Net Q & A

This type of security claim, which is common in advertisements for off brand encryption products, is meaningless. It assumes that the encryption program is well designed, or that the people trying to break the encryption are morons, and they don't know any better approach than merely guessing possible keys.

In fact, many encryption programs are very poorly designed. Further, many of the people who attack encryption mechanisms are very far from being morons. They will attack the encryption system in ways that the designers never anticipated.

It's a little bit like saying, "This 6 inch thick door is safe because it would take 3 years to drill through the metal using nail files." Thieves will not limit themselves to nail files. They will attack the lock, the hinges, freeze the door then shatter it, melt the door, deform the door, use shaped explosives, etc., etc., etc.

All this is explained in two excellent articles by Bruce Schneier, author of Applied Cryptography, 2nd Edition, the leading treatise on the subject. Both articles are at http://www.counterpane.com/:

There's also an excellent FAQ on the subject of misleading encryption advertising called "The Snake Oil FAQ."

So, what is the answer to buying reliable software that is easy to use in the real world?

Experts advise sticking with a program from a reliable vendor with a track record. Select one that has been thoroughly tested.

Under these criteria, there is no better alternative for lawyers than PGP.

Because it is so well known, it has been and remains the subject of intense scrutiny by "open" cryptographers around the world, including many at the world's leading universities. If PGP is "crackable" you'll hear about it. This is not true of "brand X" products, none of which can boast the same high level of scrutiny and testing.

Further, PGP is enormously easier to use in real life. Why is this true?

Encryption products on the market today are generally not compatible. When it comes to "ease of use," there is nothing more difficult than persuading those you want to communicate with to purchase some "brand x" software. Stick with the mainstream product, which is overwhelmingly PGP. 

This is not the only reason PGP is the hands-down "ease of use" winner. MIT and other reliable sources operate directories where you can easily find the "public keys" that are universally used in sophisticated modern encryption systems. No alternative product has such an elegant, reliable mechanism for finding so many public keys.

The pros and cons of some alternatives to PGP are discussed in the article  How To Protect Your E-mail at this site.