Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog

The Latest Urban Legend: Cracking PGP Whole Disk Encryption (again…and again…)

Created: 20 Dec 2012 • Updated: 20 Dec 2012 • 4 comments
Kelvin_Kwan's picture
+7 7 Votes
Login to vote

Folks, the holidays are almost once again upon us.  I sit here today trying to clear off my deliverables before I go on vacation.  But you know what? The year simply would not be complete without having to respond to yet another claim of a 3rd party tool being able to decrypt/access a system encrypted by PGP Whole Disk Encryption.

So Here We Go Again…
This morning, I was made aware of a claim made by ElcomSoft that their product could decrypt PGP containers (as well as other Full Disk Encryption competitors).  After reading through their blog and discussing my thoughts with the Symantec Encryption Engineering team, we have come to the conclusion that this claim is false!  There’s truly nothing to see here. 

The Weakness is NOT the Crypto Containers
I would agree that the human factor is probably the weakest link when it comes to securing your system.  How many people use a cable lock to lock down their laptops in their office?   I don’t.  How many people lock their screens before getting up to use the restroom?  I do.  Yes, the keys are held in memory so the system can read and write information in real time vs. being asked constantly for your passphrase.  Protecting anything has always been a balance of security and convenience.   

Imagine you’re working on your garden.  Do you lock the door when you go out to your lawn and realize you forgot your gardening gloves?  You pull your house keys out, unlock the door and go in to grab your gloves.  You come back out and lock the door again only to realize you need to go back in because you forgot your hat.  Wouldn’t it be easier to simply leave the door unlocked while you’re there so you can go in and out as you need? 

Retrieving Decryption Keys in an Ideal World
When a system is encrypted with PGP WDE, it is NOT possible to access encryption keys from the hibernation file when the system is in its hibernation state or shut down.  PGP WDE encrypts the entire disk, including any hibernation partition or hibernation file.  If you could extract the hibernation file out, you could view it – but the contents would be fully encrypted, just like anything else on the disk.  So it would be useless to you.  

In an ideal situation you could potentially retrieve the keys when the system is powered on.  But at this point you already have access to the system.  Why would you bother retrieving the keys when you could simply copy the data then and there? 

A system left running, but unattended, is vulnerable to tools and attacks that read encryption keys from the memory of the running system.  If you are concerned about such an attack, always hibernate or shut down your system when it is not physically secure.

Rinse and Repeat
I wrote a blog in early November responding to a claim made by Passware to “instantly decrypt PGP.”  The claim being made by ElcomSoft’s Forensic Disk Decryptor product is similar to the one made by Passware in November.  I fully expect to post more blogs in the future to point out the fallacies in claims made by 3rd party companies’ abilities to decrypt PGP WDE. 

And on that note, I’d like to wish everyone a very safe holidays and new years!

Comments 4 CommentsJump to latest comment

patriot3w's picture

happy holiday, i think they just want to get some clicks...

+1
Login to vote
isopepper's picture

Thanks for posting this. It's nice to have an official response.

+1
Login to vote
savapgp's picture

Why don't you invest in their service and see if it is legit?  They might charge a bit, but you can prove it, and if it is true, you can fix it.

 

-3
Login to vote
emorig's picture

 

Savapgp says in his first ever post, "Why don't you invest in their service and see if it is legit?  They might charge a bit, but you can prove it, and if it is true, you can fix it."

RESPONSE:
Because it would be a waste of time and money. This is nothing new. All that these companies have done is to commercialize prior published academic research into easy-to-use products. The research showed that it is possible to extract the drive encryption/decryption key from the RAM of a running computer, then use the key to decrypt the encrypted hard drive.
 
Newer research showed that the key is not lost from RAM immediately after you shutdown a computer - it takes anywhere from a few seconds to a few minutes for RAM to lose its data. They also showed that you can preseve the contents of RAM indefinitely if you keep the chips very cold (with a cooling spray, for example), but you must do it immediately after the RAM loses power (at shutdown) and keep constant cooling. I defy you to come up with a real-world scenario where an attacker can get the contents of your hard drive by seizing the computer and keeping the RAM chips cold. 
 
If you are using Symantec Desktop Encryption (PGP) WDE or any other whole disk encryption software product, then the running computer must have the key in RAM, so that the system can encrypt and decrypt drive sectors as it reads and writes them during normal operations. Symantec could try a few tricks to make it harder to find the key in RAM memory, by moving it around or "scrambling" it, but it would not improve security very much, and do it at the expense of performance. This is called "security by obscurity" by the way.
 
To prevent an attacker from recovering your drive encryption/decryption key, you MUST shutdown or hibernate your computer. In either case, the drive encryption/decryption key is lost from RAM memory after a short period of time ranging from a few seconds to a few minutes. This is true for ANY software whole disk encryption product, not just Symantec's. 
 
Putting your computer to sleep is NOT sufficient, because a sleeping computer still provides power to the RAM memory, and the drive encryption/decryption key can be recovered. The difference between sleep and hibernation is that under sleep, the computer preserves the data RAM memory by trickling power to it, whereas under hibernation, the computer writes the RAM memory to the drive (encrypted) and then does a complete shutdown. When you start up a computer after hibernation, you must provide the drive encryption password/passphrase/key. After that, the computer can decrypt the drive and restore the contents of RAM to continue where you left off.
 
ALTERNATIVES:
Drives with built-in hardware encryption are available. Depending on what you buy, some of them store the encryption/decryption key in a tamper-resistant module. Even with these, if the bad guys can get to your running or sleeping computer when the drive is unlocked, they should be able to read the contents of the drive. If you use hardware-encrypted external drives, including encrypted flash drives, keep in mind that the whatever files you are working on will still be in RAM memory, and the operating system can page or swap the contents of RAM memory to your main drive, not the hardware encrypted external drive. 
 
SUMMARY: 
If an attacker has access to your running or sleeping comptuer, then the entire contents of your software encrypted hard drive are vulnerable, no matter which product you are using. In the past, the tools to extract your hard drive encryption/decryption key were primitive and were difficult for novices to use, but commercial products are now available to simplify the task.
 
To protect the contents of your encrypted hard drive when you leave it unattended, you must shutdown or hibernate (not sleep) your computer. If the bad guys are breaking down the door, pressing and holding the power button for a few seconds will cause most computers to do an instant hard shutdown. Of course, the bad guys know this, and they will plan ahead to get you when you step away from your running computer for just an instant.
 
A SMALL DOSE OF REALITY:
http://xkcd.com/538/
 
I applaud Symantec for their attempt to educate their users and the general population. Unfortunately, they will be misinterpreted at best, and many people will simply jump to conclusions without reading with care (or reading at all). Disclaimer: I have no direct affiliation with Symantec or PGP other than as a customer. 
 
+2
Login to vote