After try­ing it for three weeks with­out prob­lems, I bought the lat­est ver­sion of PGP Desk­top Pro­fes­sional, which includes whole disk encryp­tion. Both my Mac­Book Pro’s inter­nal hard drive and the exter­nal drive I use for Time Machine back­ups have got­ten along with it just fine, even through the sys­tem update to 10.5.7. For the most part there’s no notice­able impact on per­for­mance, but then my lap­top doesn’t do any­thing really disk intensive–all my pho­tog­ra­phy work hap­pens on a dif­fer­ent com­puter which I will not be encrypt­ing. There did seem to be a slow­down in Time Machine back­ups, but that’s not an area where per­for­mance is really rel­e­vant. I would really pre­fer to use True­Crypt, but as it cur­rently can only do whole disk encryp­tion on Win­dows (where I have been using it for some time), that wasn’t an option.

The rest of the PGP Desk­top pack­age gets a mixed review. I had looked at PGP last sum­mer and dis­missed it as unac­cept­able because of the hor­ri­bly designed proxy it relies on for encrypt­ing email, but this time around I dis­cov­ered that there is also an offi­cially unsup­ported plu­gin avail­able for Mail. The plu­gin works the same way as the GPG­Mail plu­gin, but with fewer fea­tures. This is not sur­pris­ing, as they have the same author. Appar­ently some brain­less prod­uct man­ager at PGP Cor­po­ra­tion had decided to kill the plu­gin (pre­sum­ably to force users into using their worth­less proxy), and it was brought back by pop­u­lar demand.

Since the last time I looked at PGP, it’s lost the abil­ity to com­mu­ni­cate with pub­lic key servers other than the one actu­ally run by PGP Cor­po­ra­tion, which very few peo­ple use. Accord­ing to a thread on the PGP sup­port forum, the devel­op­ers know about this bug and just don’t care about fix­ing it. Well, nobody will ever accuse the PGP Cor­po­ra­tion of hav­ing good cus­tomer ser­vice or QA! For­tu­nately the key­servers have web inter­faces so the prob­lem can be worked around as long as you’re using the “unsup­ported” Mail plu­gin. Any­one fool­ish enough to use the proxy will be out of luck, though.

I ulti­mately decided to switch from GPG to PGP for my email needs, at least for the moment, because while both of them have huge prob­lems on the Mac, PGP’s refusal to work with key­servers that aren’t owned by the PGP Cor­po­ra­tion is less of a prob­lem than the hideously unus­able key­chain man­age­ment that GPG inflicts.

Review: PGP Whole Disk Encryp­tion for Mac OS X [Paul Sta­ma­tiou]

Another good review. This one doesn’t men­tion Time Machine, but goes into more detail on cold boot attacks.

Secur­ing Your Disks with PGP Whole Disk Encryp­tion [Tid­BITS: Mac News for the Rest of Us]

A gen­er­ally good review of the new PGP disk encryp­tion soft­ware, but I do see a cou­ple of prob­lems. First, the author only hints at how it works with Time Machine, which is an area of inter­est to me. In the­ory it should be fine (although obvi­ously you’d need to encrypt Time Machine’s backup vol­ume too), but when it comes to soft­ware com­pat­i­bil­ity the­ory and prac­tice often diverge.

Sec­ond, the author says that it’s a “lim­i­ta­tion” that PGP Whole Disk Encryp­tion only secures your data when the com­puter is off, and not just while it’s asleep. I con­sider that a nec­es­sary func­tion, not a lim­i­ta­tion. Because it’s entirely pos­si­ble to recover sen­si­tive data (such as the passphrase for the hard drive) from a “sleep­ing” computer’s mem­ory, claim­ing to encrypt when a com­puter is put to sleep would only be pro­vid­ing a false sense of security.

I’m inter­ested in this prod­uct for my own use, but given PGP, Inc.‘s rather spotty record to date (they’ve man­aged to ren­der their main PGP prod­uct unus­able in the name of usabil­ity improve­ments), I’m wait­ing for a while to be sure that there aren’t any hid­den problems.