Slashdot Mirror
Undocumented Bypass in PGP Whole Disk Encryption
A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."
... choose a different product. This also is against their product description so report them to trading standards and demand refunds. What about Seagate Momentus FDE drives? DO they have a bypass also?
http://www.rense.com/general79/wdx1.htm
Having replaced laptop motherboards for Raytheon that had the pgp whole disk encryption and asking them if there was a way around it to check the os and their response being there is no way around it, I wonder "who" the unnamed customer was?
Maybe they were unnamed because there is No Such Agency?
I don't need large brains to have a good time.
"encryption bypass" ?
That basically turns the entire thing into a physiological magic trick.
unnamed customers? there's no such agency.
Come on, why would you even consider using such a thing?
And if anyone else can enable it, then they already have access to your computer anyway.
Seriously, customers require this so IT staff can do remote support and reboot the machine remotely. It is only enabled for one reboot, and you must have cryptographic access to enable this feature. The only threat is if someone where to enable this, not reboot, and then have the machine stolen.
Why does crap like this make it to the front page of Slashdot?
ÕÕ
from the response:
"We call it a passphrase bypass because that is what it is. It is a dangerous, but needed feature. If you run a business where you remotely manage computers, you need to remotely reboot them."
and
"You cannot enable the feature without cryptographic access to the volume. If you do not have it enabled, you are not affected, either. I think this is an important thing to remember. Anyone who can enable the feature can mount the volume. It is a feature for manageability, and that's often as important as security, because without manageability, you can't use a security feature."
makes pretty good sense to me
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
It's called a 'backdoor'. If you're building backdoors into your disk encryption product, I don't want it. This is just another example of where free / open source software shines: you can know there are no backdoors in the tool because you have the source and can verify it for yourself.
My blog
Sound like it is just temporarily storing the passphrase on the disk?
If it isn't stored, then there is no problem, right? It's not like
anyone can grab the disk and just turn it on.
A customer with enough volume to demand such a 'feature' (myself I prefer to call it a bug) surely can justify the addition of a compilation flag as oppose to incorporating into general release. I am incline to think it's more likely to be brown nosing the current US administration.
ELOI, ELOI, LAMA SABACHTHANI!?
When it comes to encryption it is exactly for this reason why I use the "clunky", "hard to configure", "no GUI" Open Source!
I know what I have, and what I get, and what others cannot get... Not that I have anything to hide. Just that I like my privacy.
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
When Phil sold out and went commercial with PGP. He may have saved face by leaving shortly thereafter, but it was too late. With monied interests involved, everyone knew the product's integrity was in question from the first day of the announcement. This just proves that you cannot trust a proprietary product for something as important as encryption.
Method of processing duck feet
By renaming it PNGP or Pretty Not Good Privacy.
What is the point of encrypting the drive if it's automatically decrypted? (ie. the key would be stored plaintext somewhere on the drive) I just can't figure that out.
I don't like PGP in any case. I never have because all their stuff is proprietary. S/MIME, ASN.1, etc are all full blown public standards that do the things PGP does except using open interoperable widely adapted standards.
"We are not the only maNufacturer to have Such a feature -- All the major people do, because our customers require it of us.
Its not enabled by default, its a feature that makes sense for servers that sit in a datacenter or a remote location. The PGP exec is correct, other full-disk encryption vendors offer similar features. Its not some sort of evil backdoor for Phil Zimmerman to come laugh at your paltry collection of porn.
As usual, the poster got it wrong. It is not a "backdoor", and if the poster had actually read the response from PGP he would have realized that in order to use this, you already need to know the cryptographic passphrase, AND that it is only good for a single reboot. This is required for remote administration. What are the chances that someone will be sitting by the computer, just waiting for it to reboot so they can steal the disk drive? Because that is essentially the only way for this to be exploited.
According to TFA, the feature is off by default. To enable it, you must know the password. If someone else knows your password, you're screwed already. Why is this a big deal? I guess being undocumented makes it a bit shady, but the article doesn't say how long the feature has existed. It could simply be new. Anyone have better info?
Did you read the article or any of the comments before posting that?
Didn't think so...
No sig today...
