while PGP provides really strong security, this is only if, and this is a huge if, it is implemented correctly. Chapter 11 notes that although OpenPGP provides a reliable method of authentication and encryption, it is also not unbreakable. OpenPGP can be vulnerable to many different types of attacks and weaknesses, including poor implementation, hardware or software compromise, fake keys and more. It is important to realize that OpenPGP provides significant, but not unbreakable security.
At 180 pages and priced at $24.95, PGP & GPG: Email for the Practical Paranoid is an excellent book that shows the end-user in an easy to read and often entertaining style just about everything they need to know to effectively and properly use PGP and OpenPGP.
For those that want to save money and perhaps save a few trees, the free documentation that comes along with the product is similarly worth reading.
You can purchase PGP & GPG: Email for the Practical Paranoid from bn.com.
Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
On page 167 in Appendix A of the book, the author candidly writes that PGP "comes with a very good and complete manual at over 300 pages". With that, one may question why one would spend $24.95 on a book which covers much of the same information as the bundled documentation.
The reality is that there is a large class of people that will simply not read any form of documentation. Rather, they prefer something with an ISBN number. Such people are a boon to authors (of which I am one) and publishers. For that group, PGP & GPG: Email for the Practical Paranoid provides a pretty good overview of how to use PGP.
The book is written for an end-user who, while comfortable with the workings of technology, is new to the sometimes strange world of public key cryptography. The author writes in an easy-to-read style and, through repetition, inculcates the principal ideas of encryption and cryptography to the reader.
The introduction and first chapter provide a good presentation of the concepts of encryption, cryptography and public-key cryptography. The idea of public-key cryptography, on which PGP is based, is not so intuitive, and many people struggle with the basic concepts. The first chapter, appropriately titled 'Cryptography Kindergarten' is a good read for those who are public-key cryptography challenged.
On a side note, the notion that even smart end-users can be intimidated by public key cryptography was detailed in a now seminal research paper 'Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.'
The premise of the paper is that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. The authors argue that effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. The authors conclude that PGP 5.0 is not usable enough to provide effective security for most computer users despite its attractive graphical user interface. Even though PGP is in version 9.x, it still suffers from usability flaws.
Cryptography purists may recoil when the author repeatedly uses the term 'military-grade encryption.' Military-grade encryption and military-grade cryptography are overused terms, most often by marketing departments, but there is no real definition of 'military-grade encryption' -- and even if there were, it would be classified. Most people use 'military-grade encryption' to mean really strong crypto, much like those who use the term 'Olympic-size swimming pool' to refer to a really large pool. But the term 'military-grade encryption' is so misused by so many people that it is a lost cause to try to fight it.
In the rest of the book, chapters 2 - 11, the author details the varied usages of PGP & GPG. The book also details the differences between OpenPGP, PGP and GPG.
The difference between them is that PGP is a commercial piece of software, GPG (Gnu Privacy Guard) is open source, and OpenPGP is a protocol that defines a standard format for encrypted messages, signatures, and certificates for exchanging public keys.
The author astutely writes that while PGP provides really strong security, this is only if, and this is a huge if, it is implemented correctly. Chapter 11 notes that although OpenPGP provides a reliable method of authentication and encryption, it is also not unbreakable. OpenPGP can be vulnerable to many different types of attacks and weaknesses, including poor implementation, hardware or software compromise, fake keys and more. It is important to realize that OpenPGP provides significant, but not unbreakable security.
At 180 pages and priced at $24.95, PGP & GPG: Email for the Practical Paranoid is an excellent book that shows the end-user in an easy to read and often entertaining style just about everything they need to know to effectively and properly use PGP and OpenPGP.
For those that want to save money and perhaps save a few trees, the free documentation that comes along with the product is similarly worth reading.
You can purchase PGP & GPG: Email for the Practical Paranoid from bn.com.
Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
That was the most difficult google search I've ever done ... Gnu Privacy Guard
Want a high quality FOSS RTS game? Try Warzone 2100!
Just the other day I saw the following on the website of an author selling her own book directly:
Sigh...
Secession is the right of all sentient beings.
>I don't know any compgeek that uses PGP, or anyone that uses it to encrypt their mail.
-----BEGIN PGP MESSAGE-----
Version: PGP for Personal Privacy 6.0
qANQR1DBwU4DA/vEixf2Zr4QB/95c5uv6mCv4yYel3qStiha bGzW7Ekfi4STPs1T
CJf/fgp3S0SHUFmCgJXL4QNdkoo37wdVD/4v5xWWj7tXPfA2KQ 8bYueHIWp8QXIx
TIxxRIQhw/69WXT/RAAtRBdvFPfucphQZ8xSxOc6gPlMYnPOVC PjXqXaZcZXwk8R
Cv9yICy+S8ipGiGb3miPOfvqv/FAOT/uVCHv/VGrVJhDD29xfM 7TWk25LLXlbQW5
pOjgO30DNdbdhQMdsOSmQXTQdRDJDjbwQeWWk3CFZtpLmlbjXL U0hvZ7PtAGlQKh
iIboJl+HM+jsEtHurqmgXR1+NQdqziBDOxUvQ29lJre6qi8+CA DHyCy+S6x2ZBfN
1qHt+3Hs6/AtF9q+auA1s6YbL2V2zyLKP8SHtA3foIORcyg325 Ki9ddME9VbVjN1
uirr01V3FwhdHdFBuPUDXF2270GPvdmoQDoUMpGOkLvr34ZeEK t9gmhzJlwVjkjS
O/bwGWpml6qESWbS1xBJfxwzbT6KCpKqCmEVg1DC7U1MsKsC8y QHzsnRFpbr7jfW
40J/sDhmdu+2TnXNwflBeBVRU80wc+rqO2VD6apUSmcBj2b/U0 6fG/Py5c/F468l
56BJmIchgC24y6/q9Jm6fqjb6+C3Wg1bIRF15gp9giX8wBuFzx PvaOmVqf/I0fVk
va1o+83bycDBYsLDcK82knA1ByPJpFfr0/7zZH6L6hApcBQGin WNDIy6XHNzCiFl
VdL/KQzMBZs880m9ECKVfdhmfaH4ai9venAQi7vD3iSF2ZQ7Xl jVUtp3v6vcLNAD
UqNXJ6a7rux5a10ao3GDtt0szqu+UxmH/+SVvIG7Hlp5Ygv+TX bTjVccBZoBhCj1 /2/gY3UeodNBJcLTdzY1trjx/cgSkF/gcts6/BlSyEmihM5pYM kJvLUk1a/HtZt8
uu1mfZJbwfDD+1SDmUaCJEYdijVn7HMjM0WB2tH87SP3xFMKvs qb5IT343ihgljo
TGrfjKRU2EWnFeTaRk3ON5+c4zE7a4IQCUJd9qjwUt5U+Owv9i s/Zz8QxPSqDfC0 /t4P1C7eRBShaoDq30PotjK+gZP7P40vgRsrTVB0Hm08H1xitM xYy8uC2sqYKIwi
gZYknFR7S02OVdQk6eCXVco7otVd1Zgk5tE1mgi48t+1FuPUUE yc3Q19dZM6m2Xx
GQjhuVGlF8fnDw==
=l9MK
-----END PGP MESSAGE-----
Oh, and there is a place for your public key on your /. page.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Wait a minute...how do we know you're the real Michael Lucas? :-)
So a large class of people prefer to read, what, barcodes??
|/usr/games/fortune