Re: Mac encryption?

[Mike Lococo <mike.lococo () NYU EDU>]

Harvard Townsend wrote:
> We're using PGP Whole Disk Encryption for Macs and Windows and have been
> very satisfied, except they do not yet support Snow Leopard. The do
> support Windows 7, though.

We're evaluating PGP as well, and while it works ok I thought it worth
mentioning that PGP on the Mac seems like a bit of a second class
citizen when compared to PGP on Windows, at least when you're using it
in conjuction with a managed PGP server.  For example:

* If you use Guarded Key Mode, the Mac client cannot automatically
download the GKM keys during enrollment of a new machine (the windows
client can).  Instead you have to manually load the keys from some other
source.
* Mac clients fail to complete the "Key Reconstruction" process using
the 5 recovery questions.  They give an error which falsely claims that
the questions were answered incorrectly.  If you forget your passphrase
or your keyfiles become lost/corrupted, you'll have to recover them from
a PC and manually transfer them to your mac.
* You can't change or update your 5 Key Reconstruction questions on a
Mac.  If you want to update your security questions, you must do so from
a PC.
* The Whole Disk Encryption boot prompt for Mac clients does not display
the site-specific "additional text" often used to point folks to the
helpdesk in the event of problems.
* Finally, as others have noted Snow Leopard support has lagged Windows
7 support considerably.  Whereas it seems like PGP fairly consistently
tries to release PGP compatibility updates in advance of retail
availability of Windows OS updates, you're likely to be stuck holding
your Mac clients back pending the availability of a compatibility update.

I haven't used Checkpoint and can't speak to whether they do any better,
but while PGP is certainly fuctional on a Mac, it is fairly rough around
the edges.  I find this to be in stark contrast to the Windows version
which I've found to be quite solid and bug-free.

Thanks,
Mike Lococo