Slashdot Mirror


Undocumented Bypass in PGP Whole Disk Encryption

A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

7 of 316 comments (clear)

  1. why by Anonymous Coward · · Score: -1, Redundant

    What use is encryption if there is a backdoor?

  2. Huh? by Jaysyn · · Score: -1, Redundant

    Unnamed customers? No Such Agency?

    --
    There is a war going on for your mind.
  3. PGP or not so PGP? by 192939495969798999 · · Score: -1, Redundant

    I can't believe anyone would bother with a whole-disk encryption that had a back door password/etc... This would violate any sort of security requirements about sensitive data. The whole point is that if someone steals the pc, it becomes a useless brick, not that they can magically "recover" all the millions of SSN's on there or whatever else isn't supposed to be there in the first place.

    --
    stuff |
  4. We all knew it was over by Deagol · · Score: 0, Redundant

    When Phil sold out and went commercial with PGP. He may have saved face by leaving shortly thereafter, but it was too late. With monied interests involved, everyone knew the product's integrity was in question from the first day of the announcement. This just proves that you cannot trust a proprietary product for something as important as encryption.

  5. Re:Fine by me.. by Anonymous Coward · · Score: -1, Redundant

    Lets hope their unnamed big customer can afford to keep PGP in business as they lost mine.

    Unless you have a $3,000,000,000,000 per year budget, that sentence of yours is moot.

  6. Re:Fine by me.. by JackMeyhoff · · Score: 0, Redundant

    Its not like anybody ever re pastes on Slashdot oh no they wouldn't do that ever.

    --
    http://www.rense.com/general79/wdx1.htm
  7. Re:And People Wonder Why Open Source! by SerpentMage · · Score: 0, Redundant

    Yes you are right...

    If I may use a metaphor...

    My door is strong enough to withstand a bomb, but not a nuclear bomb. I can live with that, since most people don't have access to nuclear devices. It is a risk I know I am taking.

    Yet with the example illustrated it is as if I had the same door, and beside it a door that only opened once and could be opened with ease.

    Christian

    --

    "You can't make a race horse of a pig"
    "No," said Samuel, "but you can make very fast pig"