Undocumented Bypass in PGP Whole Disk Encryption
A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."
"encryption bypass" ?
That basically turns the entire thing into a physiological magic trick.
And if anyone else can enable it, then they already have access to your computer anyway.
from the response:
"We call it a passphrase bypass because that is what it is. It is a dangerous, but needed feature. If you run a business where you remotely manage computers, you need to remotely reboot them."
and
"You cannot enable the feature without cryptographic access to the volume. If you do not have it enabled, you are not affected, either. I think this is an important thing to remember. Anyone who can enable the feature can mount the volume. It is a feature for manageability, and that's often as important as security, because without manageability, you can't use a security feature."
makes pretty good sense to me
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
When it comes to encryption it is exactly for this reason why I use the "clunky", "hard to configure", "no GUI" Open Source!
I know what I have, and what I get, and what others cannot get... Not that I have anything to hide. Just that I like my privacy.
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
A backdoor that's documented, although poorly, that you can disable and requires access to the unencrypted disk beforehand? If it were the NSA they wouldn't have allowed it to be documented and you couldn't disable. However, I can think of several large corporations that would require something like this and would have contracts large enough to justify changing the product for. Paranoia doesn't seem to be justified in this case.
They also just lost credibility.
Oh, I don't know. From the start, all the promised was Pretty Good Privacy. Not like Fort Knox, more like a combination padlock on an open-backed locker.
I find myself wishing more and more that Phil Zimmerman hadn't sold to NAI.
Does GPG have a full-disk mode? I think I could trust something with open source and reliable software freedom.
Welcome to the Panopticon. Used to be a prison, now it's your home.
However, the feature isn't enabled by default. It requires cryptographic access *and* knowledge of its existence to turn it on. And if you already have cryptographic access, then the whole issue is academic.
You pompously declaring it "DISHONEST" in capital letters smacks of the typical random-geek's kneejerk first post on a messageboard thread. And FWIW, I don't know how much your oh-so-important business with them is worth anyway; I suspect that the other client probably *was* worth more. (Of course, it's quite plausible that the views of *many* smaller clients who disliked the feature would be a serious counterweight. However, if you're going to act like your *individual* view carries so much weight, expect scepticism).
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
But ... PGP has a peer review, open-source process. They're just a commercial product, too. [In other words, it violates the terms of service for you to compile their source code and use it without licensing it.]
libertarian: (n) socially liberal, financially conservative; neither left, nor right.