Stories
Slash Boxes
Comments

SoylentNews is people

Why Johnny Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client

posted by martyb on Sunday November 08 2015, @02:06PM   Printer-friendly
from the Wbuaal-qbrf-abg-rira-haqrefgnaq-EBG13 dept.

Phoenix666 writes:

This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after "Why Johnny Can't Encrypt," modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.

The PDF of the study can be found here.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Johnny Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client | Log In/Create an Account | Top | 69 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by JoeMerchant on Monday November 09 2015, @01:32PM

    by JoeMerchant (3937) on Monday November 09 2015, @01:32PM (#260753)

    The passphrase is as secure as Bob makes it, but you know how Bob is a whiner about long passphrase requirements.

    The passphrase is used to scramble Bob's private key before it goes to the server, and unscramble it when it rains back on him from the cloud. Bob's scrambled private key is known to an attacker, but such attacker would have to guess passphrases and try the resulting private keys on sample messages to determine if they have guessed correctly or not. If we can keep Bob secure from dictionary attacks and get his key length up around 12 characters from a 50+ alphabet size, 2x10^20 codes take a while to plough through.

    Bottom line, like Apple these days, they won't have the private key.

    --
    🌻🌻 [google.com]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Monday November 09 2015, @04:33PM

    by Anonymous Coward on Monday November 09 2015, @04:33PM (#260813)

    People are horrible at choosing passphrases.

    They over-estimate the entropy they are using.

    Search for "Brainwallet" for examples with money on the line.