Slashdot Mirror

← Back to Stories (view on slashdot.org)

Undocumented Bypass in PGP Whole Disk Encryption

Posted by Zonk on from the seems-to-defeat-the-purpose dept.

A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

16 of 316 comments (clear)

  1. unnamed customers by underwhelm · · Score: 5, Funny

    Maybe they were unnamed because there is No Such Agency?

    --

    I don't need large brains to have a good time.

    1. Re:unnamed customers by moderatorrater · · Score: 4, Insightful

      A backdoor that's documented, although poorly, that you can disable and requires access to the unencrypted disk beforehand? If it were the NSA they wouldn't have allowed it to be documented and you couldn't disable. However, I can think of several large corporations that would require something like this and would have contracts large enough to justify changing the product for. Paranoia doesn't seem to be justified in this case.

  2. Did anyone read the response? by duplicate-nickname · · Score: 5, Interesting

    Seriously, customers require this so IT staff can do remote support and reboot the machine remotely. It is only enabled for one reboot, and you must have cryptographic access to enable this feature. The only threat is if someone where to enable this, not reboot, and then have the machine stolen.

    Why does crap like this make it to the front page of Slashdot?

    --

    ÕÕ

    1. Re:Did anyone read the response? by Lothsahn · · Score: 4, Informative

      They do have access to the keys. That's the point.

      They need to do unattended automated reboots of thousands of computers. These are enterprise customers.

      They have the encryption key, and they want to apply security updates and reboot the computers. When the employees come to work in the morning, they expect the computers to be on and operational, as they left it.

      If you don't use the feature, then it poses no risk. If you need to apply unattended updates to computers on a large scale, going to each computer and typing in the passphrase is not practical.

      This is a non-issue, and a FUD article. You need to have UNLOCKED access to the encrypted volume to enable this feature.

      Normal users using PGPDisk and not using this feature are at no greater risk for it existing.

      --
      -=Lothsahn=-
  3. to put out some of the flames by trybywrench · · Score: 4, Insightful

    from the response:

    "We call it a passphrase bypass because that is what it is. It is a dangerous, but needed feature. If you run a business where you remotely manage computers, you need to remotely reboot them."

    and

    "You cannot enable the feature without cryptographic access to the volume. If you do not have it enabled, you are not affected, either. I think this is an important thing to remember. Anyone who can enable the feature can mount the volume. It is a feature for manageability, and that's often as important as security, because without manageability, you can't use a security feature."

    makes pretty good sense to me

    --
    I came to the datacenter drunk with a fake ID, don't you want to be just like me?
    1. Re:to put out some of the flames by MalleusEBHC · · Score: 4, Interesting

      Also, from his wording, it sounded like it is not enabled by default. In other words, you can actively choose to sacrifice a bit of security in order to make it work properly in your environment. Sounds like a nice feature to me.

    2. Re:to put out some of the flames by mritunjai · · Score: 5, Insightful

      You're missing the point!

      Yes, it is a nice(TM) feature and might be useful, but that is not the problem.

      The problem is that the feature is fricking undocumented. There is absolutely no way to know it is there and how to look out for it. It also means that you can't just know how many of these backdoors are in there. Is it only the first undocumented backdoor ? How many more of the convenience features are in there by customer demand ? How do they affect me ?

      When it comes to security software or hardware any and all undocumented features are BUGS! It's a principle, not a convenience!

      --
      - mritunjai
  4. Re:PGP or not so PGP? by dave420 · · Score: 4, Informative

    If you RTFA you'd see this feature is needed for anyone who remotely-boots their encrypted drive. The feature is not a backdoor - it has to be enabled by someone with cryptographic access to the drive, and it only works once per setting - reboot, and it's disabled. The only way this could be a security issue is if it's enabled, and before the drive boots up again, the drive is stolen. Features like this are needed, as without them, the drive is useless for remote management, and people won't use encryption, which is obviously far more insecure than having this feature and using it correctly.

  5. Re:Fine by me.. by illegalcortex · · Score: 5, Informative

    RTFA or at least TFComments (though that might be difficult in your rush to be first post). As many have pointed out, to turn on the feature, you have to already get past the encryption. It's not a "backdoor" in any sense. Someone who doesn't already know the passphrase can't use it to get access to the drive. Plus, this feature is turned off by default so the user has to actively enable it. You enter the passphrase, reboot the computer and on THAT boot, it doesn't ask you for a passphrase. Next reboot it does.

    This actually DOES sound like a very good feature and I would hope other products have it, too. Wish the editors would RTFA, too...

  6. Many products allow disabling preboot auth by bongk · · Score: 5, Informative

    There is an inherent flaw with many of the commercial laptop full-disk encryption solutions out there. I have the most experience with Utimaco's Safeguard Easy, but I know many of the other big players have the same fault -

    The software has a feature called "Pre-boot Authentication", by which the encryption software is loaded after the bios, but before the (generally Windows) operating system. The user's password is used to generate the decryption key, so theorhetically not even the NSA could decrypt the laptop without the user's password.