This isn't a back door or some secret agenda by some shadowy government agency. It is simply an IT tool to allow remote access to the machine. It is enabled ONCE and you must have cryptographic access to the machine in order to enable it. It is NOT enabled by default, it is a conscious decision to enable the feature made ONLY WHILE you have authorized cryptographic access. Once the machine is rebooted your back to normal.
The OP made it sound more ominous than needed when he said "unnamed customers". Why is everything on Slashdot a giant consipracy??
RTFA.
Pretty Good Privacy. I'd rather have Absolutely Fucking Bulletproof Privacy.
This backdoor took a bit of time to figure out. The simple fact is that if I buy a product, I expect it it work correctly, in particular, I expect it to work as advertised. PGP says that your data is encrypted and safe. Obviously, it is not.
I prefer the "u" in honour as it seems to be missing these days.
If you RTFA you'd see this feature is needed for anyone who remotely-boots their encrypted drive. The feature is not a backdoor - it has to be enabled by someone with cryptographic access to the drive, and it only works once per setting - reboot, and it's disabled. The only way this could be a security issue is if it's enabled, and before the drive boots up again, the drive is stolen. Features like this are needed, as without them, the drive is useless for remote management, and people won't use encryption, which is obviously far more insecure than having this feature and using it correctly.
Oh, the joys of closed source... Who is surprised?
Why do I have a deja vu feeling every time this shit happens... Then again, I feel schadenfreude at peeps using such software. And last but not least, there's nothing more stupid than using closed source security apps. Security by obscurity is DOA.
Fuck PGP, embrace GPG http://www.gnupg.org/
All of the performance penalty -- none of the security benefit.
It's purely crapware at this point. It eats CPU cycles to do nothing useful.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
"...REQUIRED by unnamed customers..." ... not requested, wishlisted... REQUIRED...
good old content analisys... so helpful, when it comes to "unnamed customers".
Didn't read the article -- didn't see that you can only bypass it by enabling it for the next reboot after which it returns to normal.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
There is an inherent flaw with many of the commercial laptop full-disk encryption solutions out there. I have the most experience with Utimaco's Safeguard Easy, but I know many of the other big players have the same fault -
The software has a feature called "Pre-boot Authentication", by which the encryption software is loaded after the bios, but before the (generally Windows) operating system. The user's password is used to generate the decryption key, so theorhetically not even the NSA could decrypt the laptop without the user's password.
Here's the flaw - the software has a checkbox to disable Pre-boot authentication. What this does is generate a default user with a random password, and then store this random password obfuscated but in clear-text in the same disk area decryption software. When you talk to the sales-people, they sell this as a feature, in fact about half of Utimaco's customers (so I'm told) run it in this mode because the encryption becomes transparent and it is much less intrusive on the user. (Basically the disk is automatically decrypted each time the laptop is booted, but you have to have a valid Windows login to get in.) Buried in the help documentation are warnings "For security reasons, you should Never disable pre-boot authentication". So the engineers and the company know the weakness of disabling pre-boot authentication, but they don't tell their customers when they sell the software.
Today it seems to break into these laptops with pre-boot authentication disabled you would need somewhat sophisticated tools and techniques, basically the same tools and techniques people commonly use to "crack" commercial software today. But I'm guessing that it won't be very long before someone takes the time to build this crack and releases it, rendering the laptop encryption useless to anyone who can Google for "Utimaco Crack", etc. Basically all the crack would need to do is grab the default user's password off the disk and use or duplicate the decryption algorithms that are also in clear-text on the disk.
I've talked to a number of IT security folks, and basically it seems like most people trust the sales folks and don't understand that its basically impossible to have strong encryption without having the decryption key stored off the disk (like on a smart card, or in the brain of the user.)
PGP is a hilarious company, these days. My company was going to do some consulting work for them, and they announced that we could not work with them unless we complied with their security "policy." We thought it would be no problem--our security is some of the best in the industry.
We read their "policy" and started laughing, however. It isn't a policy so much as a standard, which explicitly requires all computers run PGP Whole Disk Encryption. No other form of data protection is acceptable.
I'm inclined to send this message back to them and include "piss off" in my reply, but I don't know how much the potential contract was worth. But any way you look at it, PGP corp is a joke these days.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
The parent is hardly flamebait. This particular scenario was predicted over 10 years ago on the Cypherpunks list.
