Disk Encryption and PGP


Chris | Live Tech Support | Video Help | Add to iTunes

http://live.pirillo.com/ – PGP’s “Whole Disc Encryption” sounds like a good idea. Everything is protected! But, what about the drawbacks of that? What about the fact that it’s considered a ‘feature’… one that can be disabled anytime a user chooses?

Four of my friends joined me for this discussion: Kat, SC_Thor, Wirelesspacket, and last but certainly not least… Datalore.

PGP Corporation’s widely adopted Whole Disk Encryption product has an encryption bypass “feature” that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base.

According to PGP themselves, “PGP Whole Disk Encryption locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files. The encryption is transparent to the user, automatically protecting data.”

What good is this though, if someone decides it’s too much work? Let’s say Company A’s employee doesn’t want the hassle of going through all that to get to his files and programs. So, he disables it. Uh oh… the laptop was stolen. Now, all of Company A’s documents are accessible to anyone who can turn the laptop on. Kinda defeats the purpose, doesn’t it?

I don’t know about you, but I don’t see this as much of a “feature”. I see it as a big loophole, in an otherwise excellent product.

Want to embed this Disc Encryption and PGP video in your blog? Use this code:

Formats Available: MPEG4 Video (.mp4) Flash Video (.flv) MP3 Audio (.mp3)