PGP Locked Harddrive

[toslap]

I've locked my laptop harddrive with PGP Desktop, how secure is this?

It loads before windows and asks for the password, when I try to find the drive using tools in BackTrack, Auditor, or Hirens Boot Disk (DOS) it either doesn't show up or isn't accessible. Is there anyway for somebody to get the key without logging in. I'm sure there is a way to get the key once logged on, but should I feel relatively secure leaving my notebook around turned off?

Thanks

John

[cooper]

You should worry because forgetting the password means no storage for you.

Is it really that important to you that nobody touches your Windows or Office installation?

Most people make a separate partition or something that is encrypted which gets the sensitive stuff.

[toslap]

Is it really that important to you that nobody touches your Windows or Office installation?

Most people make a separate partition or something that is encrypted which gets the sensitive stuff.

Its not that important, just curious. But if I was to make a separate partition then wouldn't the key be stored on the non-encrypted accessible partition?

I was just wondering if this is a good way to secure my laptop from physical access.

Where are the keys stored, is there something with the MBR that loads PGP before windows? I figured if anyone knew the answers it might be someone here.

Thanks

[cooper]

The key isn't stored. The encrypted data is stored. You enter the key manually (which is only kept in memory, and a locked page at that so it doesn't get moved out to swapspace). The key isn't compared to a stored copy to allow you access to your data. Your stored data in its encrypted form is entirely useless to everybody (if the crypto is any good) and you require the key to convert the data (again, on the fly and only in memory) to something comprehensible.

[mpt]

Is it really that important to you that nobody touches your Windows or Office installation?

But it may be possible to load a program into the the windows or office installation that could grab the data from the encrypted file system once it is mounted. You could just replace the executable (w/ a live CD) of some common program that the user will launch or the OS will launch with your program that sends the content of the encrypted drive to your computer. You could prevent someone from using a live cd by adding a password at the BIOS level, so you would have to log in before your computer boots.

Although this attack requires a very concerted effort to get one user's data. The attack would require you to mount the filesystem, so your data would still be safe if someone just stole the hard drive.

[PoyBoy]

Not really, like cooper said, you enter the password, and it is encrypted, in the ram, where it is locked, meaning that it will *always* stay in ram untill the power is turned off and go nowhere else. It is encrypted in ram, and the hash is checked against the stored hash. This is the only place that the password can get out, but it is in encrypted form. Usually, there is a pretty sophisticated way of stopping people from even getting at the wncrypted hash in the first lace

[billybob]

i have a bios pass, a hdd pass, a grub pass, and of course my main login pass to windows, backtrack, or ubuntu. basically if you lock the bios, boot first from hdd (nonremovable), and dont let people remove the cmos battery :P you will be fairly secure. that is if you simply want to prevent access to the machine it self. you said that you are talking about a laptop, many laptops have a builtin hdd locking feature, look and see if yours does.