While I agree with most of scottv67's response to your message, I did read some very interesting research correlating allergies and lack of hepatitis A infection. Google it and you'll see what I mean. What was really interesting is that they not only had the correlation, but they had the beginning of a causation theory based on a specific gene.
Calm down and wipe the froth away from your mouth. People are beginning to stare.
First off, not only did I try this myself, I actually bothered to contact the PGP support people and walk through the scenario with them. This is from their response:
Not quite. Enabling boot bypass doesn't cause the data to be decrypted. So in your scenario, someone looking at the drive would still only see encrypted data.
When they say the disk is "open" in the original quote, they don't mean it is readable or unencrypted. So you're really taking the quote out of context and making people think something that isn't true.
The bone I had to pick with your attack scenarios was that you left out the very key part about someone having to figure out how to crack the loader code and figure out how to do anything with the encrypted data they now had. This would not be a trivial process. Could it be done? Sure, I imagine so. But without adding this into your janitor scenario, you paint a completely different picture.
The simple fact is that security worries should always tempered by reality. You freak out about this situation, even though the reality is that before you even bring up the issue of the disk bypass, the system is already compromised. This is because you have unobserved physical access to the hardware. As I said before, hardware keyloggers would be a much easier way to go. In addition to this, if someone wants they can actually add a PGP virtual disk which actually WOULD still be safeguarded even if the bootloader was cracked. They could also (and this is a shocker) lock the door after them. I know the janitors don't have a key to the bosses office in MY building. And we don't really do anything that would be considered "sensitive." Of course, then you'd probably complain because it would be possible for you to pick the lock given time or break the door down.
It's all about trade-offs between convenience and the actual reality of the threat. You don't seem to get this, and it makes me tired of this discussion, too. To pretend that any security product lives in an isolated world not completely connected to other factors is fantasy. You come up with this supposedly perfect scenario that you think shows up the product, but then you refuse to take in all the other factors that come into play with ANY product. So yes, I'm tired of this too and don't see any point in trying to help you figure it out.
Pompous or no, suddenly discovering a way to bypass my full-disk encryption, whether it be "only on the next boot" or not, makes me suddenly very leery of this closed-source software. What if they *DID* put in another backdoor? IMO, this gives PGP's credibility a fatal error.
Just FYI, as I explained here, bypassing the preboot password does not actually leave your disk unencrypted. So I think you can feel a bit safer. The more I investigate this story the more I understand that it's all just wild assumption and theorization. If you don't believe me, try this "backdoor" on your own system and see if you can break in. Bet you can't.
Those users ar only affected if the PC is stolen after the feature is enabled and before the next boot
And actually, it doesn't even affect them, in that the disk is still encrypted and will be unrecognizable when stuck in another machine or booted with a boot disk. Bypassing the preboot password doesn't actually unlock the hard drive.
I'd just like to point out that bypassing the boot authentication doesn't actually leave your disk unencrypted. It's just another step in the chain. Even bypassed, the disk is still encrypted and would not be recognized when you try to access it from another computer/boot disk/etc.
Just for completeness sake, I'll refer to my other post about why this attack will get you a useless (encrypted) hard drive.
The sad thing is that the much more obvious way you'd want to do this is through a hardware keylogger. This is especially true since the first thing you do after turning the computer on is enter the password. You'd just have to look for the first keystrokes after a power-on followed by enter. Simply stick the keylogger on and return the next night to copy the hard drive. Keyloggers are the real weakness in any of these encryption schemes. To get around that, they should create a graphical keyboard with all the keys randomly assigned around the screen. You'd then have to use the mouse or arrow keys to move to each letter in your password. This would defeat the keylogger, though it would make you more open to shoulder surfing (maybe make the letters really small and at the bottom of the screen).
I really don't know why you're so full of vitriol towards me. You repeatedly stoop to ad hominen attacks and post multiple times calling me a troll and claiming I work for PGP (I don't). But the simple fact of the matter is that the theft wouldn't net you an unprotected hard drive. The hard drive would still be encrypted and you'd have to know the password to get the data off it. The preboot thing is just there as another level of protection, not as the main one. I lay it out step by step in this post. This should so you that your comment "Then a random theft (get it? by somebody who doesn't know squat about PGP WDE) has access to data whilst admins think all is safe." is just simply untrue.
