ra2 studio - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is PGP security still strong or is it time for a new encryption standard?

Pretty Good Privacy is nearly 25 years old and still widely used -- but is it as effective as it once was? Application security expert Michael Cobb explains the past, present and future of PGP.

The viability of PGP security has been questioned lately, as some critics have argued that it's time for the encryption...

standard to be retired. Does PGP carry too much enterprise risk, and if so, what viable encryption alternatives are available to replace it?

The Internet standard for electronic mail transmission -- Simple Mail Transfer Protocol (SMTP) -- was first defined by RFC 821 in 1982. SMTP became widely used in the early 1980s, having evolved from standards developed during the 1970s. This was when very few hosts were connected to the U.S. government's ARPANET, the network that became the basis for the Internet. The security of messages wasn't considered to be a critical requirement, this is why the content of emails are sent in cleartext; the original specification did not include a facility for authenticating senders.

PGP, or Pretty Good Privacy, solved these problems and was a revelation when it arrived on the scene in 1991, particularly as it was compatible with legacy email systems. Using public key cryptography and fast symmetric ciphers, PGP provides privacy, security and authenticity, and can be used for signing and encrypting emails, files, directories and whole disk partitions.

It was, however, certainly a case of security before usability, and Matthew Green -- who lectures in computer science and cryptography at Johns Hopkins University in Maryland -- argues that it's "time for PGP to die", describing it as "downright unpleasant." He believes poor usability and weak mail client implementations adversely impact overall security, while PGP's use of a mixture of key servers and public key fingerprints adds an unwelcome complexity to key management. While complexity is certainly the enemy of security, many experts believe that PGP's web of trust model is in better shape than the certificate authority-based hierarchy of trust model that SSL certificates currently rely on.

Green complains that PGP keys tend to be large and contain lots of extraneous information. However, encryption keys aren't designed to be processed by human beings, but rather by machines. Even the modern elliptic curve implementations produce fairly large keys. Green also thinks email should have perfect forward secrecy (PFS), which PGP does not support. (PFS means that the compromise of a single key cannot lead to the compromise of multiple messages, whereas if a hacker obtains someone's PGP private key, they can use it to decrypt all previously encrypted messages.) However, adding PFS to email is a big challenge as it doesn't require an end-to-end connection, and most companies need to be able to inspect traffic for security and compliance reasons, which PFS would prevent.

Ensuring that users can easily send secure, encrypted emails is vitally important as it remains a key means of communication. According to researchers at the Radicati Group, we send on average 108 billion business-related emails a day. Green's solution is to build networks designed from the ground up to protect messages instead of plugging encryption software into today's plaintext email systems as an afterthought. While he is not wrong, it is far easier said than done. Replacing SMTP completely is probably unfeasible due its huge installed base and legacy compatibility issues. It would require a concerted, coordinated effort by the major Internet players such as Google, Apple and Microsoft to roll out new operating systems and push legacy updates to migrate everyone en masse from SMTP to a new protocol.

PGP is by no means perfect, and Green's comments have certainly sparked a debate about the future of secure email. But as of yet, there is no publicly known method of breaking PGP encryption by cryptographic or computational means. Yahoo and Google's end-to-end email encryption extensions are based on OpenPGP, so PGP looks to be alive and well. It's also getting more user-friendly, so it's very unlikely that it will be replaced anytime soon.

Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Is symmetric encryption better than PGP email security? Get the answer here

Learn how to protect PGP keys

This was last published in April 2015

Dig Deeper on Email and Messaging Threats-Information Security Threats