Hello Mica, On Monday, October 18, 2004 at 4:35:49 PM Mica [MM] wrote:
MM>>> But there is still an other advantage of PGP over Scramdisk (which can MM>>> be used without any installation, and from a floppy), and this is, if I MM>>> understood well, that your files in a mounted container are all in a MM>>> non-readable form, except the ones you have active/open in the given MM>>> moment, when you work with them. >> Well ... define "have open". Having a file open requires to open it >> first. This "open" would fail if the file(s) were non-readable. So >> it/they must be readable, else you wouldn't be able to open it >> yourself. MM> This what I wrote above is based on characteristics described in PGP MM> User Guide: "Even a mounted volume is protected: unless a file or MM> application is in use, it is stored in encrypted format." MM> This defined by "in use" I worded by "have open". Correct. MM> For the term "encrypted format", I have used "non-readable form". Not really correct. What the sentence is about to tell is: the PGP-Volume is decrypted "on-the-fly", that means: whenever something uses "the usual way" to open a file, i.e. using system call to file system, the "PGP-driver" will fetch the file from PGP-volumen and decrypt it's contents. The opposite would be: when a PGP-volume is mounted it is decrypted, hang into the system and all files are present in a decrypted form. The advantage of PGPs way is little, but not really useless: there's no chance to "raw byte" access the PGP-volume and steal files, you'll have to use system calls to gain access to a file. With a decrypted volume being mounted (the way PGP does not go) one could raw byte access this "device" and fetch all the data in their decrypted representation. I don't know why any malicious software would try to raw-access a block device, instead of simply using file system calls, except if something like ACLs (access control lists) might prevent access through sys-calls. As PGP-volumes can be formatted using NTFS this "even a mounted volume is protected" could make sense. But I guess Scramdisk uses similar technology, else RAM or HDD-space could rather fast go low, if a complete disk would be stored encryped AND decrypted when mounted. Nevertheless I think PGP-disk is superior to Scramdisk (from what I see on Scramdisk home page as features being supported and screenshots being presented): - PGP-volumes can be located at any formatted partition, not only FAT (if the web site is actually right with this limitation) - PGP-volumes can be NTFS formatted, I don't see a single hint Scramdisk supports something different than FAT. This leads to "mounted volumes are NOT necessarily open to everybody with file system access", because normal Windows permissions can be applied on top of encryption. - PGPDisk supports AES (256Bit) - PGP-Desktop is as expensive as DriveCrypt, the successor of Scramdisk, but you get not only the disk encrypter, but a general (including, but not limited to communication-) encrypter as well. But that's just MHO, it doesn't necessarily mean somebody has to share it :-) There's one thing that makes me wonder: DriveCrypt Plus Pack - encrypts the whole operating system I'm not really sure if and how this works reliable and fast when it comes to Windows being installed ... but I might be narrow-minded :-) -- Regards Peter Palmreuther (The Bat! v3.0.2.1 on Windows XP 5.1 Build 2600 Service Pack 2) We are not punished for our sins, but by them. ________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
