gpg/pgp cli vs 15 years later, why can Johnny still not encrypt?
Bill Stewart
bill.stewart at pobox.com
Wed Jan 15 22:17:06 PST 2014
> >> When doing research on email encryption and
> why it's still not widely used, I've read Alma
> Whittens "Why Johnny Canât Encrypt: A
> Usability Evaluation of PGP 5.0" [1] from '99.
> I wonder if anyone knows of similar but more
> recent usability studies on encryption software?
By some time in the mid-00s, Hugh Daniel and I
could no longer reliably send each other
PGP-encrypted mail :-) I wouldn't use the older
versions of PGP (including GPG which was
compatible with them), which had the abusable
bugs in variable-length-field handling that made
it possible to force PGP to use really weak
crypto; Hugh would only use the open-source
versions, not the proprietary Windows-GUI
versions from PGP Inc., and even the proprietary
versions were getting less and less
reliable. And stubbornness had, ummm, entirely
nothing to do with either of our
positions... And at some point I had a disk
crash that trashed the current keyrings for which
I knew the passphrases, and I haven't really tried since then.
Some of the GUIs were ok, some weren't. I've
gotten lazy and prefer to be able to cut and
paste, but the text editors I used this morning
included vi, ed, cat, and >, and I guess emacs if
you count the bash line-editing commands. As far
as PGP's CLI goes, it was painfully obvious that
Phil was a Windows programmer, not a Unix
programmer (though I suspect he had some DEC background as well).
Bill Stewart, wearing my old geezer hat today.
More information about the cypherpunks
mailing list