gpg/pgp cli vs 15 years later, why can Johnny still not encrypt?

Bill Stewart bill.stewart at pobox.com
Wed Jan 15 22:17:06 PST 2014


> >> When doing research on email encryption and 
> why it's still not widely used, I've read Alma 
> Whittens "Why Johnny Can’t Encrypt: A 
> Usability Evaluation of PGP 5.0" [1] from '99. 
> I wonder if anyone knows of similar but more 
> recent usability studies on encryption software?

By some time in the mid-00s, Hugh Daniel and I 
could no longer reliably send each other 
PGP-encrypted mail :-)  I wouldn't use the older 
versions of PGP (including GPG which was 
compatible with them), which had the abusable 
bugs in variable-length-field handling that made 
it possible to force PGP to use really weak 
crypto; Hugh would only use the open-source 
versions, not the proprietary Windows-GUI 
versions from PGP Inc., and even the proprietary 
versions were getting less and less 
reliable.  And stubbornness had, ummm, entirely 
nothing to do with either of our 
positions...  And at some point I had a disk 
crash that trashed the current keyrings for which 
I knew the passphrases, and I haven't really tried since then.

Some of the GUIs were ok, some weren't.  I've 
gotten lazy and prefer to be able to cut and 
paste, but the text editors I used this morning 
included vi, ed, cat, and >, and I guess emacs if 
you count the bash line-editing commands.  As far 
as PGP's CLI goes, it was painfully obvious that 
Phil was a Windows programmer, not a Unix 
programmer (though I suspect he had some DEC background as well).

                 Bill Stewart, wearing my old geezer hat today.





More information about the cypherpunks mailing list