So please, stop calling people names. It serves no purpose other than to drag down the level of discourse.
As I pointed out in this post, the drive isn't actually "unlocked". The bypass only lets you get past the first screen. You still wind up booting with an encrypted volume and have to know the password to get anything off it.
Okay, so let me explain why I'm telling you the software doesn't work like this. Here's the key thing to remember: the pre-boot lockout is not the thing protecting data on the disk.
Here's a scenario: 1) Install PGP and encrypt the drive. 2) Reboot 3) Turn on the bypass for the next reboot 4) Shutdown 5) Remove the drive and stick it (or copy of the drive) in another computer as a secondary drive 6) Try to access the drive
From your posts, it appears you think you'll see all the files. The simple fact is that you won't. It will appear as an unrecognized volume. That's because the files are still encrypted. The operating system will not be able to access the files. You're screwed.
The whole bootloader is just another step of lockout. First there's bootloader, then there's the windows login. Again, the bootloader is not the thing that "turns off" encryption on the drive after you get past it.
I was already assuming this was how it works because to do it otherwise would be quite foolish. I thought back to the parallels of how Windows works when you turn on encryption for certain files. The delay in most post was because I wanted to check this out with the real product to make sure my assumptions weren't bad. And guess what? I was right. I tried this out in the real world with the real product and the volume was still encrypted even though the bootloader password was bypassed.
I heard the software also lets you uninstall PGP. That would leave your disk WIDE OPEN. And they call that security. HAHAHA. What a piece of crap software. I hope PGP burns in hell.
I can't believe you made such a long post about a moot point. If you social engineer someone to give you the passphrase, you don't even need to use this feature. The passphrase is the whole thing encrypting the disk. If you have the passphrase, you ALREADY GOT THE ACCESS. You don't need any fancy reboot tricks.
Yes, great point. Also, how do we know it doesn't also print out the password if there's a printer atttached. Or, failing a printer being attached, how do we know it doesn't search the network for printers, print it out, email it to everyone in your contact list and altering your DNA through radio waves so that your children's first words will be the passphrase.
I mean, without documentation, it could be doing ANYTHING.
Either you still don't understand the feature, or you are willfully misinterpreting it. Once again, you must know the passphrase in order to unlock the data on the disk. If you know the passphrase, you already have access to the data on the disk, with or without this feature. Hence it is NOT a backdoor. A backdoor would mean you didn't need to know the passphrase. Knowing the passphrase is the FRONT door.
RTFA or at least TFComments (though that might be difficult in your rush to be first post). As many have pointed out, to turn on the feature, you have to already get past the encryption. It's not a "backdoor" in any sense. Someone who doesn't already know the passphrase can't use it to get access to the drive. Plus, this feature is turned off by default so the user has to actively enable it. You enter the passphrase, reboot the computer and on THAT boot, it doesn't ask you for a passphrase. Next reboot it does.
This actually DOES sound like a very good feature and I would hope other products have it, too. Wish the editors would RTFA, too...
The hole in your argument is that I never claimed kernel.org was a US website. Therefore, any conclusion drawn from what kernel.org does or does not do is moot.
Slashdot is a US website. Much as the New York Times is US newspaper, no matter how much it is read internationally. Both are published in the US and follow American English standards. To ignore this is to stick your head in the sand.
The problem is that if slashdot was as truly international and country-less as some seem to want it to be, it would be useless for most of its readers, be they Americans or otherwise. This is because rather than always posting the article summary in English and almost always linking to an English article, it would be just as likely it would be in Japanese, French, Russian, German, Italian, Spanish, Finnish, Swedish, Afrikaans, Thai, Cantonese, etc. Since most people only speak one or two languages, all of this would be useless clutter to them and they'd go elsewhere to a site that catered to the languages they do speak.
Well, we seem to be at an impasse in the debate, as I believe my arguments speak pretty clearly on why this isn't happening and is irrelevant at the current time in a discussion of nuclear energy reducing our need for foreign oil.
So I'll just come back to the point. If all your reasons above are true and don't have big caveats, why aren't we using it on all the coal we are exporting, considering oil is double the price point at which you say it becomes profitable?
You're really grasping at straws. First of all, this whole comment was directed at your ignorance of the link between oil and electricity generation. Please don't try to shift the discussion to something else to avoid the issue.
