SIDEBAR
»
S
I
D
E
B
A
R
«
GPGMail being updated for Snow Leopard?
Oct 26th, 2009 by Ken Hagler

This thread in Source­Forge sug­gests that the GPG­Mail plu­g­in, need­ed to inte­grate GPG with Apple Mail, has found a new devel­op­er who is updat­ing it to work with Snow Leop­ard. This is good news, as PGP is once again insist­ing that they will not update their own Mail plugin–they real­ly want to force their cus­tomers into using their hor­ri­bly crap­py encrypt­ing proxy, which is some­thing I cer­tain­ly won’t do.

PGP Whole Disk Encryption
May 17th, 2009 by Ken Hagler

After trying it for three weeks without problems, I bought the latest version of PGP Desktop Professional, which includes whole disk encryption. Both my MacBook Pro's internal hard drive and the external drive I use for Time Machine backups have gotten along with it just fine, even through the system update to 10.5.7. For the most part there's no noticeable impact on performance, but then my laptop doesn't do anything really disk intensive--all my photography work happens on a different computer which I will not be encrypting. There did seem to be a slowdown in Time Machine backups, but that's not an area where performance is really relevant. I would really prefer to use TrueCrypt, but as it currently can only do whole disk encryption on Windows (where I have been using it for some time), that wasn't an option.

The rest of the PGP Desktop package gets a mixed review. I had looked at PGP last summer and dismissed it as unacceptable because of the horribly designed proxy it relies on for encrypting email, but this time around I discovered that there is also an officially unsupported plugin available for Mail. The plugin works the same way as the GPGMail plugin, but with fewer features. This is not surprising, as they have the same author. Apparently some brainless product manager at PGP Corporation had decided to kill the plugin (presumably to force users into using their worthless proxy), and it was brought back by popular demand.

Since the last time I looked at PGP, it's lost the ability to communicate with public key servers other than the one actually run by PGP Corporation, which very few people use. According to a thread on the PGP support forum, the developers know about this bug and just don't care about fixing it. Well, nobody will ever accuse the PGP Corporation of having good customer service or QA! Fortunately the keyservers have web interfaces so the problem can be worked around as long as you're using the "unsupported" Mail plugin. Anyone foolish enough to use the proxy will be out of luck, though.

I ultimately decided to switch from GPG to PGP for my email needs, at least for the moment, because while both of them have huge problems on the Mac, PGP's refusal to work with keyservers that aren't owned by the PGP Corporation is less of a problem than the hideously unusable keychain management that GPG inflicts.

Replacement work key
May 2nd, 2009 by Ken Hagler

In light of the recent news about SHA-1, I decid­ed to replace my ten year old work PGP key.

New attacks on SHA-1
Apr 30th, 2009 by Ken Hagler

This was post­ed on the PGP-Basics mail­ing list by Robert J. Hansen:

Some researchers are claim­ing they’ve been able to make the Sheng­dong
Uni­ver­si­ty attack on SHA-1 a fac­tor of about 2000 times eas­i­er. If
their research is cor­rect, that means SHA-1 is now attack­able by reg­u­lar
peo­ple.

These results are not unex­pect­ed. We knew this day would come. For the
last cou­ple of years most cryp­to nerds have been strong­ly rec­om­mend­ing
peo­ple either migrate away from SHA-1 imme­di­ate­ly, or at the very least
have a migra­tion plan put togeth­er.

If you have already migrat­ed — then you may ignore this devel­op­ment.

If you have not — then it is increas­ing­ly urgent you do so.

Orig­i­nal URL:

http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf

Another PGP Whole Disk Encryption Review
Nov 3rd, 2008 by Ken Hagler

Review: PGP Whole Disk Encryp­tion for Mac OS X [Paul Sta­ma­tiou]

Anoth­er good review. This one doesn’t men­tion Time Machine, but goes into more detail on cold boot attacks.

PGP Whole Disk Encryption review
Oct 31st, 2008 by Ken Hagler

Secur­ing Your Disks with PGP Whole Disk Encryp­tion [Tid­BITS: Mac News for the Rest of Us]

A gen­er­al­ly good review of the new PGP disk encryp­tion soft­ware, but I do see a cou­ple of prob­lems. First, the author only hints at how it works with Time Machine, which is an area of inter­est to me. In the­o­ry it should be fine (although obvi­ous­ly you’d need to encrypt Time Machine’s back­up vol­ume too), but when it comes to soft­ware com­pat­i­bil­i­ty the­o­ry and prac­tice often diverge.

Sec­ond, the author says that it’s a “lim­i­ta­tion” that PGP Whole Disk Encryp­tion only secures your data when the com­put­er is off, and not just while it’s asleep. I con­sid­er that a nec­es­sary func­tion, not a lim­i­ta­tion. Because it’s entire­ly pos­si­ble to recov­er sen­si­tive data (such as the passphrase for the hard dri­ve) from a “sleep­ing” computer’s mem­o­ry, claim­ing to encrypt when a com­put­er is put to sleep would only be pro­vid­ing a false sense of secu­ri­ty.

I’m inter­est­ed in this prod­uct for my own use, but giv­en PGP, Inc.‘s rather spot­ty record to date (they’ve man­aged to ren­der their main PGP prod­uct unus­able in the name of usabil­i­ty improve­ments), I’m wait­ing for a while to be sure that there aren’t any hid­den prob­lems.

Encryption and Gmail
Oct 29th, 2008 by Ken Hagler

How To Talk So The Gov­ern­ment Can’t Lis­ten. Part 1: how to encrypt your e-mail in Gmail with GPG (for use with Gmail or oth­er web mail inter­faces on Fire­fox in Win­dows) [Rad Geek People’s Dai­ly]

A good detailed tuto­r­i­al on how to use GPG to pro­tect your email with­in Gmail. The parts deal­ing with key man­age­ment are Windows-specific–the state of Mac sup­port for GPG is con­sid­er­ably infe­ri­or and Lin­ux sup­port (at least in the Ubun­tu dis­tri­b­u­tion) is bet­ter, but the details are dif­fer­ent.

»  Substance:WordPress   »  Style:Ahren Ahimsa
© Ken Hagler. All rights reserved.