About Boundries to Security

If you have data that you would like to remain confidential, there is more to it than just determining which encoding algorith to use. You should be thinking about your system security in general. Basically we consider PGP to be secure and as I write this documents no incidents of PGP being cracked are known to me. But that doesn't mean that all encoded must be safe then (for instance the NSA wouldn't notify me if they cracked PGP somehow, neither would other people who crack for real malicious grounds). But even if the PGP is fully 'unhackable', other means can used to attack the security. Early February a Trojan Horse had been found that searched for secret PGP keys on the harddisk and FTP-ed them away. If the password has been choosen badly the secret key can easily be cracked.

Another technical possibility (although more difficult) are Trojan Horses that broadcast keyboards entries. Also possible (but very difficult) is to pass the content of a screen along. Then no cracking of scrambled messages needs to be done. For all these risks there need to be a good, well-thought security plan that is actually deployed.

It is not a goal to create paranoia among people, but to point out that a lot needs to be done to be more secure. The most important thing is to realize that ecryption is just one stap to security and is not a total solution. Trojan horses as they appeared in the Melissa virus in March 1999 prooved that many companies are not prepared for that.