-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
Please check out the "Official PGP Response" via the following link: http://www.pgp.com/wde_bypass_feature.html Best regards, Mike Giebel Territory Account Manager PGP Corporation Minnetonka, MN 55345 T (952) 303-3544 [EMAIL PROTECTED] PGP Fingerprint: B65C 588E A0D0 49E8 7E3C 5A10 EBE7 D05E C75E 77DA This email and any attachments thereto may contain private, confidential, and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dave kleiman Sent: Thursday, October 04, 2007 10:57 PM To: [email protected] Subject: [FDE] PGP Whole Disk Encryption - Barely Acknowledged IntentionalBackdoor - interesting article Make sure you read the comments from PGP at the bottom; they contend this "feature" is a "run-once" option. http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html Popular whole disk encryption vendor, PGP Corporation, has a remote support "feature" which allows unattended reboots, fully-bypassing the decryption boot process. The feature, which until recently was not documented [This is a link to a secure site (https://pgp.custhelp.com). The current site is not secure.] (customer accessible only) in most support manuals, allows a user who knows a boot passphrase to add a static password (hexadecimal x01) that the boot software knows. If this flag is set, the boot process does not interrogate a user. It simply starts the operating system. The feature can be accessed via the command line (ignore line wrap): "%programfiles%\PGP Corporation\PGP Desktop\PGPwde.exe" --add-bypass - --passphrase [passphrase here] How trivial would it be for a Trojan to pretend to be an authentication dialog box and apply the user-supplied password as the drive unlocking passphrase! Respectfully, Dave Kleiman - http://www.davekleiman.com 4371 Northlake Blvd #314 Palm Beach Gardens, FL 33410 561.310.8801 _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde -----BEGIN PGP SIGNATURE----- Version: 9.6.3 (Build 3017) wj8DBQFHBp+l6+fQXsded9oRAoFkAJ4zml+gAN6NC23cbxxbt7+w+9mxHgCg0blr ZIWgo3OTpJPVUb8TxkeseJM= =rbV1 -----END PGP SIGNATURE----- _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
