Make sure you read the comments from PGP at the bottom; they contend this "feature" is a "run-once" option.
http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html Popular whole disk encryption vendor, PGP Corporation, has a remote support "feature" which allows unattended reboots, fully-bypassing the decryption boot process. The feature, which until recently was not documented [This is a link to a secure site (https://pgp.custhelp.com). The current site is not secure.] (customer accessible only) in most support manuals, allows a user who knows a boot passphrase to add a static password (hexadecimal x01) that the boot software knows. If this flag is set, the boot process does not interrogate a user. It simply starts the operating system. The feature can be accessed via the command line (ignore line wrap): "%programfiles%\PGP Corporation\PGP Desktop\PGPwde.exe" --add-bypass --passphrase [passphrase here] How trivial would it be for a Trojan to pretend to be an authentication dialog box and apply the user-supplied password as the drive unlocking passphrase! Respectfully, Dave Kleiman - http://www.davekleiman.com 4371 Northlake Blvd #314 Palm Beach Gardens, FL 33410 561.310.8801 _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