    Here's the flaw - the software has a checkbox to disable Pre-boot authentication. What this does is generate a default user with a random password, and then store this random password obfuscated but in clear-text in the same disk area decryption software. When you talk to the sales-people, they sell this as a feature, in fact about half of Utimaco's customers (so I'm told) run it in this mode because the encryption becomes transparent and it is much less intrusive on the user. (Basically the disk is automatically decrypted each time the laptop is booted, but you have to have a valid Windows login to get in.) Buried in the help documentation are warnings "For security reasons, you should Never disable pre-boot authentication". So the engineers and the company know the weakness of disabling pre-boot authentication, but they don't tell their customers when they sell the software.

    Today it seems to break into these laptops with pre-boot authentication disabled you would need somewhat sophisticated tools and techniques, basically the same tools and techniques people commonly use to "crack" commercial software today. But I'm guessing that it won't be very long before someone takes the time to build this crack and releases it, rendering the laptop encryption useless to anyone who can Google for "Utimaco Crack", etc. Basically all the crack would need to do is grab the default user's password off the disk and use or duplicate the decryption algorithms that are also in clear-text on the disk.

    I've talked to a number of IT security folks, and basically it seems like most people trust the sales folks and don't understand that its basically impossible to have strong encryption without having the decryption key stored off the disk (like on a smart card, or in the brain of the user.)

  7. Re:Why is he modded down? by PylonHead · · Score: 4, Informative

    Because he failed to read the article correctly.

    There isn't a backdoor. If you encrypt your hard drive, then lose it, nobody can read it.

    If on the other hand, if you've encrypted your boot disk, and you want to remotely reboot your machine, you're going to need someway to feed the password to it before it can bring up the OS (and the networking layer).

    This feature allows you to store a password for 1 time use. Then you reboot the machine, and when it comes up, it reads the password and erases it.

    It's a useful feature. Doesn't effect you if you don't use it. Even if you do use it, you'd have to set the password then forget to reboot for it to be a problem.

    Basically this whole story is a non-issue. The moderation on the grandparent is a reflection of his failure to reason through this.

    --
    # (/.);;
    - : float -> float -> float =
  8. Re:Fine by me.. by Dogtanian · · Score: 4, Insightful

    They shall now be treated as DISHONEST. Lets hope their unnamed big customer can afford to keep PGP in business as they lost mine. They can pay for my business PGP lost. Lets hope they are actually big enough. From everything that's been said, it seems that the worst that PGP can be accused of is not making clear the security implications of a feature that should have been better documented. And that's arguably quite bad- the worst case is a clueless user turning it on and feeling more protected than they should.

    However, the feature isn't enabled by default. It requires cryptographic access *and* knowledge of its existence to turn it on. And if you already have cryptographic access, then the whole issue is academic.

    You pompously declaring it "DISHONEST" in capital letters smacks of the typical random-geek's kneejerk first post on a messageboard thread. And FWIW, I don't know how much your oh-so-important business with them is worth anyway; I suspect that the other client probably *was* worth more. (Of course, it's quite plausible that the views of *many* smaller clients who disliked the feature would be a serious counterweight. However, if you're going to act like your *individual* view carries so much weight, expect scepticism).
    --
    "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
  9. There was GPGDisk by Kadin2048 · · Score: 4, Interesting

    The GPG program that you download doesn't do full-disk encryption; it's pretty purely a file/stream encryption program. I suppose you could use it for disk encryption, by streaming data through it on its way to and from a device, but that's not how it's normally used.

    There is/was a program around that used GPG to do FDE, called GPGDisk. I'm not sure whether it used your installed copy of GPG to do the heavy lifting, or if it just included the same code, or worked using the same algorithms but had its own totally separate crypto engine. It was reasonably popular for a while, but I think a lot of people who were using it have now switched to TrueCrypt.

    However, GPGDisk did offer some unique features, like the ability to encrypt a disk using a GPG key, and some fairly fine-grained access controls that you could set up for multiple users (IIRC). Every once in a while someone will mention it on the comments on Bruce Schneier's blog, so apparently it's still getting some use. But it doesn't offer some of the neater features that TrueCrypt does, like plausible deniability or containers-in-containers, I don't believe.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  10. PGP Does Open Source for Peer Review by A+non-mouse+Coward · · Score: 4, Insightful

    But ... PGP has a peer review, open-source process. They're just a commercial product, too. [In other words, it violates the terms of service for you to compile their source code and use it without licensing it.]

    --
    libertarian: (n) socially liberal, financially conservative; neither left, nor right.
  11. Re:closed source encryption software??!! by OfficeSupplySamurai · · Score: 5, Informative

    Come on, why would you even consider using such a thing? Because the source is available without cost, you just fill out a form, and then you can download it. It's not free software, but the source is not a secret either.
  12. Re:"Unnamed Customers" by StrongAxe · · Score: 4, Informative

    How much do you want to bet that "unnamed customers" are synonymous with "various federal and state police agencies, DOD, and NSA"?

    From TFA, those "unnamed customers" are companies that have the need to remotely reboot their machines. This feature is NOT a backdoor - it merely allows someone WHO ALREADY HAS WRITE ACCESS TO THE ENCRYPED DRIVE (i.e. someone who has already given the passphrase) to grant a one-time certificate that permits a reboot without asking for the passphrase again. The major risk here is that someone will rob your store during the 60 seconds it takes to reboot over the phone, a possible, but highly unlikely scenario.