1. INTRODUCTION Pretty Good Privacy, known as the PGP, is a popular program for encryption and decryption of data, providing security services for electronic mail messages and data files. Created by Philip Zimmermann in 1991, this program has been widely used throughout the global computer community to protect the confidentiality and integrity of the users’ data, giving them the privacy of delivering messages and files only to their intended individual or authorized person (Singh, 2012). Not only being useful for individuals as a privacy-ensuring program, it has also been used in many corporations to protect their company’s data from falling into the wrong hands (Rouse, 2005). This program uses mainly on the concept of cryptology. Cryptology is the study about secret communication between two parties, where there is a presence of a third party known as adversaries, and that party knows nothing about the content of the communication (Rivest, 1990). The security that PGP offers basically is on the encryption and decryption concept, touching on different kind of keys such as public keys and conventional keys, hash function, digital signatures and sometimes a combination of a few methods to make sending data to the right and authorized recipients even more secure. Moreover, following the Internet Standard Track, this program is currently being of the trusted program that is widely used (Stallings, 2011). 2. CRYPTOGRAPHY IN PRETTY GOOD PRIVACY PROGRAM 2.1 Cryptology Generally, the Pretty Good Privacy (PGP) program is all about cryptography, whereby the basic of it is encryption and decryption. Encryption is a process of encoding message, to the extent that the meaning of the message is not obvious or cannot be read ... ... middle of paper ... ...ey, so the more random the keystrokes, the better is the data needed to generate the key (Senderek, 2003). 2.2.4 Passphrase Based Symmetric Keys Passphrase is very similar to password, except that it is a longer version of a password, and theoretically is a more secure compared to password (Network Associates, Inc., 1999). It is a secure code created with one or few small word chosen by the user for a security setting (Mitchell, n.d.). Normally, for a passphrase, it contains multiple words, where words can be or cannot be found in a dictionary. Good passphrase are similar as good passwords, and the characteristics of a good one should be long and complex, containing upper and lowercase letters, symbols and numbers. Thus, it is obviously more secure compared to password, where by the attacker have tried all words in order to figure out the passphrase you used.