Customer Reviews

PGP & GPG: Email for the Practical Paranoid

5 star:		(9)
4 star:		(6)
3 star:		(3)
2 star:		(0)
1 star:		(0)

 

 

This really is a terrific book if you're at all interested in learning how to secure information. It's very well-written in a clear, *concise* manner.

Two great introductory chapters lay out the fundamentals of cryptography and OpenPGP in plain English. There's nice coverage on terminology, the differences between OpenPGP/PGP/GPG, and the basics of using them.

The first chapter has also got a terrific chart laying out specific actions for things you want to do with your messages, like "I want to send a message that only my intended recipient can read" which is answered by "Encrypt the message with the recipient's public key." Much of the rest of the book follows this same clear vein as the author moves through the details of implementing PGP/GPG.

The book is full of small tidbits of very useful information, such as considerations for selecting expiration periods for your keys, or how to decide on what levels of trust to give family and friends, or even how to increase your paranoia by worrying about whether or not a hardware keystroke probe is monitoring your passphrase as you enter it.

The sections covering implementation of GPG are particularly well done. GPG isn't the easiest thing to work with, but Lucas does a great job of pointing out potential pitfalls and working readers past the rough spots.

A terrific work that lays out lots of good information in a small, well-written package.

PGP & GPG is another excellent book by Michael Lucas. I thoroughly enjoyed his other books due to their content and style. PGP & GPG continues in this fine tradition. If you are trying to learn how to use PGP or GPG, or at least want to ensure you are using them properly, read PGP & GPG.

Content-wise, PGP & GPG covers just about everything I would like to see in a book on encrypting email. Lucas addresses Windows and Unix options, both commercial and open source. I only paid real attention to sections on GPG and the Thunderbird Enigmail extension, since that is what I use.

Style-wise, PGP & GPG is incredibly readable. Email encryption could be a dense topic when covered by another author. Lucas addresses the right points, in the right order, with the right attitude. He's one of my favorite authors in this regard. Certain tips he shares, like setting keys to expire annually, or CC'ing yourself when sending encrypted email, or mentioning smart cards for keys, really make a difference. I agree with previous reviewers who liked the task-oriented chart on p. 14 -- that is awesome.

PGP & GPG is definitely a winner. The word "practical" in the subtitle could easily apply to the message of this book.

PGP & GPG: Email for the Practical Paranoid by Michael Lucas is a wonderful introdution book for anyone that wants to learn more about OpenPGP. What it is, where it's been, where it's going and why it's important in the high tech world, this is the perfect book. At 180+ pages in length this is the kind of overview book that I would expect to get. Nothing bulky with 1,000 pages, this is the kind of book that can be opened up and read in a short amount of time, while providing a massive amount of content about PGP. Anyone that wants to learn more about encryption and specifically PGP would be wise to pick up this book, nicely done!

***** HIGHLY RECOMMENDED

In this book Michael W. Lucas has put together a guide to email privacy that is very useful and accessible. One of the few technical books that not only informs but makes for a fairly engrossing read as well. The explanations of how and why in the first two chapters make the book worth the read in themselves. His descriptions of the advanced concepts are precise while still being easy to understand. My only real criticism of the book is that it's sort of lacking information on *nix GUI tools. Overall, he does an excellent job of covering use of this software.

It's nice to see someone write a usable reference guide to PGP/GPG that's not 10+ years old, referring to versions of the software that don't exist any more. Even better in that it's an enjoyable read... PGP & GPG: Email for the Practical Paranoid by Michael W. Lucas.

Contents: Cryptography Kindergarten; Understanding OpenPGP; Installing PGP; Installing GnuPG; The Web of Trust; PGP Key Management; Managing GnuPG Keys; OpenPGP and Email; PGP and Email; GnuPG and Email; Other OpenPGP Considerations; Introduction to PGP Command Line; GnuPG Command Line Summary; Index

