Undocumented Bypass in PGP Whole Disk Encryption

A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

What's the big deal?

[kismet666]

Its not enabled by default, its a feature that makes sense for servers that sit in a datacenter or a remote location. The PGP exec is correct, other full-disk encryption vendors offer similar features. Its not some sort of evil backdoor for Phil Zimmerman to come laugh at your paltry collection of porn.

Re:Fine by me..

[JackMeyhoff]

Welcome to Slashdot :) Now, Will somebody ban this riff raff for reading the article. Thanks,

Re:Fine by me..

[Dogtanian]

Welcome to Slashdot :) Now, Will somebody ban this riff raff for reading the article. Thanks, My apologies; I had you down as the stereotypical self-important, not-as-smart-as-he-thinks-he-is geek on the basis of your original comment.

Having seen this "witticism" (which you already posted in similar form elsewhere in this thread), I checked your comment history and realised that you're actually closer to the "moron who posts inane comments under the mistaken impression that they're funny".

The irony is that you probably dashed off the original message without reading the article in a vain attempt to get an "insightful" first post... all it shows is that you lack any insight whatsoever.