Anyone remember the Clipper chip? This strikes me as version 2.0 of that failed venture.
And it's a pity, as PGP Inc's credibility completely.
I wonder how this "undocumented feature" became a requirement? The article was vague about this and so was Mr. Callas's response. My tinfoil hat definition of "requirement" in this case is that a confidential US government agency swooped in and told them, make a back door or else... [insert some political pressure argument here]. The more rational and corporate version explanation I can think of is that certain people feared that losing the pass phrase will essentially lose everything which is not acceptable.
If the requirement is a legal requirement a la Patriot Act or whatever, it should have been mentioned by Mr. Callas. I don't see how he can be compelled without some legal reason to provide what is essentially a back door for the product on which his corporation relies on for its business, especially considering the potential loss in consumers confidence that there are no additional "undocumented feature(s)" in the product.
~ In Trust, We Trust ~
If people wanted Really Good Privacy, they should have purchase encryption from a company called RGP, not Pretty Good Privacy.
Seth
$5 / month hosted VPS on linux = awesome!
As others have said, some parts of the U.S. government has become completely lawless. The government is requiring access and requiring that access be kept secret. The Bush administration has become a dictatorship. I think U.S. citizens should demand impeachment and that Cheney and the Decider be tried for treason. Why should the really big criminals be allowed to break the law?
My experience of whoever it is who sells PGP is that there are other issues about they way they do business, too.
That's why open source encryption is so important. TrueCrypt supports Windows and Linux. Supports encrypted devices and encrypted folders, including hidden folders.
To encrypt a file, use the free open source Gnu Privacy Guard.
They can't do whole hard disk encryption, but they are at least honest.
With that understanding, I am developing a new data security system using heretofore unrealized technology, and plan to bring it to market in the near future: look for products from BHS in stores during the month of No-never.
This message brought to you by the unique folks at BHS. Black Hole Systems: we are defined by our singularity!
Sometimes I have to say to hell with it and just eat my jellybeans.
The feature is there. It's not turned off in the sense that at every boot, the PGP Boot Guard is checking for the existence of the ("backdoor" or whatever noun you wish to use) account and attempting to decrypt the Volume Master Key with a static passphrase of hex x01.
It would be "disabled by default" if that function call did not exist in every customer's installation, until enabled later.
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
So which full disk encryption software does Slashdot recommend? Preferably FOSS and available for *Nix and Windows.
If you RTFA, you'll see that it's a feature that you can only turn on if you've already got access to the disk, and PGP did it so it only works once.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
So clearly the encryption system records the running password somewhere outside the encrypted volume if the auto-reboot is selected. One would assume that, upon reboot, the password gets overwritten.
We are constantly told that data that's only overwritten once on a magnetic drive is recoverable. So, if one could figure out which section of the drive gets the password written to it (an easy enough exercise given that the boot code that mounts the encrypted volume is in a fixed location and largely static) then one could steal a laptop and, assuming it had been auto-rebooted once before in its life, potentially recover the entire drive contents.
Beyond the capabilities of your average evil-doer but certainly possible.
CommentBot 0.7a running with args "-module irritate,disagree -target random"
How much do you want to bet that "unnamed customers" are synonymous with "various federal and state police agencies, DOD, and NSA"?
Takers?
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
There is No Such Customer (NSC).
The GPG program that you download doesn't do full-disk encryption; it's pretty purely a file/stream encryption program. I suppose you could use it for disk encryption, by streaming data through it on its way to and from a device, but that's not how it's normally used.
There is/was a program around that used GPG to do FDE, called GPGDisk. I'm not sure whether it used your installed copy of GPG to do the heavy lifting, or if it just included the same code, or worked using the same algorithms but had its own totally separate crypto engine. It was reasonably popular for a while, but I think a lot of people who were using it have now switched to TrueCrypt.
However, GPGDisk did offer some unique features, like the ability to encrypt a disk using a GPG key, and some fairly fine-grained access controls that you could set up for multiple users (IIRC). Every once in a while someone will mention it on the comments on Bruce Schneier's blog, so apparently it's still getting some use. But it doesn't offer some of the neater features that TrueCrypt does, like plausible deniability or containers-in-containers, I don't believe.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I thought the developers had to put a backdoor in so the Big Boyz could crack it easyer. I wonder if this was it?