In 2005, we consumed 1125 million short tons of coal and had a net export of 19.4 million short tons. Why wasn't all of this extra coil sent through the amazing Fischer-Tropsch process that will set us free from oil? Economics. It's just not economically feasible until either the price of oil goes WAY up or until coal starts growing on trees. Synfuel produced from coal would have to receive massive subsidies in order to compete. You bring up Byrd being in favor of it. Should I point out that as a senator from coal producing West Virginia, he'd LOVE to get his hands on those subsidies? It's a nobrainer, just like someone from the midwest being in favor of producing ethanol (talk about subsidies).
If the FT process was such a magic bullet, I'd like to propose we'd already be using it on those 19.4 million short tons of coal we're exporting.
Oh, and then there's this, from that exact same wikipedia article:
One issue that has yet to be addressed in the emerging discussion about large-scale development of synthetic fuels is the enormous increase in primary energy use and carbon emissions inherent in conversion of gaseous and solid carbon sources to a usable liquid form, assuming the energy used to drive the process comes from burning coal or hydrocarbon fuels. Recent work by the National Renewable Energy Laboratory indicates that full fuel cycle greenhouse gas emissions for coal-based synfuels are nearly twice as high as their petroleum-based equivalent. Emissions of other pollutants are vastly increased as well, although many of these emissions can be captured during production.
So they pollute a lot more than using oil. So if you replaced oil with gas-to-oil, you increase greenhouse gases and pollution. It also puts off other pollutants, which you have to install a bunch of scrubbers to clean out and even then you only clean "many" of them. So why don't we put all the pollution capture stuff on the coal electricity plants and cut out the middle man? It can be done, the industry just avoids doing it. The US company Rentech mentioned in the article already has to do carbon sequestration to avoid spewing out CO2. Again, why not do that with the existing coal plants already?
The only real success right now with FT synfuels is with those using natural gas. It still has problems but it's not nearly as difficult as using coal. And then we're right back where we started, aren't we?
We rely too much on natural gas and petroleum. The exporters of those feel their power and twist the arms of the importers. The money made from gas and oil are insane and they are the foundation of too many of the world's tyrants and lunatics-in-power. Cut their revenue streams and they will suffocate.
We get almost all of our NG needs from our own domestic production. We import a little from Canada and Mexico and a fraction of that from Trinidad. We get a fraction of a fraction from a handful of other countries, none of which are Russia: http://tonto.eia.doe.gov/dnav/ng/ng_move_impc_s1_m.htm
Slashdot Mirror
While I agree with most of scottv67's response to your message, I did read some very interesting research correlating allergies and lack of hepatitis A infection. Google it and you'll see what I mean. What was really interesting is that they not only had the correlation, but they had the beginning of a causation theory based on a specific gene.
Calm down and wipe the froth away from your mouth. People are beginning to stare.
First off, not only did I try this myself, I actually bothered to contact the PGP support people and walk through the scenario with them. This is from their response:
Not quite. Enabling boot bypass doesn't cause the data to be decrypted. So in your scenario, someone looking at the drive would still only see encrypted data.
When they say the disk is "open" in the original quote, they don't mean it is readable or unencrypted. So you're really taking the quote out of context and making people think something that isn't true.
The bone I had to pick with your attack scenarios was that you left out the very key part about someone having to figure out how to crack the loader code and figure out how to do anything with the encrypted data they now had. This would not be a trivial process. Could it be done? Sure, I imagine so. But without adding this into your janitor scenario, you paint a completely different picture.
The simple fact is that security worries should always tempered by reality. You freak out about this situation, even though the reality is that before you even bring up the issue of the disk bypass, the system is already compromised. This is because you have unobserved physical access to the hardware. As I said before, hardware keyloggers would be a much easier way to go. In addition to this, if someone wants they can actually add a PGP virtual disk which actually WOULD still be safeguarded even if the bootloader was cracked. They could also (and this is a shocker) lock the door after them. I know the janitors don't have a key to the bosses office in MY building. And we don't really do anything that would be considered "sensitive." Of course, then you'd probably complain because it would be possible for you to pick the lock given time or break the door down.
It's all about trade-offs between convenience and the actual reality of the threat. You don't seem to get this, and it makes me tired of this discussion, too. To pretend that any security product lives in an isolated world not completely connected to other factors is fantasy. You come up with this supposedly perfect scenario that you think shows up the product, but then you refuse to take in all the other factors that come into play with ANY product. So yes, I'm tired of this too and don't see any point in trying to help you figure it out.