When I last had any interest in PGP, you could download the PGP package from just about anywhere and everything was run from the command line. Now PGP is the commercial version of the package, and the OpenPGP implementations are the ones you get and use for free. Lucas does a very nice job in explaining the differences between the commercial and open source implementations, as well as how the commercial implementation's GUI makes much of the command line hassle a thing of the past. On top of covering the GnuPGP version of the open source option, he also covers Windows Privacy Tray, or WinPT, which provides an add-on GUI to GnuPG. The email chapters show how PGP can interface to Microsoft Outlook Express, Microsoft Outlook, and Mozilla Thunderbird. Being a Lotus Notes/Domino user, I would have liked to know about any potential integration packages there, but I'll overlook that slight. :)

Another positive feature about the book is that he doesn't stop at the nuts and bolts of the software. By going into the basics of cryptography and the "Web of Trust" for identity verification, Lucas helps the reader understand the mindset of privacy and the responsibilities one has once they join into that community. Granted, PGP/GPG is nowhere close to being a package that Aunt Mabel will install and understand. I think that by choosing to use this type of encryption, you already have a fair understanding of which end is up. But armed with the proper knowledge and mindset (which you'll get here), you'll be able to make a much stronger contribution to the common good.

If you use PGP or have wanted to venture down that road, or if you're dealing with information that might not be viewed favorably by certain authorities (regardless of what you may morally believe), you should get a copy of this book. It'll save you time in trying to piece it all together on your own, and it's light-years ahead of the other (aged) books on the subject.

Email messages are not typically protected or encrypted in any way. What you send could potentially be intercepted and read by anyone. If you are sending something of a private or confidential nature, it is nice to ensure that only the intended recipient can read the message.

Lucas does an excellent job of making a seemingly complex subject seem much simpler. While much of the book is dedicated to the gritty details of the different PGP implementations, those who are confused by the concept of cryptography to begin with will learn a lot just from reading Cryptography Kindergarten and The Web Of Trust.

Table 1.1 alone will answer many readers questions. This simple table illustrates different scenarios and explains what or how you would want to protect it. Do you need to sign the message with your private key, or encrypt the message with the recipient's public key?

Email is one of the most common uses for computers and one of the primary methods of communication for many people. I highly recommend that those who rely on email communications buy and read this book to gain a better understanding of how to protect and secure their messages from unauthorized viewing.

Pretty Good Privacy and Phil Zimmerman are computer counterculture legends. By putting secure communication into the hands of anyone with a computer, Zimmerman both launched a revolution and stirred the ire of the U.S. government. After suffering under -- and prevailing over -- severe FBI harassment and malicious prosecution, Zimmerman and his open PGP encryption tool have demolished government attempts to control cryptography. After sixteen years, PGP still has no equal as an enabler of private communication.

This book focuses on the use of PGP as an email encryption tool, although PGP can be used as a general purpose file encryption utility as well. After summarizing the history of PGP and the Open PGP standard, author Michael Lucas clearly and concisely describes how public key encryption with Open PGP can secure routine email messages. This is a how-to guide that gives you the essential understanding you need to quickly make practical use of PGP and its non-commercial cousin Gnu Privacy Guard (GPG).

Lucas' exposition explains PGP better than any previously published treatment -- either in print or online -- I've read. If you need to encrypt, you need to encrypt with PGP. Which means you need this book.

PGP (Pretty Good Privacy) is one of the most popular software encryption programs ever. It is so good and so effective that in the early 1990s the FBI launched a multi-year investigation against Phil Zimmerman, the creator of PGP, for possible violation of federal export laws, especially ITAR (International Traffic in Arms Regulation). After many years of investigation, the FBI ultimately dropped its case against Zimmerman. Even though PGP is synonymous with end-user encryption, there have only been a few books written on the subject. Jump to 2006, and PGP & GPG: Email for the Practical Paranoid is a welcome title.

On page 167 in Appendix A of the book, the author candidly writes that PGP "comes with a very good and complete manual at over 300 pages". With that, one may question why one would spend $24.95 on a book which covers much of the same information as the bundled documentation.

The reality is that there is a large class of people that will simply not read any form of documentation. Rather, they prefer something with an ISBN number. Such people are a boon to authors (of which I am one) and publishers. For that group, PGP & GPG: Email for the Practical Paranoid provides a pretty good overview of how to use PGP.

