Discussion:
A question concerning the deployment of PGP Whole Disk Encryption (WDE)
(too old to reply)
Richard
2011-04-14 11:22:21 UTC
Permalink
Someone asked my to install WDE on his laptop to prevent access in case
it was stolen.
The last days, however, I've read that WDE automatically decrypts
everything ounce the license expires.
If this is correct then a thief only needs to wait until the information
is accessible, right?

For those who have experience with WDE; Would you recommend using WDE?


Richard.


NOTE
I'm already aware of (free) alternatives on WDE.
JTF
2011-04-14 18:07:45 UTC
Permalink
Look into TrueCrypt. Nothing wrong with PGP, but TrueCrypt if Open Source and free and does whole disk encryption.
http://www.truecrypt.org/

I have an external USB drive encrypted with it and have tried whole disk encryption for the system disk. No Password, no boot....

Downside, if the password is lost, so is your data. Much like PGP.
Richard
2011-04-15 14:54:52 UTC
Permalink
Post by JTF
Look into TrueCrypt. Nothing wrong with PGP, but TrueCrypt if Open Source and free and does whole disk encryption.
http://www.truecrypt.org/
I have an external USB drive encrypted with it and have tried whole disk encryption for the system disk. No Password, no boot....
Downside, if the password is lost, so is your data. Much like PGP.
I already using TrueCrypt for some time too.
But I need to help an author who is unexperienced using computers.
WDE has a few options which are not available in TrueCrypt. (yet(?))
John Wunderlich
2011-04-15 05:20:34 UTC
Permalink
Post by Richard
Someone asked my to install WDE on his laptop to prevent access in
case it was stolen.
The last days, however, I've read that WDE automatically decrypts
everything ounce the license expires.
If this is correct then a thief only needs to wait until the
information is accessible, right?
The only way for the disk to decrypt is if the passphrase has been
correctly entered. If a thief grabbed your laptop, he would only be
able to access or decrypt the volume if the correct passphrase were
entered which, presumably, he would not have.

HTH,
JW
David W. Hodgins
2011-04-15 07:42:49 UTC
Permalink
Post by John Wunderlich
Post by Richard
Someone asked my to install WDE on his laptop to prevent access in
case it was stolen.
The last days, however, I've read that WDE automatically decrypts
everything ounce the license expires.
If this is correct then a thief only needs to wait until the
information is accessible, right?
The only way for the disk to decrypt is if the passphrase has been
correctly entered. If a thief grabbed your laptop, he would only be
able to access or decrypt the volume if the correct passphrase were
entered which, presumably, he would not have.
If I'm understanding correctly, the op is concerned about the trial
version, where his point is correct, in that the WDE will be turned
off after the trial period.

My understanding, is that this does not apply to a purchased version.

The only part of a purchased license that expires is the support
available, not the WDE.

Either purchase a copy of pgp, or use freeware such as truecrypt.
I'd go with truecrypt.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Richard
2011-04-15 14:57:07 UTC
Permalink
On Fri, 15 Apr 2011 01:20:34 -0400, John Wunderlich
Post by John Wunderlich
Post by Richard
Someone asked my to install WDE on his laptop to prevent access in
case it was stolen.
The last days, however, I've read that WDE automatically decrypts
everything ounce the license expires.
If this is correct then a thief only needs to wait until the
information is accessible, right?
The only way for the disk to decrypt is if the passphrase has been
correctly entered. If a thief grabbed your laptop, he would only be
able to access or decrypt the volume if the correct passphrase were
entered which, presumably, he would not have.
If I'm understanding correctly, the op is concerned about the trial
version, where his point is correct, in that the WDE will be turned
off after the trial period.
You understand me correctly.
My understanding, is that this does not apply to a purchased version.
The only part of a purchased license that expires is the support
available, not the WDE.
I guess I will find out my self.
I'm going to buy WDE just to learn everything about it.

And in the meantime I'm going to deploy TrueCrypt or FreeOTFE.
Either purchase a copy of pgp, or use freeware such as truecrypt.
I'd go with truecrypt.
Regards, Dave Hodgins
Thanks you for your answer.
--
http://pgp.mit.edu:11371/pks/lookup?search=0x13FC028C&op=get
Fritz Wuehler
2011-04-16 09:24:31 UTC
Permalink
Post by Richard
Someone asked my to install WDE on his laptop to prevent access in case
it was stolen.
The last days, however, I've read that WDE automatically decrypts
everything ounce the license expires.
If this is correct then a thief only needs to wait until the information
is accessible, right?
I don't know if what you are saying is true or not but if it is, he doesn't
have to wait for the information to be accessible. He just has to set the
clock forward and reboot. I can't imagine PGP is that stupid nowadays but
maybe they are. You should get a trial copy and test it.
Richard
2011-04-16 12:27:43 UTC
Permalink
Post by Fritz Wuehler
Post by Richard
Someone asked my to install WDE on his laptop to prevent access in case
it was stolen.
The last days, however, I've read that WDE automatically decrypts
everything ounce the license expires.
If this is correct then a thief only needs to wait until the information
is accessible, right?
I don't know if what you are saying is true or not but if it is, he doesn't
have to wait for the information to be accessible. He just has to set the
clock forward and reboot. I can't imagine PGP is that stupid nowadays but
maybe they are. You should get a trial copy and test it.
I'm an going to test it on different kind of ways.
The trail, and a purchased version, both on different machines.

I'm going to observe and analyze whatever happens during the
installation. And how it behaves when there's an Internet connection
available, by using an permanent sniffer.

That it was breakable just by adjusting the system time, was something
which crossed my mind in first instance too.

That would be very unlikely, would it not?


Richard.
David W. Hodgins
2011-04-17 20:58:46 UTC
Permalink
Post by Richard
That it was breakable just by adjusting the system time, was something
which crossed my mind in first instance too.
My understanding is that the trialware version is intended to let the
user learn how it works, so they can decide if they want to purchase
it or not.
Post by Richard
That would be very unlikely, would it not?
If the user decides not to purchase it, it can't just stop working,
or the user would be unable to access their data, or install a
purchased copy. It either has to keep working (no incentive for
the user to purchase), or decrypt the data before it stops working.

Given the way the trialware is supposed to work, I'd fully expect
turning the clock forward to force decryption.

The only question that's important about this, from my point of view,
is whether or not that's made clear to the user when getting/installing
the trialware version.

Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
Richard
2011-04-18 12:58:26 UTC
Permalink
Post by David W. Hodgins
Post by Richard
That it was breakable just by adjusting the system time, was something
which crossed my mind in first instance too.
My understanding is that the trialware version is intended to let the
user learn how it works, so they can decide if they want to purchase
it or not.
Post by Richard
That would be very unlikely, would it not?
If the user decides not to purchase it, it can't just stop working,
or the user would be unable to access their data, or install a
purchased copy. It either has to keep working (no incentive for
the user to purchase), or decrypt the data before it stops working.
Given the way the trialware is supposed to work, I'd fully expect
turning the clock forward to force decryption.
You're absolutely right.
Post by David W. Hodgins
The only question that's important about this, from my point of view,
is whether or not that's made clear to the user when getting/installing
the trialware version.
I'll let you know when I have the time to begin testing.
Post by David W. Hodgins
Regards, Dave Hodgins
I'm just very curious whether WDE remains safe and usable when the
license period expires, and if it is possible for Symantec (or others)
to withdraw licenses xor access any other WDE-data trough the network.


Richard.

Loading...