Using public-key crypto remains difficult

Pretty Good Privacy, released in 1991, was probably one of the first software packages to make public-key cryptography available for regular users. Until then, crytography was mainly used by banks, soldiers and researchers. Public-key cryptography is a very powerful technique that plays a key role in securing the Internet. Despite of its importance, we still face issues to deploy it to all Internet users. The recent release of Adobe security team’s private key on a public web page is one example of this difficulty, but by far not the only one.

Adobe's private security key Source: https://arstechnica.com/information-technology/2017/09/in-spectacular-fail-ado\ be-security-team-posts-private-pgp-key-on-blog/

In a report published in 2015, S. Ruoti and his colleagues analysed the useability of Mailenveloppe, a popular mail client that includes PGP support. Their results were disappointing since only 10% of the survey participants were able to carry out the tasks that they were assigned to by using encrypted email. We still have a useability problem with public-key cryptography for the masses…

PGP issues

Thanks to Aris Adamantiadis for having highlighted this report on twitter.

Written on September 26, 2017