What are the Disadvantages of PGP Encryption?
By John Papiewski
Pretty Good Privacy, developed by Phil Zimmerman in 1991, employs a sophisticated mathematical system for encoding data. Originally offered as free, open-source software, PGP now also comes as part of several commercially-supported programs. As with all security programs, PGP has a few known disadvantages.
Administering Conflicting Versions
The proliferation of different versions and sources of PGP complicates its administration, which can be ameliorated if an organization permits PGP from only one vendor or source. PGP uses encryption technologies that have evolved both technically and legally. As patents expire, for example, developers incorporated better methods into PGP. Open-source programmers also created a free version of PGP called GNU Privacy Guard, or GPG, which lacks features in the paid product, such as support for certain encryption algorithms like RSA, found in other versions of PGP.
Both the sender and the receiver must have compatible versions of PGP software or the information either will not be decoded, or will be decoded by only one party. Evolving versions of PGP use different methods of encryption. If you encrypt an email using PGP with one type of encryption, a recipient using PGP with a different version cannot read your message, although you may be able to decode messages sent to you. To avoid this conflict, both the sender and receiver must check and compare their PGP versions before exchanging encrypted data.
The complexity and learning curve of using PGG can be intimidating. Other security schemes use symmetric encryption, which uses one key, or asymmetric encryption, which uses two. For example, when you use online banking to pay bills, your Web browser automatically sets up asymmetric encryption to protect your online session. PGP takes a hybrid approach, using symmetric encryption with two keys. It is more complex and less familiar than the traditional symmetric or asymmetric methods, so developers require more training to become effective at PGP encryption.
Computer administrators frequently face emergencies involving lost or forget passwords. For some types of security software, an administrator can use a special program to retrieve passwords. For example, a technician who has physical access to a PC can recover forgotten log-in passwords to Microsoft Windows. PGP offers no such workaround; the encryption methods are strong, so forgotten passwords result in lost messages, lost files or inaccessible hard drives.
Chicago native John Papiewski has a physics degree and has been writing since 1991. He has contributed to "Foresight Update," a nanotechnology newsletter from the Foresight Institute. He also contributed to the book, "Nanotechnology: Molecular Speculations on Global Abundance."