Seriously, it seems to me that this "loophole" just isn't.
Vista Bitlocker on the other hand, is not worth the disk space it consumes.
I have it on good authority from someone in the know (as in, it is in his job description) that cracking Bitlocker is easy. There is actually a course on "opening" bitlocked volumes, if you move in the right circles (think police forensics)
For my money I'd rather just use a good open source package.
http://www.writeitfor.us - Writing IT for the IT generation.
And we use a Post-it on the same door to remember the combination.
This dangerous, because it gives a false sense of security. Its an easy way to make full disk encryption have zero security benefit. Its might a feature that this feature is so obscure enough that security neophytes won't shoot their foot off. I'd be happiest if the feature automatically deleted the decryption key during the reboot. Thats enough to let IT do an unattended reboot and simultaneously discourage people from misusing the feature.
Even in a high-tech company, your engineers at remote offices may know operating systems better than routers, or the server may be locked in a closet with the PBX and LAN hardware, or the office may be a sales office where there's nobody technical enough to go drag a monitor into the server closet and plug it into the correct server.
If you've had a power hit at your retail store, once it's back up you don't want to wait half a day for an IT staff guy to drive or fly there and connect the console to type a password into it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But ... PGP has a peer review, open-source process. They're just a commercial product, too. [In other words, it violates the terms of service for you to compile their source code and use it without licensing it.]
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
So, PGP Corp takes an open source product and closes its source. They don't document this backdoor. When discovered, they say, "Well, okay, it's just so that we can reboot once."
You believe them?
I mean, did you believe them when they failed to mention this "feature"? When they forgot to document it? What else have they omitted? What if, a few months down the road, they say, "Well, there's this other feature that lets you reboot twice." And then later, "Three times. Yeah, we haven't gotten around to documenting that either."
The way they describe it in
CTO/CSO Jon Callas' response, it doesn't sound like as much of a security flaw as I feared. But the question is, why was it there, with no documentation?
Closed source crypto is already under suspicion from me as a matter of course. The fact that we have an actual case of an undocumented "feature" only confirms that I should stick with software that's verifiable.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
I don't understand that argument. Why is it necessary to have two passwords? An organization must have a database of user passwords, correct? A user may call and say he lost his password.
The only reasons I can imagine for having two passwords are convenience for IT, when they aren't fully automated, and secret government surveillance.
An organization with 1,000 users must manage 1,000 passwords, anyway.
What happens in an organization when a member of the IT staff leaves? The IT access special password, if there is one, needs to be changed on 1,000 computers.
It seems to me that there may be far better ways to manage that situation rather than having a global password.
Hmm, the FBI paid them for having this backdoor?
1. if i have a real (paying) customer who needs this, i will supply them (and only them) with a customised version.
2. or i fully document the feature.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Yeah, it's a potentially dangerous feature - but some customers want it anyway, and at least PGP implemented it in a way that's less dangerous than it could have been. I'd have preferred to see some additional hardware involved, e.g. require input from a USB dongle or successful DHCP hit or something in addition to the disk-stored info, but it's hard to get that to work portably and reliably.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I'd prefer to see the key stored somewhere other than the main disk drive, e.g. on a USB dongle that might not get stolen or kept. (Or get tricky and use an iPod Shuffle as the dongle, so the thief is more likely to separate the two
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
From TFA, it sounds like the documentation was added to their website recently, it wasn't there before. Also, the 'help' for the command-line tools doesn't display those options.
Read again, please.
GPG and PGP Or did I misunderstood you?
Let me just get it straight. It's easier for you to accept that PGP has a malicious backdoor than it is to accept that they have a sensible feature that is quite useful (if ill-documented, but apparently it's mentioned in the knowledge base)?
A small dose of paranoia is healthy, but we're talking about a feature that has to be activated by someone who actually has access to the keys to begin with, that is, supposedly, valid for only one reboot, and that has a very valid use case.
With propretary software, there's no way to know. It could have any number of malicious or ill-conceived/insecure features. Why risk it?
-- The act of censorship is always worse than whatever is being censored. Always.
So what they're saying is "Sorry you thought our product was secure. However, it's as least as secure as everybody else".
