Pretty Good Privacy (PGP) - SAFE or NO.

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Btw. you can also use truecrypt full disk encryption.

http://www.truecrypt.org/docs/?s=system-encryption

This opensource solution, comes for free, but you also get no special support for it. (I.e. make backups in regular intervals)

ASKER

I though i should encrypt the hdd AFTER i loaded sensitive informations on it, in order to encrypt them...

Dear, first PGP is free, I don't know why you want pay someone ?

Like Tolomir says, TrueCrypt is one solution for encrypt the hard drive.

PGP was not create for the hard drive but for the email.

Best Regards

See this about PGP :

http://en.wikipedia.org/wiki/Pretty_Good_Privacy

No, the entire system is encrypted, you load unencrypted data on it, encrypting it automatically.

@Madshiva, the asker is referring to pgp desktop. The full disk encryption component is not for free.

http://eu.store.pgp.com/whole_disk_encryption.html

PGP Whole Disk Encryption locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files. The data encryption software continuously safeguards data from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.

@Tolomir, ok thanks.

He should not call them PGP only, it's not the same product.

Anyway, if he want but this software, for the moment the AES 256-bit it's safe and could not be cracked.

Best Regards

pgp is a company ;-)

---

The advantage with pgp disk encryption or drivecrypt from securstar is you get software support.

---

truecrypt (using it myself) just offers forum support. http://forums.truecrypt.org/
Also note that, as TrueCrypt is free, there is no official support for TrueCrypt. For 'unofficial' support (i.e. users help other users) please visit the TrueCrypt Forums. taken from their faq

Tolomir

ASKER

MadShiva said: Anyway, if he want but this software, for the moment the AES 256-bit it's safe and could not be cracked.

Are you trying to say that you believe NSA cannot bypass it ?

Tolomir, i'll keep the question open for 2 more days.I really need to see more oppinions.Hope you don't mind.

Many thanks for every answer.

ASKER

Tolomir , what about this part of the story :
"When they want to format their pc they decrypt the HDD , then format, reinstall the OS , then again reinstall the PGP and encrypt the hard-disk again.
I suppose if I uninstall the PGP or if i simply format the pc , without decrypting the hdd, I wont be able to access my hdd anymore, because I believe it s encrypted, right? "
Ty

Dear,

I mean they could not be cracked for the moment, but the algorithm had some problem that I think someday somebody will find a way to crack it in a short time.

The problem is that I don't know how many PS3 that have buy the NSA to crack it in a short amount of time :)

See this article, about peoples that have find a attack 4 month ago :

http://eprint.iacr.org/2009/374

Best Regards

About the last question if you format it, the hdd will not be more encrypted. If you try to restore the data of the disk , then the data is encrypted.

If you uninstall PGP, the program should ask you to unencrypted the data (then you don't lose the data).

Best Regards

You don't format partition c:
you simply delete it before you reinstall windows.
If you want to uninstall pgp, make sure all sensitive information is removed before.
Think about a safe: you would empty it before discarding it would'nt you? You also would never place your treasures on a table for the time until you get a larger safe?

@madshiva: I'm not sure you did really understand the question...
This is a forensic issue, not a how to install/uninstall windows or full disk encryption.

Just my 2 cents,
Tolomir

Hum, @Tolomir, I don't have know the name of the software that love76ers would use in the start ok, but I know forensic, and I'm not doing a how to do... I have tried to answer the last question. And I answer, I don't' put other question to the answer of love76ers....

Why you want remove the information before uninstall pgp ??? This make no sens, the data could be decrypted and don't need to time copy, to another disk or a nothing work.

If you want remove the data, the format it, or crash it, but don't tell that you need to do something...

This protection, protect again the access physical to the disk only, then it depend on your environment if you could let the disk not encrypted the time that you switch to another big hard drive... I don't agree with @Tolomir. I don't know how many you need that your file is protected, then it's too you to think about problem that append if you let the hard drive without encryption on the table.