I'd just like to point out that bypassing the boot authentication doesn't actually leave your disk unencrypted. It's just another step in the chain. Even bypassed, the disk is still encrypted and would not be recognized when you try to access it from another computer/boot disk/etc.
http://it.slashdot.org/comments.pl?sid=318069&cid=20871667
Just for completeness sake, I'll refer to my other post about why this attack will get you a useless (encrypted) hard drive.
The sad thing is that the much more obvious way you'd want to do this is through a hardware keylogger. This is especially true since the first thing you do after turning the computer on is enter the password. You'd just have to look for the first keystrokes after a power-on followed by enter. Simply stick the keylogger on and return the next night to copy the hard drive. Keyloggers are the real weakness in any of these encryption schemes. To get around that, they should create a graphical keyboard with all the keys randomly assigned around the screen. You'd then have to use the mouse or arrow keys to move to each letter in your password. This would defeat the keylogger, though it would make you more open to shoulder surfing (maybe make the letters really small and at the bottom of the screen).
I really don't know why you're so full of vitriol towards me. You repeatedly stoop to ad hominen attacks and post multiple times calling me a troll and claiming I work for PGP (I don't). But the simple fact of the matter is that the theft wouldn't net you an unprotected hard drive. The hard drive would still be encrypted and you'd have to know the password to get the data off it. The preboot thing is just there as another level of protection, not as the main one. I lay it out step by step in this post. This should so you that your comment "Then a random theft (get it? by somebody who doesn't know squat about PGP WDE) has access to data whilst admins think all is safe." is just simply untrue.
So please, stop calling people names. It serves no purpose other than to drag down the level of discourse.
As I pointed out in this post, the drive isn't actually "unlocked". The bypass only lets you get past the first screen. You still wind up booting with an encrypted volume and have to know the password to get anything off it.
Okay, so let me explain why I'm telling you the software doesn't work like this. Here's the key thing to remember: the pre-boot lockout is not the thing protecting data on the disk.
Here's a scenario:
1) Install PGP and encrypt the drive.
2) Reboot
3) Turn on the bypass for the next reboot
4) Shutdown
5) Remove the drive and stick it (or copy of the drive) in another computer as a secondary drive
6) Try to access the drive
From your posts, it appears you think you'll see all the files. The simple fact is that you won't. It will appear as an unrecognized volume. That's because the files are still encrypted. The operating system will not be able to access the files. You're screwed.
The whole bootloader is just another step of lockout. First there's bootloader, then there's the windows login. Again, the bootloader is not the thing that "turns off" encryption on the drive after you get past it.
I was already assuming this was how it works because to do it otherwise would be quite foolish. I thought back to the parallels of how Windows works when you turn on encryption for certain files. The delay in most post was because I wanted to check this out with the real product to make sure my assumptions weren't bad. And guess what? I was right. I tried this out in the real world with the real product and the volume was still encrypted even though the bootloader password was bypassed.
Except that this isn't how the PGP thing works. You must be talking about some other program. Possibly written by leprechauns.
I heard the software also lets you uninstall PGP. That would leave your disk WIDE OPEN. And they call that security. HAHAHA. What a piece of crap software. I hope PGP burns in hell.
I can't believe you made such a long post about a moot point. If you social engineer someone to give you the passphrase, you don't even need to use this feature. The passphrase is the whole thing encrypting the disk. If you have the passphrase, you ALREADY GOT THE ACCESS. You don't need any fancy reboot tricks.
Yes, great point. Also, how do we know it doesn't also print out the password if there's a printer atttached. Or, failing a printer being attached, how do we know it doesn't search the network for printers, print it out, email it to everyone in your contact list and altering your DNA through radio waves so that your children's first words will be the passphrase.
I mean, without documentation, it could be doing ANYTHING.
Yes, because I said that, too.
It's people like you that make the internet such a lovely space for intellectual discourse.
Either you still don't understand the feature, or you are willfully misinterpreting it. Once again, you must know the passphrase in order to unlock the data on the disk. If you know the passphrase, you already have access to the data on the disk, with or without this feature. Hence it is NOT a backdoor. A backdoor would mean you didn't need to know the passphrase. Knowing the passphrase is the FRONT door.
