PGP Whole Disk Encryption

[logic]

This sweet app has been on windows already for some time, this week the mac os version was finally released.

Mac Link:

Windows Link:

PGP Whole Disk Encryption locks down the entire contents of a laptop, desktop, external drive, or USB flash drive, including boot sectors, system, and swap files. The data encryption software continuously safeguards data from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.

Reasons to Buy

• No change in user behavior while protecting data from unauthorized access
• Protect sensitive personal and corporate data from misuse due to lost or stolen computers
• Comply with existing and emerging industry and government regulations for information security
• Comply with business partner data protection requirements

Most Valuable Features

• Transparent encryption of laptop, desktop, external or USB storage
• Encrypts all files including user data, applications, boot sector, and swap files
• Supports both Tiger and Leopard (Mac OS X 10.4.10 and later)
• Includes hard drive encryption, virtual disk encryption, PGP Zip, self decrypting archives, and PGP Shredder

 

[oldhand]

here's my favorite... & best part is it's free! ... www.truecrypt.org



T r u e C r y p t
Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux
Main Features:

* Creates a virtual encrypted disk within a file and mounts it as a real disk.

* Encrypts an entire partition or storage device such as USB flash drive or hard drive.

* Encrypts a partition or drive where Windows is installed (pre-boot authentication).

* Encryption is automatic, real-time (on-the-fly) and transparent.

* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Hidden volume (steganography) and hidden operating system.

2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).

* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.

 

[logic]

I just used the PGP tool to encrypt my mac os hard disk 112GB of data using AES 256bit encryption and it took around 4hours... :cool

 

[HolliHerb]

ahh beautiful i can use this to secure a drive and store all my logs and pictures! Thank you guys

 

[Purkle]

So it really wont do anything bad to my computer that i might regret later?? Thanks for any help.

 

[kill-9]

So it really wont do anything bad to my computer that i might regret later?? Thanks for any help.

It's still possible to lose data. and you won't retrieve it.

It's better to create a small partition on your hard drive and just encrypt that, move all sensitive data to that partition.

There's no need to encrypt mp3s, other files, etc. But it depends on your paranoia level.

 

[hailstone]

Hmm. As we all know data recovery experts can do quite amazing things including getting back files that have been deleted. If only a small partition is encrypted you need to be sure no sensitive data ever "passes through" the unencrypted partitions. Like say if you do sensitive business on the web your browser cache shouldn't be on an unencrypted partition.

 

[Herbiraptor]

You might want to be aware of this:

http://it.slashdot.org/article.pl?sid=07/10/04/1639224

"PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

Not really sure what it all means as the tech stuff is beyond me but I stumbledabled across it and thought others might be interested.

 

[RMCG]

United Kingdom requires any PGP user to give the police both his private key and his passphrase on demand. Failure to comply is a criminal offense, punishable by a jail term of two years.

Has anyone in the UK ever even tasted freedom?

 

[markscastle]

In the USA you can not be forced to give any thing of memorie away such as your combinations and pen codes as that is protected by the second amendment. If there is a warrant to a safe and it has a key lock you can be charged for ubstructing the law if they ask you to open it and you do not.If it has a combination lock you can not be charged,but ether way if they have a warrant they will break in if they want to and any info they find can be used agianst you in court.I would `t be suprized if any encription sold in America didn`t have a back door and acess given to the Feds under national security laws.

 

[RMCG]

In the USA you can not be forced to give any thing of memorie away such as your combinations and pen codes as that is protected by the second amendment. If there is a warrant to a safe and it has a key lock you can be charged for ubstructing the law if they ask you to open it and you do not.If it has a combination lock you can not be charged,but ether way if they have a warrant they will break in if they want to and any info they find can be used agianst you in court.I would `t be suprized if any encription sold in America didn`t have a back door and acess given to the Feds under national security laws.

I know shortly after 9-11 it definitely came up to allow key brokering/escrow and back doors for the govt. I ~believe~ it was shot down or tabled.

