Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "PGP & GPG: Email for the Practical Paranoid", Michael W. Lucas

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKPGPGPG.RVW 20060823 PGP & GPG: Email for the Practical Paranoid , Michael W. Lucas, 2006, 1-59327-071-2, U$24.95/C$32.95 %A Michael W. Lucas
    Message 1 of 1 , Oct 9, 2006
      BKPGPGPG.RVW 20060823

      "PGP & GPG: Email for the Practical Paranoid", Michael W. Lucas, 2006,
      1-59327-071-2, U$24.95/C$32.95
      %A Michael W. Lucas mwlucas@...
      %C 555 De Haro Street, Suite 250, San Francisco, CA 94107
      %D 2006
      %G 1-59327-071-2
      %I No Starch Press
      %O U$24.95/C$32.95 415-863-9900 fax 415-863-9950 info@...
      %O http://www.amazon.com/exec/obidos/ASIN/1593270712/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1593270712/robsladesin03-20
      %O Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
      %P 196 p.
      %T "PGP & GPG: Email for the Practical Paranoid"

      The introduction states that while the book does cover foundational
      encryption concepts, it is primarily intended to explain the
      appropriate use of the PGP (Pretty Good Privacy) and GPG tools. This
      preamble also provides a history and description of PGP, OpenPGP, and
      GnuPG. The rudimentary outline is good, but does have some errors: an
      ITAR (International Traffic in Arms Regulations) offence would be a
      criminal (rather than civil) matter so the US government never did
      launch a lawsuit against software author Phil Zimmermann (although
      other lawsuits were launched surrounding the program), and the program
      was produced before the book of the source code was published. (Lucas
      also retails the myth that the NSA has a secret computer that can
      crack the strongest of encryption algorithms: to those who truly do
      understand encryption technology the suggestion is patently absurd.)

      Chapter one outlines the basics of cryptography, but adds more errors:
      for example, a code doesn't relate to concealment, and substitution is
      not the only form of ciphering. While the explanations are sometimes
      far from clear, generally the ideas are presented reasonably, although
      in a simplistic manner. (Here and at other places in the book, Lucas
      attempts to inject the occasional note of levity. As with similar
      attempts by other authors, these jokes will not help the reader to
      understand or remember of the material. However, at least Lucas keeps
      the quips to a minimum, and they aren't too annoying.) Elementary
      components of OpenPGP are related in chapter two. Installation
      instructions for PGP Desktop are provided in chapter three, along with
      additional suggestions and information about locations for keys.
      These are useful for those with an intermediate or advanced level of
      familiarity with Windows, but there is insufficient detail or
      explanation provided for novice users, who appear to be the most
      appropriate target audience for thia book. Chapter four deals with
      the installation of GnuPG and the Windows Privacy Tray (WinPT)
      graphical front end, and more details are provided for this form,
      although the definition is still weak. Specific operations and
      activities regarding the building and use of the Web of Trust are
      outlined in chapter five, but the implications and underlying concepts
      are not explained well even though some of the more esoteric
      ramifications are mentioned. Key management dialogue boxes are
      described for PGP in chapter six, and GnuPG in seven. Chapter eight
      is an introduction to the idea of (and some of the problems with)
      using OpenPGP with email. Various settings for PGP and email are in
      chapter nine. Installation of plugins for GnuPG and the Outlook,
      Outlook Express, and Thunderbird mailers is described in chapter ten.
      Various warnings about using PGP and GnuPG are sounded in chapter
      eleven. Most are reasonable, but some betray a lack of background
      (SHA-1 is more susceptible to the birthday attack than to forgery).

      This could be a helpful guide if you are new to encryption and wish to
      install and use PGP Desktop or GnuPG. However, note that the
      background information is limited, and sometimes inaccurate. For most
      users this will not be an issue. More importantly, beyond the basic
      operations of the programs there is little in the way of advice on the
      finer points of "appropriate" use of encryption services. A handy
      guide to obtaining and installing the software, but, beyond that, you
      are pretty much on your own.

      copyright Robert M. Slade, 2006 BKPGPGPG.RVW 20060823

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Reading is to the mind what exercise is to the body.
      - Joseph Addison
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.