Slashdot Mirror


Undocumented Bypass in PGP Whole Disk Encryption

A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

7 of 316 comments (clear)

  1. Re:Fine by me.. by JackMeyhoff · · Score: 0, Flamebait

    They also just lost credibility. Something that one needs in this kind of business. They shall now be treated as DISHONEST. Lets hope their unnamed big customer can afford to keep PGP in business as they lost mine. They can pay for my business PGP lost. Lets hope they are actually big enough.

    --
    http://www.rense.com/general79/wdx1.htm
  2. There's a word for that. by morgan_greywolf · · Score: 0, Flamebait

    It's called a 'backdoor'. If you're building backdoors into your disk encryption product, I don't want it. This is just another example of where free / open source software shines: you can know there are no backdoors in the tool because you have the source and can verify it for yourself.

  3. Worse by Valdrax · · Score: 0, Flamebait

    All of the performance penalty -- none of the security benefit.
    It's purely crapware at this point. It eats CPU cycles to do nothing useful.

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  4. Undocumented Features != Security Product by Seismologist · · Score: 0, Flamebait

    Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality.



    I wonder how this "undocumented feature" became a requirement? The article was vague about this and so was Mr. Callas's response. My tinfoil hat definition of "requirement" in this case is that a confidential US government agency swooped in and told them, make a back door or else... [insert some political pressure argument here]. The more rational and corporate version explanation I can think of is that certain people feared that losing the pass phrase will essentially lose everything which is not acceptable.


    If the requirement is a legal requirement a la Patriot Act or whatever, it should have been mentioned by Mr. Callas. I don't see how he can be compelled without some legal reason to provide what is essentially a back door for the product on which his corporation relies on for its business, especially considering the potential loss in consumers confidence that there are no additional "undocumented feature(s)" in the product.

    --
    ~ In Trust, We Trust ~
  5. Not turned off by default by A+non-mouse+Coward · · Score: 0, Flamebait

    The feature is there. It's not turned off in the sense that at every boot, the PGP Boot Guard is checking for the existence of the ("backdoor" or whatever noun you wish to use) account and attempting to decrypt the Volume Master Key with a static passphrase of hex x01.

    It would be "disabled by default" if that function call did not exist in every customer's installation, until enabled later.

    --
    libertarian: (n) socially liberal, financially conservative; neither left, nor right.
  6. You missed the point. What else are they hiding? by KWTm · · Score: 0, Flamebait
    I'm sorry, what kind of answer is that?

    Did anyone read the response?
    Seriously, customers require this so IT staff can do remote support and reboot the machine remotely. It is only enabled for one reboot, and you must have cryptographic access to enable this feature. The only threat is if someone where to enable this, not reboot, and then have the machine stolen.

    So, PGP Corp takes an open source product and closes its source. They don't document this backdoor. When discovered, they say, "Well, okay, it's just so that we can reboot once."

    You believe them?

    I mean, did you believe them when they failed to mention this "feature"? When they forgot to document it? What else have they omitted? What if, a few months down the road, they say, "Well, there's this other feature that lets you reboot twice." And then later, "Three times. Yeah, we haven't gotten around to documenting that either."

    The way they describe it in
    CTO/CSO Jon Callas' response, it doesn't sound like as much of a security flaw as I feared. But the question is, why was it there, with no documentation?

    Closed source crypto is already under suspicion from me as a matter of course. The fact that we have an actual case of an undocumented "feature" only confirms that I should stick with software that's verifiable.
    --
    404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
    [GPG key in journal]
  7. That's What Forks are For. by camperdave · · Score: 0, Flamebait

    However, I can think of several large corporations that would require something like this and would have contracts large enough to justify changing the product for.

    There is *NO* reason for changing the entire product to add a feature that only a few megacorps need. If a large corporation needs a backdoor, then create a backdoor version and a non backdoor version.

    --
    When our name is on the back of your car, we're behind you all the way!