PGP has been 'open sourced' ~sort of~ so people are looking for things like this in the code.

hushmail (encrypted mail) was 'breached' by feds. They (hushmail) could not 'see' your passphrase, BUT if you used the java app to utilize signing/encryptng, it cached the keypair and they could then capture it. Feds forced hush to turn over all logs, mail accounts, mailbox data and known keypairs in traffickng cases.

http://www.wired.com/threatlevel/2007/11/hushmail-to-war/

Not really in the same vein as full disk encryption, but sort of. Who says a patch or update won't/can't allow the same thing.

 

[spiderman]

if you're on a mac why not just turn on filevault?
:lock:

 

[EuDiesel]

America's favorite Julian Assange came up with his encryption package known as 'rubber hose' featuring plausible deniability. That is, you can have say three (or an arbitrary number) "levels" of encryption for the sensitivity of your documents.

If America, the mere prescence of drive encryption in a criminal case is enough to warrant suspicion. The police are going to ask you to cooperate and give your encryption passphrase, so you give them say, password one. This unlocks some naked pictures of your girlfriend, a W2, and a text document with an ASCII owl.

Since the password unlocked, and his algorithm is in place, LEO would be unable to PROVE that you have more than those documents hidden. The other two "levels" are essentially safe, and you are, after all, cooperating with their demands to give a password.

As far as FileVault, it is really difficult to get encryption right. Even the best algorithms have been found to be broken due to flaws in their number generators, or other factors. In fact, the reason the government doesn't have back doors for most of these things is due to a case of an intentionally flawed psuedo-random number generator effectively allowing .gov to get into any file by exploiting a weakness in how the key was processed (called a side-channel attack). I'd also venture that Apple and the big guys -- NSA and CIA would have backdoor means, even though it is encrypted via 256-bit AES (difficult to crack to nearly impossible, even for the NSA at this time).

PGP was made by Phil Zimmerman since until about ten-fifteen years ago the government considered cryptography a munition, and therefore was subject to US weapons exports. Crazy, huh? I believe PGP has become a corp version but there is a better open source (GNU) version called GPG.

TrueCrypt and GPG/PGP are both great options. Cryptography is a difficult field that is evolving in an interesting ways due to the nature of how it works.

 

[victor]

For a software encryption method, truecrypt FTW.

If you have the $, get an actual hardware encrypting harddisk, seagate makes some nice ones.

 

[ent]

A buddy of mine just got out of prison for cannabis related offenses. He did 22 months. His local PD sent off his desktop to the FBI to see if they could bust through his truecrypt setup. The FBI was unable to crack truecrypt. There was a lot of evidence on his computer that was not used against him.

 

[victor]

yes AES 256bit has not been publically cracked.. there are theoretical attacks.. although none have been proven to work. Currently the only attack is brute force, as with any man made alogorithm. This takes huge processing power , IE cray super computer. =b If you aren't a terrorist, 256 bit AES is pretty safe. ;)

Software encryption methods are also defeatable by a 'cold boot attack' method... goolge that, or evil maid

 

[fr0stysm0ke]

Check out TrueCrypt, you can even do encrypted partitions that are hidden. They wont be forensics expert hidden, but from the junior it will be for sure. Even for the seasoned forensics guru, they still need to decrypt the container. http://www.truecrypt.org/

All of the encryption is done transparently on the fly as well, makes things a bit easier. PGP Disk enterprise is hard to crack but very easy to remove the protection.

The enterprise contains the user set password as well as a master password. There is an older paper from a member of the old school hacking group legions, who has written a paper about changing the master password fairly simple, without knowing the old one. TrueCrypt being open source vs PGP closed source. Can add a bit more trust into TrueCrypt as it is open for anyone to examine as they wish. Not saying someone could not introduce some sort of side channel attacks against the encryption it's self over time. Though you can only be so paranoid. Without physical security, all of this is useless anyways ;) *cough* hardware based key loggers *cough*

Note: be very careful crossing the USA border with a laptop, smart phone etc. They can confiscate and copy the contents of the hard drive at there discretion. They can NOT view your files etc. They CAN compare your list of files to a known hash database of images etc that no one should have to begin with. Password protect everything and they have no right to ask you for your password unless a court has ordered you to do so.