12 comments

[ 2.5 ms ] story [ 33.5 ms ] thread
VeraCrypt's approach to achieve plausible deniability for disk encryption:

https://veracrypt.eu/en/Hidden%20Volume.html

Obligatory response: https://xkcd.com/538/

Sad but likely true. (please prove me wrong, other than creating fake data that’s so convincing it will save your life in any ‘gut-wrenching’ situation, every time)

[edit: don’t get me wrong, I love truecrypt/veracrypt, literally use it every day]

Not every entity that would like to access your disk, will be willing to leave the realm of applied human rights.

Basically no level of encryption will help you against a determined (and law ignoring, if they even have one against it) agent of a nation states intelligence service.

But it will most likely work against your bread and butter LEA employee or your local variety of the IRS/SEC.

Thanks for proving me wrong! Even if it’s only for a fraction of the people, you’re still right for most people, a large fraction. As long as you’re not targeted by entities above or considering themselves above, the law, the Veracrypt approach will suffice. Good point.
I've never understood this xkcd. The depicted situation only ever comes up under hilariously contrived threat models, and is not a reason not to use the best encryption you can get even under those models. So right back at you: prove me wrong, outline some realistic "evil plans" where the $5 wrench is the best option.

Under most threat models for most people (even spicy ones), good encryption with lots of features such as deniability, makes perfect sense.

What's the importance of the secret you're holding?

If it's primarily financial (e.g. keys to your BitCoin wallet), then encryption is obviously a great idea. A lot more people are capable of theft for financial gain (especially theft that doesn't require physical presence and you might not even learn about until much later!) than robbery which requires the physical presence of an assailant. This also holds for government-level threats: a rogue border guard might copy your financial information and sell it to the highest bidder, but they're very unlikely to beat you for it on camera, even in countries where human rights are a secondary consideration. And if you're afraid of being robbed, well, you can always secret-share and keep the other half of your key in a secure bank vault, or have somebody send it later in the mail. And you should still use the best encryption you can get!

If your adversary instead has the motive to keep something suppressed (e.g. evidence against Dear Leader), then they don't need to get the keys at all, they can just seize your hard drive and secure erase it. They'll probably still beat, jail or kill you afterwards, but that would still have happened without the encryption.

If you're protecting somebody or something (e.g. the hard drive reveals the location of the planned attack on Dear Leader, or a promotion list of people involved in the upcoming coup), then plausible fake information is both easy to create and is very valuable - the people you're protecting might have escaped, or the true plot might be fait accompli by the time they realise you've given them fake data and the wrenches come out.

If the government stops you and does not even know that you're a person of interest, then... well, that's the textbook use case for deniable encryption, and if you do it right, they'll never realize that you were the person of interest all along.

If you're protecting something that's more valuable than your life (e.g. nuclear launch codes) then you at least get the option to endure the wrench. And if the encryption is crackable by a sufficiently large computer, your adversary _will_ build that computer, so you should still use good encryption. And for the love of God, invest in some guys with guns to shoot the idiot who brings a $5 wrench to a gunfight! And use encryption that's significantly more expensive to break than winning that gunfight would be.

xkds's opinions are always right; they are just not always correct.
> xkds's opinions are always right; they are just not always correct.

So the missing c stands for correct?

or, more realistically, underpaid unbothered border guard sucks your hard drives down bit by bit, then asks for the password or you get jailed. Its part of a bureaucratic process, so having hidden volumes is great because you can easily provide the password for the unhidden volume, they open it up, run their algorithms to check your files and boom, you're through customs without some poorly managed arm of bureaucracy having your sensitive research / IP waiting to be stolen in the next hack of your technologically inept government. Stuff like hidden volumes is great for situations where your otherwise decent habits would be kneecapped by poorly thought out bureaucratic nonsense.
Xkcd is humor and often a joke. It's best to let it lie and let others extend the joke far past its utility.
This would be quite expensive to apply to whole-disk encryption, as you'd need 8x the size of the data that you want to store. Whether this is worth it or not depends on the threat model you're facing, of course.
This is a very poor advice at deniable encryption. The structure of the ciphertext is visible to the reader - when you get your decryption you know that it is one of many.

I presume the true deniable decryption would work in a way that fully hides the presence of the alternate contents. Note, however, that most encryption schemes are specifically designed to be non-deniable, so you'd be caught by simply using organically grown crypto before even decrypting anything.

For those interested in paranoia, I suggest looking into steganography and forward-secrecy schemes with transient secrets.

What do you mean, structure? The output here is indistinguishable from random data

Note stenography will not actually help if your data is searched for.

Obscurity isn't a protection method

The idea is that you can't tell how many encrypted items you have in the output without the secret key

This will not hide that the data is encrypted, sure, but will allow you to reveal the innocent pieces only if required