ElcomSoft blog

«…Everything you wanted to know about password recovery, data decryption,
mobile & cloud forensics…»

What does “The only way to break into PGP” mean?

April 30th, 2009 by Vladimir Katalov

Note to PGP legal dept: I’m not going to put the ® sign every time when I mention PGP. I’m just tired; we already did that in our press release and on our web site, and I think it’s enough. No, really? Well, I’ll repeat one more time: all names like PGP are trademarks or registered trademarks of their respective owners in the UK, USA, Russia and probably somewhere else  e.g. in Albania. There are too many countries to mention, sorry :). Why should I care about (R)? Keep reading, and you’ll see the reason.

Note to PGP executive and marketing depts: thanks again for helping our marketing people to spread a word about company and our software. We have received many calls from local and international media, a nice press coverage, and a lot of people coming to our booth at InfoSecurity. Well, and several good orders  mostly from forensic/investigation people.

Now an update to my previous post. It becomes more and more funny: PGP has wrote about our ‘conflict’ in their own blog. And the author is… Jon Callas, CTO of PGP. He called his blog entry Lies, Damned Lies, and Marketing – not bad, eh? But the contents is even better. Jon starts with the words about ElcomSoft: “The company who made this has a great product, and as I said then, it’s a very cool product.” Thanks Jon, but we already knew that our software is “great” and “cool” – otherwise we would not get enough sales ;). But Jon’s story continues with the following:

[ElcomSoft] booth said, “the only way to break into PGP®.” This is a lie, and a lie in two directions.

1.They’re not breaking into PGP, they’re doing password cracking. There’s a difference.
2.They’re not the only people who do it. As I’ve said before there are plenty of other password crackers, both commercial and open source.
In short, the sign was factually incorrect, and lies about PGP.

If we lie, please sue us. If we don’t, better be quiet, please. But PGP marketing people have selected the 3rd way: complained to Reed Exhibitions and asked to destroy [a part of] our booth. Well done.

About [1]: from my personal point of view, “breaking into PGP” can mean “password cracking” as well. Do we provide the tool to get access to password-protected PGP disk? Obviously we do. Did we say that it works in 100% cases, or that we cracked PGP encryption/algorithms? No we did not. Oh well, our English is definitely not perfect, but I think it is still better than your Russian, Jon 😉

About [2]: yes, there is a lot of password crackers around. But I’m aware of just a single one (except ours, of course) for PGP Disk – and it is commercial; supports old versions of PGP Disk only; moreover, it is distributed only as a part of very expensive commerial e-discovery package – and it is MUCH slower than ours (because it does not use GPU acceleration). Sorry, I will not mention the vendor name here, simply because it is our competitor – and it did not pay us for an advertisement :). Jon, I’d appreciate if you can name the other ones (commercial or open-source). If you cannot, YOU lie. But I like your wording “as I’ve said before”; I think I should used it myself, too (e.g. “as I’ve said before, PGP is not secure and can be cracked” – without reference, for sure :)).

I recall how I talked to PGP representative a year ago – on previous InfoSecurity UK. The first question he asked was: “Have you received an e-mail from our legal department?”. I replied “Should I?”; he said “Yes”, and explained the reason: there was no (R) sign (near “PGP”) in our press release (Elcomsoft Distributed Password Recovery Unlocks PGP Protection). Well, see the note at the beginning of this post 😉

Another note: in fact, we were strictly prohibited (by Reed, but that’s definitely not their own initiative, but for sure PGP’s one) from printing anything about PGP on our booth. It’s a pity that I did not have a voice recorder handy. So if we wrote something like The only way to break PGP passwords, or The most cost-effective way to crack PGP passwords etc, such panel will be removed as well. We’ll probably try this next year. But we reserved the other place for InfoSecurity 2010 – not so close to PGP; I think it is a good idea anyway, because every half an hour they’re doing very loud (but not very smart) presentations telling people that PGP is #1 in this and that (nothing really interesting/technical/innovative).

Oh, I forgot to mention that we received a document from Reed explaining why they’ve removed our wall paper, finally – at the end of the first day, i.e. about 8 hours after removal. The official Regulations (sorry, I’m too lazy to scan it – but I will, if you wish) say that it should be done in advance (and no action can be made without prior notice in writing), but who cares? Anyway, for those who interested – here is how it looks like:

But I should also mention that Reed keeps their word: our panel has been replaced this morning (at their own cost). Have a look (the second panel from the right; the color is slightly different from the original one, but still better than nothing):

Lessons learned? You guess yourself. I would not say anything bad about PGP and/or Reed – they really helped us a lot. And I would NOT recommend PGP to send smarter people to the exhibition next year – so we’ll be able to save a significant part of our marketing budget 😉

After all… All of the above (as well as my other posts) is my personal view, and not an official position of ElcomSoft. Yeah, I’m the CEO of ElcomSoft, and I’m the person who approved the design of our booth (btw, only two days before the show: we were really busy doing technical stuff), but anyway.

