Undocumented Bypass in PGP Whole Disk Encryption

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Oct 6 01:58:02 EDT 2007

Victor Duchovni <Victor.Duchovni at MorganStanley.com> writes:
On Thu, Oct 04, 2007 at 02:37:21PM -0500, travis+ml-cryptography at subspacefield.org wrote:
>> http://it.slashdot.org/article.pl?sid=07/10/04/1639224&from=rss
>> Interesting quote:
>> Jon Callas, CTO and CSO of PGP Corp., responded that this [previously
>> undocumented] feature was required by unnamed customers and that
>> competing products have similar functionality.
>The article is sensational nonsense. The quote is right on the money,
>businesses require disk encryption companies to support one time unprotected
>reboot (enabled securely before reboot) to support automated rebuilds.

Specifically, the capability exists to allow a one-off unattended reboot of
servers, i.e. you tell the program that at the next reboot, it should
automount the drive without stopping to ask for the password so that the
reboot can continue.  Without this, it would be impossible to run servers with
encrypted drives.  The mysterious "unnamed customers" was a misrepresented
reference to sysadmins who needed the capability to run their machines.

Nothing to see here, move along, move along.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list