I don't understand what this post is about. This feature is fully documented on PGP's support website for customers. Saying this is only for big companies is not true in the least. On top of this you must know the password of the drive to even implement this feature. How is it a security risk? Your security is only as strong as your end user in this kind of scenario. An end user could just as easily give someone their password. We need to be careful in the security world when making allegations like this before knowing the truth. If you own a PGP product and have a support contract you can view the documentation here. http://support.pgp.com/
"... our kids will grow up in a Brave New World and the old world is never coming back."
A better world will be available to us if we get rid of the corrupters, weapons investors, and oil squeeze investors, and begin again insisting on the rule of law.
"Your proposed issues are only do [due] to lazy IT departments and would fail any real security audit."
Does that mean you agree? The only real reason to do things the PGP way is because of surveillance by the secret police?
I don't completely understand what you said, and the documentation of TrueCrypt is less than perfect (but still quite good).
I will experiment with the method you suggest. Sounds interesting.
Of course, TrueCrypt does not allow full hard disk encryption. The boot partition needs to be unencrypted, I think.
If I were to evaluate said product it's something I'd like to know, in advance and fully documented, not hidden somewhere. The whole purpose of documentation is, well, to document things not to leave them for someone surfing extra docs on their website.
If they'd been open about it wouldn't even have made Slashdot, so it's a bit of an own goal - now they have to go and explain it all against a tide of misunderstanding. On stuff like this full disclosure is the better path to take IMHO.
Insert
OpenPGP is an IETF standard. Just like S/MIME and ASN.1
http://www.ietf.org/rfc/rfc2440.txt
http://www.faqs.org/rfcs/rfc3156.html
That is precisely why, a few years ago, I independently developed my own encryption algorithm, which I use when I need to send something securely over the internet. I use an 11.5 million bit key (it can be any length but I like to fuck with the feds) stored on a USB flash drive so that even GOD can't decode it before the end of the Universe. The code is efficient and very fast (it would have to be with a key of this length). If you are monitoring this Big Brother, there'll be a cold day in hell before I write in a back door for you . . . and you'll have to pry the source code out of my cold dead fingers to get your greedy little meat-hooks on it. Consider it my way of flipping-off the New World Order.
Now folks will question the integrity of the product and they've now got a potential liability issue on their hands because as sure as the sun rises in the west, some lawyer will figure out how to use this to shift the blame for the loss of employee/customer data that should have been encrypted that wasn't.
Mod me up/Mod me down: I wont frown as I've no crown
All I have to say is that my past experience with a big cooperation within IT it was possible to bypass PGP. But thats all I can really say about that.
I heard the software also lets you uninstall PGP. That would leave your disk WIDE OPEN. And they call that security. HAHAHA. What a piece of crap software. I hope PGP burns in hell.
Because a backdoor can just as easily be slipped into open source software, if not more easily since everyone's assuming "Oh it's open, someone else is looking for backdoors." On top of that, when things go south there's no one to point the finger at and no one to go to for support.
Look at all the security flaws that have popped up in Firefox over the past two years that could have led to a complete security breach on a user's machine. Most were probably just innocent mistakes, but what if they were intentional? How would we know? And who could we blame?
Putting a GPL license on something doesn't automatically make it pure and holy.
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
It's a bypass. You've got to build bypasses! Besides, you should've made your protest months ago. These plans have been on display at the planning office now for a year.
Pompous or no, suddenly discovering a way to bypass my full-disk encryption, whether it be "only on the next boot" or not, makes me suddenly very leery of this closed-source software. What if they *DID* put in another backdoor? IMO, this gives PGP's credibility a fatal error.
As another poster stated, "In security software, any undocumented feature is a bug."
It feels to me very much like this "undocumented feature" was obfuscated by being not in the manual. I don't care if it's available if I jump through 17 hoops and happen to land in the right spot on their forums, it should have been documented from the get-go. It feels to me like they tried to hide it by burying it in the forums instead of coming right out and saying it in the manual. Preferably in BOLD TYPE.
As is commonly known, "Security through obscurity is not security."
--
My dogma ate my karma.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
It is unused by default. Short of modifying the PGP Boot Guard's binary, you cannot disable the feature permanently, which means any user--not just an admin-- can use this feature.
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
However, I can think of several large corporations that would require something like this and would have contracts large enough to justify changing the product for.
