Undocumented Bypass in PGP Whole Disk Encryption

A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

We all knew it was over

[Deagol]

When Phil sold out and went commercial with PGP. He may have saved face by leaving shortly thereafter, but it was too late. With monied interests involved, everyone knew the product's integrity was in question from the first day of the announcement. This just proves that you cannot trust a proprietary product for something as important as encryption.

Re:Fine by me..

[JackMeyhoff]

Its not like anybody ever re pastes on Slashdot oh no they wouldn't do that ever.

Re:And People Wonder Why Open Source!

[SerpentMage]

Yes you are right...

If I may use a metaphor...

My door is strong enough to withstand a bomb, but not a nuclear bomb. I can live with that, since most people don't have access to nuclear devices. It is a risk I know I am taking.

Yet with the example illustrated it is as if I had the same door, and beside it a door that only opened once and could be opened with ease.

Christian