And finally, thanks to all who made the comments to my previous post. As you can see, our blog is NOT MODERATED – in contrary to PGP’s one (which is actually premoderated, try it yourself; we made some comments there, but they have not appeared – at least in about two hours after writing). Censored? 😉


Tags: , , , ,

Sign up for free ElcomSoft Password Recovery Software newsletter

11 Responses to “What does “The only way to break into PGP” mean?”

  1. P says:

    I realize that the comment I left on your previous entry is almost word-for-word the analysis of Jon Callas. But I hadn’t read it beforehand, and I am in no way linked to PGP. So there might be some kind of truth. Either that or we’re both morons. Oh well.
    The fact is, your marketting message was really, really awfully bad, and PGP’s reaction was more than understandable. Reed probably did you a favor, too, as -if my reaction is anything to go by- security-wary people would have put you on the “shameless bollocks” blacklist after seeing your poster. The takedown could have been a bit more courteous though. Giving you the opportunity to do it by yourself would have been a good thing.
    The whole stuff is a shame, as with a tiny twist you could have presented the same point AND gained PGP support by adding a bit of obvious irony which would have made the hidden praise to PGP more obvious: after all, your slogan can be read as “PGP is so good that there is no way to break it, but we provide the best way to do something approaching”. I don’t know, I’m no PR person but “The best way to break into PGP -sort of”, if still a stretch, might have worked better (note the “best” and “sort of”)
    It’s OK for a shoemaker to say something like “the best teleport solution” because it’s commonly understood that teleportation is not feasible at the moment AND the slogan wouldn’t depreciate anyone’s product, but in IT security the frontier between breakable and unbreakable is slim and ever changing, and your poster was bound to be understood as a direct attack towards PGP by a number of people, so the slogan was really over the top.
    If I went to a big medical get-together with a banner saying “the only way to cure your kid’s meningitis” and my solution was to let them die and make another kid, I would expect to take some heat.
    You came with a deliberately controversertial poster and got spanked, it happens, get over it (and ditch the crappy sensationalist bullshit to focus on your products’ strenghts).

  2. KARPOLAN says:

    Keep going, sarcasm is great way to communicate with lunatics 🙂

  3. Artyom says:

    …write plain pee-gee-pee, so people will spend few seconds more in front of your booth, guessing what would that mean

  4. Alex says:

    From my POV they (PGP Corp) should be happy about you recognizing their strong cryptography. Knowing what Elcomsoft is I get your message involutary as: “The only way to brake into PGP … is password recovery”. It’s obvious for me you’re attacking human stupidity not PGP software per se. It’s a smart slogan and I can’t imagine a single person reading it other way round. May be because I’m Russian? Don’t know.

    What is PGP saying by that complain? “No. It’s not the only way”? “The way offered by Elcomsoft (password recovery) is not the only one”? Hm…

    PS. I think I get it. They say: “You are not braking into PGP as in ‘PSP software’ but solely into PGP as in ‘PGP Disk encrypted data’. And that’s not this.” Just “the only way” to save face.

  5. P said:

    “I realize that the…focus on your products’ strenghts.”

    Thanks for the comment. Yes, we do focus on our strengths (should have seen our presentation in Technical Theatre 😉 and the poster note was _pure_ tradeshow attention getter, to let people stop by and say “Gee… is that ever possible!?” and/or simply amuse knowledgeable visitors 🙂 We expected intelligent people at the event and we did meet them at our booth (thnx all for dropping in!)… whereas pee-gee-pee marketing/sales guys granted their customers with free beer and “encryption for dummies”- brochures, sad but we didn’t manage to take a picture of it, looked really funny especially in the light of what happened :))))

  6. Frank says:

    I found it very funny that the Reed organizer attempted to stop you taking pictures of your own booth. Maybe if you had been taking pictures from the competitors one can understand, but trying to stop you taking pictures of your own booth? WTF

    On the other hand I think PGP is correct when they say that you are not breaking in, you are cracking the password and if the user has chosen a long passphrase you will most likely not succeed, and you know it.

  7. chaotikcore says:

    you kind of sound spiteful man.not very professional. sometimes you should logically know what the outcome could be and as a programmer you should know that lesson well.common
    sense would dictate that if you wrote that on a banner in public and the company you were writing about was there, of course they would have a problem with it.you would to as well..c’mon you know you would.sure..you have a good product sure pgp(r) does to.be a company.show respect to both sides.also..the letter you were sent sent from reed was very professional and showed consideration for both side.it sounds like they were the only ones who acted like they wanted to run a successful business.(i do run and operate my own for 8 years now).part of doing that means coming up with a catch that doesn’t offend.

  8. Electric Cigarette Rolling Machine…

    […]What does “The only way to break into PGP” mean? « Advanced Password Cracking – Insight[…]…

  9. Ivan says:

    If an applicant has a violent past, this may be
    a warning sign that he or she could be a potential liability to your business in the future.

    Probably, the most common reason to do so is to prevent negligent
    hiring lawsuits. It may happen that the person was involved in some
    kind of fraud with the previous company and that is why
    he had to lose the job.

    Take a look at my webpage; Ivan