There is *NO* reason for changing the entire product to add a feature that only a few megacorps need. If a large corporation needs a backdoor, then create a backdoor version and a non backdoor version.
When our name is on the back of your car, we're behind you all the way!
Nope, but at least it means that you can check for malicious features if you want to.
Take PGP Whole Disk Encryption for example. There was a questionable feature recently and we can't look to see if there were more. If the source were published, someone considering the software could audit it to see if there are any other questionable features.
-- The act of censorship is always worse than whatever is being censored. Always.
I'm working for secure-co ..supposedly I work on my own secret project, but
..ahh...I seize the opportunity. ..I quickly unplug the network and remove the hard drive...boom I've
my boss has secret info that I want to know, but he always logs off when
ever he leaves...
One day when my boss is gone, I see his laptop
turn off automatically
got his info without anyone knowing, and better yet..no one is even around
because it's all done remotely. I steal the data, and recheck the automatic
authentication, and reconnect it back to the network and turn it
off....quietly slip out of the room..
Note...I never had to have access to his password..I just know that an
automatic reboot, means vulnerability.
Umm... I don't even know where to start to answer your question. I'm not sure what your question has to do with anything.
The best I can tell is that you think I am incorrectly saying that GPG is closed source. If that's what you're saying, I have no idea why you're saying it --I didn't even mention GPG. If that's not what you're saying, then I have no idea, so please enlighten me.
In the meantime, I'll elaborate. Phil Zimmerman created PGP and made it open source (though the term "open source" itself wasn't used at the time). PGP got sold to NAI, which stopped making it open source (ie. they added to the software and distributed binaries only without source). NAI sold the rights to PGP Corp.
Technically, it was NAI, not PGPCorp, that closed the source of formerly open source PGP. PGPCorp bought the ex-open-source PGP. Currently, PGP is not open source.
You can check http://www.fabianrodriguez.com/encryption/ for more info.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
What precisely stops you doing this with PGP ?
Their source is open to download and audit (just not Free for use/modification/etc.). They even state that their entire source control system is open for customers to audit:
"Customers can thus examine every check-in made to the sources by all its developers from 1997 to the present."
How could GPL make a difference to auditability ?
Still, can happen.
Was it on the blue carbon triplicate?
Nice reference.
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
Don't let the troll keep this post down. Just because the troll doesn't understand that there are threats involving this "feature" that really can expose data on disk without knowledge of the password, doesn't mean that the rest of us don't want to read this AC post.
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
...is that you?b
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
Just from looking at your post history it's like you refuse to RTFA and continue with your denial. What's in it for you? Worried about stock price or profit sharing or something? Or do you work there and this is your bad design/feature that's being ripped?
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
the NSA requires backdoor access to all major operating systems and encryption products.
They're using their grammar skills there.
1) As someone else pointed out, you CAN audit the source
2) Being able to audit source code does nothing to prove that the binaries you're running are actually based on the source code. The backdoor might be put in by the compiler, and the compiler may put the backdoor in itself if it recompiles itself. Sound far fetched? It's already been done.
3) Even assuming you can prove that there's no obvious backdoors in the code, you're conveniently ignoring my point about Firefox: most every open source application has "bugs" in it that allow a serious security breach. ALL interesting software has a potential to have them. But what looks like a bug could just be a cleverly crafted backdoor. If I was putting a backdoor in my code, I sure wouldn't put comments around it saying "this is a backdoor", I'd make it look like a one-off error or buffer overflow and just depend on the fact that they can go undiscovered for years, even with Open Source software. So yes, you could theoretically audit the code and PROVE it's bulletproof, but good luck on that one, that's like solving halts().
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Those are all neat points. Someone makes them every time this discussion comes up. Here are some responses:
-- The act of censorship is always worse than whatever is being censored. Always.
Hmmmmm.....
I'll bet that "Unnamed Customers" means Big Brother and his minions.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
There appears to be a group of people who attack negative mention of the Bush administration. The parent comment was moderated to +4 for several days, and now it is down to 0. I'm guessing someone in the Bush administration has thousands of accounts, so that some will always have moderation points.