Sheesh.
So, after you've read the article, you'll preserve YOUR integrity by apologizing for jumping the gun. Right?
RTFA or at least TFComments (though that might be difficult in your rush to be first post). As many have pointed out, to turn on the feature, you have to already get past the encryption. It's not a "backdoor" in any sense. Someone who doesn't already know the passphrase can't use it to get access to the drive. Plus, this feature is turned off by default so the user has to actively enable it. You enter the passphrase, reboot the computer and on THAT boot, it doesn't ask you for a passphrase. Next reboot it does.
This actually DOES sound like a very good feature and I would hope other products have it, too. Wish the editors would RTFA, too...
The hole in your argument is that I never claimed kernel.org was a US website. Therefore, any conclusion drawn from what kernel.org does or does not do is moot.
Slashdot is a US website. Much as the New York Times is US newspaper, no matter how much it is read internationally. Both are published in the US and follow American English standards. To ignore this is to stick your head in the sand.
The problem is that if slashdot was as truly international and country-less as some seem to want it to be, it would be useless for most of its readers, be they Americans or otherwise. This is because rather than always posting the article summary in English and almost always linking to an English article, it would be just as likely it would be in Japanese, French, Russian, German, Italian, Spanish, Finnish, Swedish, Afrikaans, Thai, Cantonese, etc. Since most people only speak one or two languages, all of this would be useless clutter to them and they'd go elsewhere to a site that catered to the languages they do speak.
Well, we seem to be at an impasse in the debate, as I believe my arguments speak pretty clearly on why this isn't happening and is irrelevant at the current time in a discussion of nuclear energy reducing our need for foreign oil.
So I'll just come back to the point. If all your reasons above are true and don't have big caveats, why aren't we using it on all the coal we are exporting, considering oil is double the price point at which you say it becomes profitable?
Second, you do realize the US is a net exporter of coal, right?
http://www.eia.doe.gov/neic/infosheets/coaldemand.html
In 2005, we consumed 1125 million short tons of coal and had a net export of 19.4 million short tons. Why wasn't all of this extra coil sent through the amazing Fischer-Tropsch process that will set us free from oil? Economics. It's just not economically feasible until either the price of oil goes WAY up or until coal starts growing on trees. Synfuel produced from coal would have to receive massive subsidies in order to compete. You bring up Byrd being in favor of it. Should I point out that as a senator from coal producing West Virginia, he'd LOVE to get his hands on those subsidies? It's a nobrainer, just like someone from the midwest being in favor of producing ethanol (talk about subsidies).
If the FT process was such a magic bullet, I'd like to propose we'd already be using it on those 19.4 million short tons of coal we're exporting.
Oh, and then there's this, from that exact same wikipedia article:So they pollute a lot more than using oil. So if you replaced oil with gas-to-oil, you increase greenhouse gases and pollution. It also puts off other pollutants, which you have to install a bunch of scrubbers to clean out and even then you only clean "many" of them. So why don't we put all the pollution capture stuff on the coal electricity plants and cut out the middle man? It can be done, the industry just avoids doing it. The US company Rentech mentioned in the article already has to do carbon sequestration to avoid spewing out CO2. Again, why not do that with the existing coal plants already?
The only real success right now with FT synfuels is with those using natural gas. It still has problems but it's not nearly as difficult as using coal. And then we're right back where we started, aren't we?
Petroleum is actually more like 3%.
http://www.eia.doe.gov/cneaf/electricity/epa/epat1p1.html
http://www.eia.doe.gov/cneaf/electricity/epa/epat1p1.html
We do not rely "too much" on NG, as we are a close second behind Russia as the world's largest producer of NG.
http://www.eia.doe.gov/neic/infosheets/natgassupply.html
We get almost all of our NG needs from our own domestic production. We import a little from Canada and Mexico and a fraction of that from Trinidad. We get a fraction of a fraction from a handful of other countries, none of which are Russia:
http://tonto.eia.doe.gov/dnav/ng/ng_move_impc_s1_m.htm
We also EXPORT NG to Canada and Mexico and LNG to Japan:
http://tonto.eia.doe.gov/dnav/ng/ng_move_expc_s1_m.htm
Please stop going on about petroleum and dependence on Russia for natural gas. Thank you.