Best Regards

" In my opinion this software is designed to PROTECT peoples data against anyone, but two weeks ago a friend who work as policeman in Belgium told me that PGP can be cracked by their IT guys if the person who is using the software, decrypt informations every time before reinstalling the OS . After I read a lot of stuff about pgp, and after I talked with all my friends they told me they are using pgp like this : they install the OS (usually , windows XP), after installing the OS, they install PGP software and encrypt the whole disk. When they want to format their pc they decrypt the HDD , then format, reinstall the OS , then again reinstall the PGP and encrypt the hard-disk again. As I said upwards , I heard that if you are using the PGP this way, the hdd can be somehow cracked or the PGP bypassed, not very sure, because my friend who work in police is not working in IT department ."

+

"
O&O DiskRecovery searches for and reconstructs deleted or lost data! The clear Wizard guides you step-by-step through the data rescue. O&O DiskRecovery 6 supports all popular file formats and scans every sector of the hard disk, the memory card or the digital camera for lost files. O&O DiskRecovery 6 can also find and recover data in the most extreme situations, such as with already formatted or destroyed file systems. "

is the issue I'm talking about.

So pgp is never cracked but unencrypted information can be recovered. For sure not all files but if some are available this is a start in forensic work.

Thus I suggest to store never data unencrypted on the harddisk and if you have to reinstall windows / pgp 1st move sensitive files away, to render tools like O&O Diskrecovery useless.

btan

PGP documentation did suggest best practice, see pg 5 (before encrypt)
- https://supportimg.pgp.com/pdf/PGPWDEqsg.pdf

I will say that in general the critical areas such as creating backup and a recovery disk applies for all whole HDD encryption software (same for Truecrypt). Typically the recovery disk will contain the MBR of the HDD that will direct to PGP bootstrap code and proceed to find and uncover the HDD encryption key (protected by the user's passphrase).

Recovery is key for deciding whether to get that software, the trouble and scrambling comes when HDD crashes and not able to boot up, but your data are still in the HDD. See this blog comments on the hassle. But I am not saying that HDD protection or PGP is not good, you need to make the discretion - support is key.
- http://blog.securism.com/2009/01/recovering-a-pgp-whole-disk-encrypted-drive/

Tyically "gaps" for such HDD encryption revolve in weakness in the ciphering mode (e.g. CBC, ECB and ease of finding the encryption in memory (e.g. cold boot attack). The algorithm should be robust and even if it is "breakable", I see it as only conceptual proof of concept that may not be logically for the attacker to exploit. It applies to all HDD encryption s/w, in general, you should have second factor authentication using smart card or biometric at preboot. That I will say safer and with proper BIOS lockdown so that booting from other device is not straightforward. Also do not go for sleep mode as cold boot attack can still works, choose hibernation - they are not preventive but can deter.

There is no so called perfect encryption soln but a layer defenses such as also incorporating on top of the HDD protection on the files you deemed worthy of protecting (of course not those system files). It make harder for the attacker to get your sensitive document. I believe PGP (other suite) has file/folder protection as well. You may also treat volume as a container file to store those files.

Having said all that, on the forensic part of "uninstall and re-install", I do not see any software possible to recover the encrypted HDD or partition that straightforward. Those recovery s/w really applies for case on plain HDD etc with "break in the file system structure etc. Note that even encrypted HDD do has plain sector in them to contain the software codes to monitor and start the "encrypt and decrypt on the fly" processes. So, i do not see a possibility of the backdoor unless we really do a offline deisgn and source code review. Recovery (adhering the proper intent) is not backdoor - key or passphrase still lie with user.

Also weakest link is the user who "own" the passphrase - choose one wisely and manage it well (not share around or using sticky notes).

Hope it helps

Well if a user behaves like this:When they want to format their pc they decrypt the HDD , then format, reinstall the OS , then again reinstall the PGP and encrypt the hard-disk again.

I see a way to recover data. Because (for a short time) all data is stored unencrypted on the harddisk, go figure...

Tolomir

A drive format is nothing more than delete the file directories and (optionally check for bad sectors)
If they would wipe their HD before reinstallation (in a DoD proven way) I would not argue here.

ASKER

Sorry for the delay, but i was out of town till now. Many thanks to all of you, but i would like to offer all the points to Tolomir. If anyone has any objections about my decission, please reply this message in 24 hours . Topic will be closed soon. Best wishes.