RS Wood
2015-11-02 05:59:08 UTC
http://www.theregister.co.uk/2015/11/02/email_crypto_is_as_usable_as_it_e
ver_was_say_boffins/
//--clip (whole article)
The main reason the world is able to read and enjoy the contents of
Hillary Clinton's emails is that crypto tools aren't any better than
back when Phil Zimmerman created PGP, the crypto system even he can't
use.
That's the conclusion of this study into e-mail crypto usability, a
follow-up to a study which reached the same conclusion 15 years back.
The study, which hit Arxiv at the end of last week, was conducted by a
group of Bringham Young University researchers led by Scott Routi.
Checking over the Mailvelope PGP browser extension and which carries EFF
endorsement. For the study, the researchers got ten pairs of
participants to try to install and use Mailvelope.
They may as well have not bothered: even getting started with crypto
defeated nearly everybody:
In two pairs out of ten, the person supposed to initiate contact never
managed to actually use the software to send a message;
In another two pairs, the recipient couldn't work out that they needed
to install Mailvelope to read a message;
One pair managed to get as far as trying to share their public keys, but
didn't really know what to do with them.
Just one pair, of which one member already knew about public key crypto,
actually managed to install Mailvelope, trade their PGP keys, and
communicate.
There's also the question of what to do if a sender wants to encrypt,
but is sending to a receiver that isn't ready or knowledgeable.
In such a case, the study suggests, some kind of integrated tutorial and
automatic Mailvelope invites for new recipients might mean a message
doesn't just get dropped in the junk folder. ®
//--clip
ver_was_say_boffins/
//--clip (whole article)
The main reason the world is able to read and enjoy the contents of
Hillary Clinton's emails is that crypto tools aren't any better than
back when Phil Zimmerman created PGP, the crypto system even he can't
use.
That's the conclusion of this study into e-mail crypto usability, a
follow-up to a study which reached the same conclusion 15 years back.
The study, which hit Arxiv at the end of last week, was conducted by a
group of Bringham Young University researchers led by Scott Routi.
Checking over the Mailvelope PGP browser extension and which carries EFF
endorsement. For the study, the researchers got ten pairs of
participants to try to install and use Mailvelope.
They may as well have not bothered: even getting started with crypto
defeated nearly everybody:
In two pairs out of ten, the person supposed to initiate contact never
managed to actually use the software to send a message;
In another two pairs, the recipient couldn't work out that they needed
to install Mailvelope to read a message;
One pair managed to get as far as trying to share their public keys, but
didn't really know what to do with them.
Just one pair, of which one member already knew about public key crypto,
actually managed to install Mailvelope, trade their PGP keys, and
communicate.
There's also the question of what to do if a sender wants to encrypt,
but is sending to a receiver that isn't ready or knowledgeable.
In such a case, the study suggests, some kind of integrated tutorial and
automatic Mailvelope invites for new recipients might mean a message
doesn't just get dropped in the junk folder. ®
//--clip