Ask the Expert

Is messaging in symmetric encryption better than PGP email security?

Suppose two people exchange messages using symmetric encryption; every time they communicate, a session key is generated that encrypts the message using a protocol that handles session keys like SSL. They could, alternatively, use PGP to exchange messages. Do you think in this scenario that PGP or symmetric encryption would offer better security?

    Requires Free Membership to View

It depends on how trusted the local environment is. Symmetric encryption will ensure non-disclosure between "systems" by encrypting all message packets between mail servers using a shared encryption key. PGP ensures non-disclosure of an individual message by encrypting the actual message and making it viewable only by the sender and recipient. PGP is a bit more flexible as it can be used when the message traverses an unsecured network channel between two systems or even if the recipient is on the same system. As a general guideline, if you have a trusted messaging environment, but the network between servers is in question, then symmetric encrypted sessions like SSL will work. If you're exchanging messages that are so sensitive in nature that even the messaging system administrators shouldn't have access to the message content, like legal or executive communications, I'd use PGP.

This was first published in May 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: