Video Screencast Help

PGP + TPM = Essential Security?

Created: 29 Feb 2012 | 8 comments

Here is a question for all your developers and Symantec guys - Would not the addition of TPM support provide greater security with WDE?

 

Say a bad guy takes your hard drive.  Even if you have a really crappy password, the bad guy cannot brute force decryption since, even with a valid password (or having guessed the password), the drive cannot be decrypted, right?

 

It would also force the bad guys to do a brute force decryption using your own computer instead of on their super computers, right?  Which would be a much slower process since they would not be able to modify or somehow do something to your hardware (or add something to it) that would speed the process along, right?

 

 

Also, as an additional idea, how about placing a time out of like 5 minutes when you mess up the password 3 or so times?  Then, keep increasing the time out times after each set of 3 (or whatever) unsuccessful guesses, so that after the 4th or 5th set, you're timed out for 24 hours.  WOuld that not stop bruce force attempts even if the hard drive is hooked up to their super computer?

Comments 8 CommentsJump to latest comment

Avkash K's picture

Hi,

 

This is already available with Symantec,

Please refer the below link, you can use TPM Authentication with PGP WDE - PGP Desktop 10 / 9.

 

HOW TO: Use TPM Authentication with PGP WDE - PGP Desktop 10:

http://www.symantec.com/docs/HOWTO42084

 

Using Trusted Platform Module (TPM) Authentication with PGP WDE - PGP Desktop 9.x

http://www.symantec.com/docs/TECH149444

 

Hope this helps you!!

Regards,

Avkash K

Heywood's picture

TPM with PGP is only available for a very limited amount of machines.  For instance, before I owned a Dell Precision Workstation 390.  TPM & PGP worked.

 

But now I have a Dell Precision Workstation T7500 and PGP does NOT work with my TPM.

 

That's what I am complaining about. 

 

Why is it that Windows' WDE works with EVERY TPM and PGP does not?  i want my PGP to work with my TPM!

 

Despite repeated emails to PGP and suggestions posted on their site, PGP refuses to add TPM support.  I think that stinks.

Avkash K's picture

Hi,

 

Did you get any error while doing this??

Regards,

Avkash K

Heywood's picture

no error message.  when I encrypt a disk the check box for TPM is greyed out meaning the TPM is not working with PGP.

Heywood's picture

No error message.  When I encrypt a disk the check box for TPM is grayed out, which means that TPM isn't working with PGP.

Avkash K's picture

Hi,

 

I agreed that TPM+PGP WDE is supported on very limited products, but i have seen some cases where i missed out following step causing into non-functional TPM.

Before you encrypt your disk, be sure that you establish ownership of the TPM on your system,

configure the TPM,

and then reboot your system before starting the encryption process.

When you take ownership you set up a passphrase for TPM (separate from PGP Desktop or Windows) that is used to edit the TPM. Establishing ownership allows you to configure and use products with TPM.

 

I recommend you to follow this step once more & have a try.

 

Still this doesn't solves your problem then i will suggest you to open a case with Technical support & get Etrack if it's really not supported.

 

Regards,

Avkash K

Heywood's picture

I already done that with my TPM.

 

Like I said before, when I had the Dell workstation 390, PGP and TPM worked.  But PGP does not support TPM with my new Dell T7500.  That's what I am upset about.

 

If MS BitLocker can work with all types of computers, why can't PGP???

 

I don't know how to open a case with tech support and I do not know what Etrack is.  I think I have tried to get tech support before, but i can't since you have to pay yearly for that.  I used to be able to get tech support with PGP and pay for it on a case by case basis.  But Symantec screws its customers over and does not offer it that way.

 

Its not a tech support thing anyways.  PGP simply does not support TPM with very many types of computers, which really, really sucks, because the customer (you and I) are really losing out on a very important security benefit (for the reasons I outlined in my first post)!!!!!!!!!!!!!!!!!!!!

PGP_Ben's picture

If this is an imporant feature, I would recommend you submitting a product idea. Since these ideas go directly to product management who is making the decisions on what features get work done and what eventually gets incorporated into our final product.

See here:

https://www-secure.symantec.com/connect/node/add/i...

As far as paid for support on a case by case basis. I apologize but Symantec does not (currently) offer this to customers. There is the basic support contract (which includes access to the online KB system and the Connect forums) then there is essential support which offers you 24x7 unrestricted access to technical support via phone and email as well. In most cases, especially if your company is over 100+ users its most definetely worth the money to pay or the Essential Support and get assistance whenever it's needed.

I hope that this helps.

If/when you consider your issue resolved, please click Mark As Solution on the most helpful response.