GPGMail being updated for Snow Leopard?
Oct 26th, 2009 by Ken Hagler

This thread in SourceForge suggests that the GPGMail plugin, needed to integrate GPG with Apple Mail, has found a new developer who is updating it to work with Snow Leopard. This is good news, as PGP is once again insisting that they will not update their own Mail plugin–they really want to force their customers into using their horribly crappy encrypting proxy, which is something I certainly won’t do.

PGP Whole Disk Encryption
May 17th, 2009 by Ken Hagler

After trying it for three weeks without problems, I bought the latest version of PGP Desktop Professional, which includes whole disk encryption. Both my MacBook Pro’s internal hard drive and the external drive I use for Time Machine backups have gotten along with it just fine, even through the system update to 10.5.7. For the most part there’s no noticeable impact on performance, but then my laptop doesn’t do anything really disk intensive–all my photography work happens on a different computer which I will not be encrypting. There did seem to be a slowdown in Time Machine backups, but that’s not an area where performance is really relevant. I would really prefer to use TrueCrypt, but as it currently can only do whole disk encryption on Windows (where I have been using it for some time), that wasn’t an option.

The rest of the PGP Desktop package gets a mixed review. I had looked at PGP last summer and dismissed it as unacceptable because of the horribly designed proxy it relies on for encrypting email, but this time around I discovered that there is also an officially unsupported plugin available for Mail. The plugin works the same way as the GPGMail plugin, but with fewer features. This is not surprising, as they have the same author. Apparently some brainless product manager at PGP Corporation had decided to kill the plugin (presumably to force users into using their worthless proxy), and it was brought back by popular demand.

Since the last time I looked at PGP, it’s lost the ability to communicate with public key servers other than the one actually run by PGP Corporation, which very few people use. According to a thread on the PGP support forum, the developers know about this bug and just don’t care about fixing it. Well, nobody will ever accuse the PGP Corporation of having good customer service or QA! Fortunately the keyservers have web interfaces so the problem can be worked around as long as you’re using the “unsupported” Mail plugin. Anyone foolish enough to use the proxy will be out of luck, though.

I ultimately decided to switch from GPG to PGP for my email needs, at least for the moment, because while both of them have huge problems on the Mac, PGP’s refusal to work with keyservers that aren’t owned by the PGP Corporation is less of a problem than the hideously unusable keychain management that GPG inflicts.

Replacement work key
May 2nd, 2009 by Ken Hagler

In light of the recent news about SHA-1, I decided to replace my ten year old work PGP key.

New attacks on SHA-1
Apr 30th, 2009 by Ken Hagler

This was posted on the PGP-Basics mailing list by Robert J. Hansen:

Some researchers are claiming they’ve been able to make the Shengdong
University attack on SHA-1 a factor of about 2000 times easier. If
their research is correct, that means SHA-1 is now attackable by regular

These results are not unexpected. We knew this day would come. For the
last couple of years most crypto nerds have been strongly recommending
people either migrate away from SHA-1 immediately, or at the very least
have a migration plan put together.

If you have already migrated — then you may ignore this development.

If you have not — then it is increasingly urgent you do so.

Original URL:

Another PGP Whole Disk Encryption Review
Nov 3rd, 2008 by Ken Hagler

Review: PGP Whole Disk Encryption for Mac OS X [Paul Stamatiou]

Another good review. This one doesn’t mention Time Machine, but goes into more detail on cold boot attacks.

PGP Whole Disk Encryption review
Oct 31st, 2008 by Ken Hagler

Securing Your Disks with PGP Whole Disk Encryption [TidBITS: Mac News for the Rest of Us]

A generally good review of the new PGP disk encryption software, but I do see a couple of problems. First, the author only hints at how it works with Time Machine, which is an area of interest to me. In theory it should be fine (although obviously you’d need to encrypt Time Machine’s backup volume too), but when it comes to software compatibility theory and practice often diverge.

Second, the author says that it’s a “limitation” that PGP Whole Disk Encryption only secures your data when the computer is off, and not just while it’s asleep. I consider that a necessary function, not a limitation. Because it’s entirely possible to recover sensitive data (such as the passphrase for the hard drive) from a “sleeping” computer’s memory, claiming to encrypt when a computer is put to sleep would only be providing a false sense of security.

I’m interested in this product for my own use, but given PGP, Inc.’s rather spotty record to date (they’ve managed to render their main PGP product unusable in the name of usability improvements), I’m waiting for a while to be sure that there aren’t any hidden problems.

Encryption and Gmail
Oct 29th, 2008 by Ken Hagler

How To Talk So The Government Can’t Listen. Part 1: how to encrypt your e-mail in Gmail with GPG (for use with Gmail or other web mail interfaces on Firefox in Windows) [Rad Geek People’s Daily]

A good detailed tutorial on how to use GPG to protect your email within Gmail. The parts dealing with key management are Windows-specific–the state of Mac support for GPG is considerably inferior and Linux support (at least in the Ubuntu distribution) is better, but the details are different.

»  Substance:WordPress   »  Style:Ahren Ahimsa
© Ken Hagler. All rights reserved.