[FDE] PGP Whole Disk Encryption - Barely Acknowledged IntentionalBackdoor - interesting article

Mike Giebel mgiebel at pgp.com
Fri Oct 5 14:33:41 MDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Please check out the "Official PGP Response" via the following link:
http://www.pgp.com/wde_bypass_feature.html

Best regards, 

Mike Giebel 
Territory Account Manager 
PGP Corporation
Minnetonka, MN 55345
 
T  (952) 303-3544 
mgiebel at pgp.com 
 
PGP Fingerprint: 
B65C 588E A0D0 49E8 7E3C
5A10 EBE7 D05E C75E 77DA
 
This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.

- -----Original Message-----
From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com] On Behalf Of dave kleiman
Sent: Thursday, October 04, 2007 10:57 PM
To: fde at www.xml-dev.com
Subject: [FDE] PGP Whole Disk Encryption - Barely Acknowledged IntentionalBackdoor - interesting article

Make sure you read the comments from PGP at the bottom; they contend this
"feature" is a "run-once" option.

http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html

Popular whole disk encryption vendor, PGP Corporation, has a remote support
"feature" which allows unattended reboots, fully-bypassing the decryption
boot process. The feature, which until recently was not documented [This is
a link to a secure site (https://pgp.custhelp.com). The current site is not
secure.] (customer accessible only) in most support manuals, allows a user
who knows a boot passphrase to add a static password (hexadecimal x01) that
the boot software knows. If this flag is set, the boot process does not
interrogate a user. It simply starts the operating system. The feature can
be accessed via the command line (ignore line wrap):

    "%programfiles%\PGP Corporation\PGP Desktop\PGPwde.exe" --add-bypass
- --passphrase [passphrase here]

How trivial would it be for a Trojan to pretend to be an authentication
dialog box and apply the user-supplied password as the drive unlocking
passphrase!




Respectfully,

Dave Kleiman - http://www.davekleiman.com
4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801 




_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

-----BEGIN PGP SIGNATURE-----
Version: 9.6.3 (Build 3017)

wj8DBQFHBp+l6+fQXsded9oRAoFkAJ4zml+gAN6NC23cbxxbt7+w+9mxHgCg0blr
ZIWgo3OTpJPVUb8TxkeseJM=
=rbV1
-----END PGP SIGNATURE-----

More information about the FDE mailing list