- This is a facility where someone who has accessed the disk using the keyes can set an option so that the next boot will not need a passphrase
- This only covers one boot, for remote startup, etc. The system resets to normal operation
- This only affects users who deliberately enable this feature
- Those users ar only affected if the PC is stolen after the feature is enabled and before the next boot
This is not some security hole, or government backdoor. It is a facility that some people need and most will never enable.I didn't realise the US Government was a customer of PGP.
Okay, so let me explain why I'm telling you the software doesn't work like this. Here's the key thing to remember: the pre-boot lockout is not the thing protecting data on the disk.
Here's a scenario:
1) Install PGP and encrypt the drive.
2) Reboot
3) Turn on the bypass for the next reboot
4) Shutdown
5) Remove the drive and stick it (or copy of the drive) in another computer as a secondary drive
6) Try to access the drive
From your posts, it appears you think you'll see all the files. The simple fact is that you won't. It will appear as an unrecognized volume. That's because the files are still encrypted. The operating system will not be able to access the files. You're screwed.
The whole bootloader is just another step of lockout. First there's bootloader, then there's the windows login. Again, the bootloader is not the thing that "turns off" encryption on the drive after you get past it.
I was already assuming this was how it works because to do it otherwise would be quite foolish. I thought back to the parallels of how Windows works when you turn on encryption for certain files. The delay in most post was because I wanted to check this out with the real product to make sure my assumptions weren't bad. And guess what? I was right. I tried this out in the real world with the real product and the volume was still encrypted even though the bootloader password was bypassed.
Just for completeness sake, I'll refer to my other post about why this attack will get you a useless (encrypted) hard drive.
The sad thing is that the much more obvious way you'd want to do this is through a hardware keylogger. This is especially true since the first thing you do after turning the computer on is enter the password. You'd just have to look for the first keystrokes after a power-on followed by enter. Simply stick the keylogger on and return the next night to copy the hard drive. Keyloggers are the real weakness in any of these encryption schemes. To get around that, they should create a graphical keyboard with all the keys randomly assigned around the screen. You'd then have to use the mouse or arrow keys to move to each letter in your password. This would defeat the keylogger, though it would make you more open to shoulder surfing (maybe make the letters really small and at the bottom of the screen).
"If you change your password, you only change the header."
Thanks for the information. The TrueCrypt web pages are poorly written. Now I realize that TrueCrypt is very much ready for large companies. I've found TrueCrypt to be perfectly reliable, and it is open source and free, so there are no other barriers.
So the problem there is the technician, not the technology. You could have just said "Friday: Technician faxes key to thieves, tells them where to break in and what to steal".
Ok, so imagine there's a piece of malware out there that doesn't do anything except look for PGP FDE... and turn this feature on. It doesn't necessarily even need to be "in the wild"... It gets sent to a specific user, using whatever delivery method - be it email, mailed software, hacking, or even just an autorun.inf on a thumbdrive (people will cheerfully stick unknown USB drives they found in the parking lot into their work pc, it's been done).
So now, every time the system boots, it skips the passphrase. The user doesn't think anything of it (if they even notice), and later in the week, or maybe even that night, their pc is stolen. Oops, good thing we're using FDE and no one can get to our data!
The next day, Bob's entire department starts getting emails from the thief, thanking Bob for leaving his disk unencrypted. Complete with those nasty photos he had hidden under "TPS Reports" in "My Documents". And all the details on the company's latest project, which he had under "Top Secret" in "My Documents".
Bob, you're fired.
No, I can think of a number of situations where this could be exploited... some of them without even leaving the corporate chain. For example...
Bob has angered Sally by turning down her offer of a dinner date. Sally, being emotionally unstable, decides to ruin Bob's life. Sally thinks of the security lecture they all got yesterday when someone left a floppy lying unattended on a table. the one where the boss said he'd fire the next person he found not following security policy and procedure to the letter.
Sally drops the aforementioned piece of malware on Bob's computer while he's off freshening up his coffee, and then goes and gets the boss. She points out to the boss that Bob is not adhering to company policy as pertains to the disk encryption, as his system does not ask for the FDE password when it boots up. Boss reboots Bob's computer, and lo and behold, there's no password.
Bob, you're fired.
The possibilities are endless. No, they don't all require someone getting mad at Bob, but it's more fun that way. Bob getting fired is just my way of saying that bad things happen.
--
You don't have to be crazy to post here, but it helps.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.