The book is written for an end-user who, while comfortable with the workings of technology, is new to the sometimes strange world of public key cryptography. The author writes in an easy-to-read style and, through repetition, inculcates the principal ideas of encryption and cryptography to the reader.

The introduction and first chapter provide a good presentation of the concepts of encryption, cryptography and public-key cryptography. The idea of public-key cryptography, on which PGP is based, is not so intuitive, and many people struggle with the basic concepts. The first chapter, appropriately titled 'Cryptography Kindergarten' is a good read for those who are public-key cryptography challenged.

On a side note, the notion that even smart end-users can be intimidated by public key cryptography was detailed in a now seminal research paper 'Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.'

The premise of the paper is that user errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. The authors argue that effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. The authors conclude that PGP 5.0 is not usable enough to provide effective security for most computer users despite its attractive graphical user interface. Even though PGP is in version 9.x, it still suffers from usability flaws.

Cryptography purists may recoil when the author repeatedly uses the term 'military-grade encryption.' Military-grade encryption and military-grade cryptography are overused terms, most often by marketing departments, but there is no real definition of 'military-grade encryption' -- and even if there were, it would be classified. Most people use 'military-grade encryption' to mean really strong crypto, much like those who use the term 'Olympic-size swimming pool' to refer to a really large pool. But the term 'military-grade encryption' is so misused by so many people that it is a lost cause to try to fight it.

In the rest of the book, chapters 2 - 11, the author details the varied usages of PGP & GPG. The book also details the differences between OpenPGP, PGP and GPG.
The difference between them is that PGP is a commercial piece of software, GPG (Gnu Privacy Guard) is open source, and OpenPGP is a protocol that defines a standard format for encrypted messages, signatures, and certificates for exchanging public keys.

The author astutely writes that while PGP provides really strong security, this is only if, and this is a huge if, it is implemented correctly. Chapter 11 notes that although OpenPGP provides a reliable method of authentication and encryption, it is also not unbreakable. OpenPGP can be vulnerable to many different types of attacks and weaknesses, including poor implementation, hardware or software compromise, fake keys and more. It is important to realize that OpenPGP provides significant, but not unbreakable security.

At 180 pages and priced at $24.95, PGP & GPG: Email for the Practical Paranoid is an excellent book that shows the end-user in an easy to read and often entertaining style just about everything they need to know to effectively and properly use PGP and OpenPGP.

For those that want to save money and perhaps save a few trees, the free documentation that comes along with the product is similarly worth reading.

Excellent beginning tutorial on PGP and related technologies. Author writes well, clearly, and with just enough humor (not over done). I'd recommend this book to anyone interested in PGP, GnuPGP, or any of the related technologies.

I'm a 10-year crypto hobbyist, and although I didn't learn much new, I wish I had this book when I started out. And it will be the book I recommend to friends and family interested in email and file crypto.

Are you using PGP yet? If you're not, then this book is for you! Author Michael W Lucas, has done an outstanding job of writing a book that will show you enough about the ideas behind encryption and digital signatures that you'll be able to make intelligent choices about which of the available options you should use in any given circumstance .

Lucas, begins by covering the basic ideas behind encryption. Then, the author shows you the basic ideas underlying OpenPGP. Next, he guides you through the installation of the PGP desktop client. The author continues by walking you through the installation of GnuPG on both Windows and Unix like systems. He then discusses how OpenPGP keys are connected to one another, identity verification, and keysigning. Then, the author takes you through the managing of the Web of Trust with PGP software. Next, he shows you how to manage the Web of Trust with GnuPG. The author continues by discussing how to integrate OpenPGP into your email and some of the issues that can arise with email usage and PGP. He also discusses how to use PGP software with e-mail. Then, the author covers integrating GnuPG with various e-mail clients. Finally, he shows you how to deal with some of the things that can go wrong with OpenPGP, how to use OpenPGP as part of a group of people, and how to use some other significant features in GnuPG and PGP.

In this most excellent book, the author demonstrates how to integrate encryption and digital signatures with popular e-mail clients so that you can easily exchange secure e-mail with others. More importantly, he shows you how to install the PGP and the GPG encryption packages on Windows and Unix-like operating systems, and how to use them to secure your personal data.