Tuesday, 3 November 2015

Research: PGP Tools Still Unsuitable For The Masses

PGP tools for encrypting e-mail messages have been around for years, but are still unsuitable for the masses to use. Researchers at Brigham Young University concluded on the basis of own research (pdf).

For their research they let subjects Mailvelope try a browser extension for encrypting webmail. The reason was for Mailvelope chosen was that it is the only solution that is named by the American civil rights movement EFF and existing webmail services can handle. Also gets positive reactions in the Chrome Web Store. At the trial, 20 participants took part, divided into 10 pairs. The participants were instructed to Mailvelope encrypted via e-mail each other within one hour. Only one pair of pressed herein.

"This shows that the encryption of e-mail using PGP, as implemented in Mailvelope still unsuitable for the masses," according to the researchers. The most common mistake during the study was to encrypt a message using the public key of the sender. Something happened seven couples, including the couple finally did manage to send an encrypted message.Furthermore, three pairs generated a key pair "with information from their friends, and then tried to use public key to encrypt their message.


Despite the criticism, the researchers also show improvement. They advocated for integrated tutorials to guide new users.Furthermore, a simple explanation of cryptography via public keys help users to manage their own keys well and could offer PGP-based tools to automatically for unknown recipients to generate an e-mail with the request to install the PGP software, a generate public key and share it with the sender.

No comments:

Post a Comment