PGP Whole Disk Encryption — Authentication Bypass

There has recently been some atten­tion to a bypass fea­ture in PGP Cor­po­ra­tion’s Whole Disk Encryp­tion prod­uct line. The gist of it seems to be that it is pos­si­ble for an encrypted vol­ume to be set so that the passphrase require­ment is waived (bypass­ing the authen­ti­ca­tion) for a sin­gle reboot.

While this comes across as con­cern­ing at first, after read­ing the PGP Knowl­edge­base Arti­cle #750, it appears that the risk is min­i­mal. I feel that if I were a gov­ern­ment orga­ni­za­tion, such as the CIA,NSA,FBI, DHS, etc, then I’d be wor­ried about the types of advi­sories the anony­mous author of securol­ogy men­tions. How­ever, most lap­top thefts are by com­mon crim­i­nals look­ing to make some money in a pawn shop or oth­er­wise. I doubt there will be many if any cases of a mali­cious tro­jan that not only replaces PGPs Boot­guard with a mali­cious one to extend the num­ber of unau­then­ti­cated bypasses ad infini­tum, but also infects machines that the attacker can get phys­i­cal access to. This would require being able to reverse engi­neer the PGP Boot­Guard code that so far even the fine folks over at Guid­ance Soft­ware haven’t been able to do.

As part of risk man­age­ment, there is a cer­tain level of risk that has to be accepted. We can not live in a world with­out risks and should only worry about the ones that have a rea­son­able chance of occurring.

The post­ing lists 4 points that he/she would like addressed.

  1. The fea­ture was doc­u­mented clearly, includ­ing a secu­rity warn­ing cov­er­ing the risks of its use/presence in such a way that admin­is­tra­tors must see it.
  2. The fea­ture could be per­ma­nently dis­abled– not just ignored or left seem­ingly unused.
  3. The intended use of the fea­ture did not require the cre­ation of a passphrase with cryp­to­graphic access to the Vol­ume Mas­ter Key.
  4. The intended use of the fea­ture did not require the dis­tri­b­u­tion of plain text scripts with an embed­ded passphrase to N clients each and every time that fea­ture is needed.

The first point I absolutely agree with. How­ever, it’s worth men­tion­ing that PGP doc­u­mented this fea­ture back on July 27th of 2007. I would like to see the secu­rity warn­ing though, as I per­son­ally had no knowl­edge of this fea­ture until I went look­ing for it. Could PGP have back­dated the doc­u­ment? Of course, but I’m hop­ing the com­pany mak­ing my encryp­tion solu­tion isn’t that shady.

PGP Bypass Document

The sec­ond point seems aca­d­e­mic in nature to me. There are plenty of pro­grams used in every com­pany of every nation that have fea­tures which would be inse­cure. For instance, Microsoft Active Direc­tory can allow user accounts to have blank pass­words. Shouldn’t we be sat­is­fied that in our envi­ron­ment the fea­ture is dis­abled? Demand­ing that Microsoft remove the fea­ture from the code base sim­ply because it would be unfa­vor­able if enabled is ridicu­lous. I feel like that’s what’s being demand­ing of PGP here. It might be a risk a 3 Let­ter Agency should worry about, but cer­tainly not your typ­i­cal business.

For the third point I’m inter­ested to see what his pro­posed solu­tion is that doesn’t allow cryp­to­graphic access to the Vol­ume Mas­ter Key. I may be mis­in­formed but I’d think that with­out access to the VMK the lap­top wouldn’t be able to decrypt any­thing and thus it would be impos­si­ble to boot.

I com­pletely agree with this fourth point. I’ve always been against devel­op­ers hard cod­ing pass­words into bina­ries, and espe­cially into plain text script files. PGP should allow an alter­nate form of authen­ti­ca­tion that doesn’t require dis­play­ing the pass­word. I have some thoughts on this but will likely post them later.

Over­all though I’m very impressed with the writ­ing style and depth of thought that the author behind Securol­ogy has shown. I plan to keep read­ing and keep learning.