Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Encryption Blog
Showing posts in English
dfinkelstein | 04 Oct 2012 | 1 comment

On Trust

I first came across Ken Thompson's Turing Award acceptance speech, Reflections on Trusting Trust, when I was in graduate school.  I found it very thought-provoking, and for a moment wondered if there weren't such vulnerabilities hidden away in the systems I used.  At some point, you decide to either give your trust, or withhold it.

I worked for 5 years at Xcert International, a startup that developed and sold Certificate Authority and related PKI products.  A PKI is rooted at a single point (the Root CA).  Root CAs are often referred to as "Trusted CAs" but I never thought of them that way, even though certificate vendors like to use the word "Trust" when describing their services.  A certificate provides identity information, certified by a signer -- "This person (the certificate subject) is associated with this public key, and the following associated attributes; so says I."  But...

dfinkelstein | 04 Sep 2012 | 1 comment

I'm David Finkelstein, and welcome to my Encryption Blog.

Here I'll share with you some of my thoughts and observations on security in general, and encryption in particular.  I might discuss in detail the security aspects of Symantec's encryption products, but I'll leave the product announcements and  business related messages to others.  My interest is in cryptography and security, as practiced here at Symantec and elsewhere.

I've worked for security related companies for over 15 years.  Here at Symantec, I'm the Director of Engineering responsible for the Encryption group's Core Cryptographic team.  We produce the PGP Software Development Kit, a FIPS validated cryptographic toolkit used throughout Symantec, as well as PGP Command Line, the absolute best OpenPGP compliant application available (though I freely admit my opinion is biased).

So welcome to my blog.  I expect to get a bit technical at...

Kelvin_Kwan | 19 Jun 2012 | 30 comments

If you recently purchased a MacBook Air (Model 5,2) or a MacBook Pro (Model 10,1), do NOT encrypt your laptop with the current release of PGP Whole Disk Encryption for Macs (10.2.1 Build 4461).

These are the latest Macs just released by Apple based on the Ivy Bridge Processors from Intel.

Based on our QA testing thus far, we are observing these Macs not booting properly after authenticating the PGP WDE Bootguard screen. Our engineers are aware of the problem and are busily working on a solution to this.

Please check back to this blog for the latest updates.

7/17/2012 @ 1:57 PM PST - Hot off the presses from engineering.  A hotfix to address this issue should be available by the end of July or beginning of August.  I will update this posting with any follow-up information that I have.  Thanks for your patience and understanding. 


Kelvin_Kwan | 15 Jun 2012 | 71 comments

The newest version of OS X, 10.8 - Mountain Lion is scheduled to be released sometime in July of 2012 by Apple.

Based on past experiences, we do NOT recommend users currently encrypted with PGP Whole Disk Encryption or SEE Full Disk Encryption for Macs upgrade to OS X 10.8 when made available by Apple.

Symantec is actively testing PGP WDE and SEE FDE against the 10.8 developer builds from Apple. We will continue testing against all developer builds from Apple and also against the official release from Apple.

As a reminder, you should not upgrade to 10.8 if you wish to continue to use WDE.  If you must upgraded to 10.8, then please decrypt your disk prior to installing 10.8.  Once on 10.8, please do not re-encrypt at this point in time.  

Please check back to this blog for updates as they become available.


Kelvin_Kwan | 30 May 2012 | 1 comment

A few recent headlines (Google translated link) have suggested that PGP encryption can be broken. My first reaction was with a sigh: “Not this again!” Such claims have been made before, and so far not a single one has proven true. Thus far, that seems to be the case here.

Breaking “PGP Crypto” Means Breaking AES
First, remember that PGP products do not use a custom encryption algorithm. They are based on well-studied, standard algorithms such as RSA and AES, at bit lengths that are regarded as best practices for strong...

Kelvin_Kwan | 29 May 2012 | 1 comment

Passware recently blogged about the ability to "instantly decrypt PGP Whole Disk Encryption" with their latest release of Passware Kit 11.7.

Based on deeper investigation from Symantec engineering, it has been concluded that a properly configured PC is not vulnerable to this Passware claim.

A Whole Disk Encrypted machine is not vulnerable to an offline attack. If an attacker was to steal a machine in an offline state (powered off or hibernating state) the first place they would look for the key information is in the hibernation file or crash dumps. The problem, however, is that this is only possible if the PC was not encrypted at the disk block level. You cannot get to the hibernation file or the crash dumps since this information is in an encrypted state, and you would need to authenticate to the disk first to get to those files....

Tim_Matthews | 13 Feb 2012 | 3 comments

With the end of 2011 upon us, one thing is sure: the mobile revolution is in full swing. Smartphones and tablets are everywhere.

In fact, according to the analyst firm Gartner, sales of smartphones will exceed 461 million this year – surpassing PC shipments in the process – and rise to 645 million in 2012. Combined sales of smartphones and tablets will be 44 percent greater than the PC market by the end of the year. Beyond 2011, Gartner says the rise in tablet use will jump to 900 million by 2016.

These devices are not just becoming mainstream, they are penetrating nearly every aspect of our lives. More importantly, for many the line between personal and business devices has been blurred, or erased altogether. More often than not, a single device is used for both personal and business activities, with Gartner also predicting that 80 percent of professionals will use at least two personal devices to access corporate systems and data by 2014.


Kelvin_Kwan | 10 Jan 2012 | 23 comments

It has come to Symantec's attention that an OS X 10.7.3 update release is imminent from Apple.

Based on past experiences, we do NOT recommend users currently encrypted with PGP WDE or SEE FDE for Macs upgrade to OS X 10.7.3 when made available by Apple.

Symantec is actively testing PGP WDE and SEE FDE against the 10.7.3 developers build from Apple. We will continue testing against all developers code from Apple and also against the official release from Apple.

Please check this blog for updates as they become available.

Kelvin_Kwan | 15 Oct 2011 | 0 comments

Apple released a new generation of MacBook Air notebooks and Mac mini desktops in mid-2011.  These latest releases of MacBook Air notebooks and Mac mini desktops have a known issue with Symantec PGP Whole Disk Encryption. Symantec Engineering has isolated this issue down to specifically the latest version of Mac Book Air notebooks 4.2 with the Intel Core i5 and i7 processors and the mid 2011 versions of the Mac mini desktops 5.1, 5.2, and 5.3 with the Intel Core i5 and i7 processors.

We have successfully tested and verified that PGP Whole Disk Encryption 10.2MP1 works with all MacBook Air notebooks and Mac mini desktops and the Lion OS X operating system prior to the latest releases of these MacBook Air notebooks and Mac mini desktops.

An easy way to distinguish the latest generation of Mac Book Air notebooks and Mac mini desktops are to look for the presence of a ...

Kelvin_Kwan | 19 Aug 2011 | 4 comments

As many of you know, the Trusted Computing Group (TCG) was an initiative started by some well-known technology companies to help standardize and implement Trusted Computing.  One of the first “products” to come from this was the Trusted Platform Module (TPM).  There are various vendors that take advantage of the TPM chip for security related functions.  (Full disclosure:  Symantec is a member of the Trusted Computing Group.)

The next significant “product” to come from TCG is the Opal standards for Self Encrypting Drives (SED).  The Opal standard is an industry standard for any hard disk drive (HDD) manufacture to sell SEDs that would comply with these standards.  Now what this means, is that these HDDs will have encryption already built into the hardware.

“Great!  We won’t need to evaluate any of the software encryption vendors out there.  We can simply just buy SEDs from the major HDD...