That's why TrueCrypt, and I think Vera Crypt have support for a volume that can be decripted with two keys - one will yield a decoy volume where its free space is actually the real volume that you want to protect which gets decoded only with a second key
I'm not sure if the entropy analysis of that free space can suggest that there's something funky about that free space or not..
Because usually free space is either actual info just marked as deleted, or info reset to zeros by some pro active wiping of the free space.
So, having a bunch of whacky data that doesn't look like any kind of file, can probably be used as a tell tale sign? No?
My understanding is that people who torture you don't know what you don't know; so they don't know when to stop. As such, they'll keep torturing you way past the point where you've admitted to everything you know. This is why information obtained under torture is considered unreliable: eventually you'll just say anything to stop the torture; further admissions will support the use of torture as an information extraction tactic, and then lead to more torture.
In theory, you could just keep adding n+1 layers of fake passwords (maybe with realistic fake data), on the hope that after n attempts, they think they've broken you and hit the jackpot.
But as sibling commenters describe, if sufficiently motivated, there's no reason that an authoritarian state wouldn't just keep torturing you anyway. :(
> if sufficiently motivated, there's no reason that an authoritarian state wouldn't just keep torturing you anyway.
Sure, but it helps to make it look like you're someone not worth torturing in the first place. The same look would happen when you decrypt your TrueCrypt partition.
Large unused sections on the laptop with random data is a bad look for someone trying to say they're not a spy.
If it were me, I would do something more like bring a laptop with a bunch of biblical research and ask everyone in the checkpoint, if they've taken Jesus Christ into their heart.
This of course assumes that in this instance the authoritarian regime just finds these sorts of religious people annoying and not dangerous. I wouldn't do this coming into Iran, say.
When cryptographers talk about "security through obscurity" they're talking about cryptographic algorithms and protocols. So even systems that aim to prevent "rubber-hose" attacks could benefit by avoiding algorithms (like AES) who's security is based on obscurity, even if there are parts of the system that are obscured.
Only circumstantially in IMHO. Obscurity can be a semi-decent security tool in some situations, and in others completely and utterly useless. It depends on what you're trying to secure.
It seems like there's something like a way to measure the different mechanisms in terms of how inherently decoupled they are from their surroundings. So, a the fact you have to send messages to my server in a particular format is one type of obscurity- but it's highly non-incidental, linked to many different parts of the world (i.e. it's some common network protocol) and more easily investigated (you could get interesting different responses by vary what string of bits you send).
In comparison, which particular password I use can be very highly decoupled from the rest of the world and my architecture, which makes it vastly more (reliably) obscure.
Somewhere inbetween "you have to know my server exists to send 'login:admin password:pass' to it" and "the volume's encrypted with a 2048-bit cypher generated from atmospheric entropy" is, maybe, a useful middle ground.
Hidden volumes seem like more of a defensive meta-obscurity, in that they obscure your metadata (your ownership of a particular piece of encrypted data).
I'm aware. But Kerckhoff's principle is just saying that your mechanism of encryption shouldn't be obscured. It doesn't change that I can't define 'obscure' in a way that doesn't make it a mechanism (in itself inobscure) of obscuring data.
Also, there are plenty of historical ciphers that fall foul of Kerckhoff, I don't think we can say retrospectively that they weren't done for security, and in many cases were probably totally adequate for some time, if not their lifespan.
I think the authoritarian regime will just torture anyone with any VeraCrypt or TrueCrypt volume and the plausible deniability will come back to bite you as you can't prove that there are no other hidden volumes.
The problem is the level of scrutiny. Against some attackers, decoys have very very nasty game-theoretic failure cases.
Specifically- there's no limit to the number of decoys that could be on a disk. So you can get into the situation where you've decrypted every volume that exists, under coercion, but your adversary believes there are more volumes remaining.
By design, you have no way to prove that there isn't more hidden data on that disk. This is unlikely to end very well for you.
> So you can get into the situation where you've decrypted every volume that exists, under coercion, but your adversary believes there are more volumes remaining.
This is intentional.
If you could prove that there wasn't more hidden data, then the incentives would be to torture you until you did that.
Since you can't, there is no incentive to reveal a further hidden volume, since the attackers will either keep torturing you or not, and revealing more will most likely not help you.
If I remember correctly, the decoy volume treats all the hidden space as available disk space. TrueCrypt used to have a warning that booting into the decoy volume could scramble the hidden volume when the OS wrote files to disk if it happened to choose some space that overlapped with your data.
If your decoy only lists 5GB of space on a 5TB drive, then it isn't a very good decoy.
If you have a VeraCrypt partition that they can detect, it makes you look like a spy. Lots of random data in unused sectors on your hard drive is a bad look if you're trying to convince the border agent you're not a spy.
If you have a plain old laptop with some mildly embarrassing information on it that's not encrypted, you might still be a spy, but they wouldn't be able to tell from the laptop itself.
An encrypted volume (fixed space) should even remove the white space. After all, knowing the size of a file contained within could leak information about its contents.
I imagine the only way to detect a volume would be to have it decrypted (enforced by law enforcement), to take the supposed volume type and files within and then re-encrypt with the same data. If your volume and the supposed clone are different, it would suggest that you have hidden another volume within.
I think the defense is that (assuming IVs, nonces, etc... are held constant) that the files would encrypt identically. And the excuse for the rest of the disk is “it gets filled with random bytes to obscure how much disk space is actually being used.
The same tradeoff as with any security measure applies to border officials. They may or may not go beyond scanning for low-hanging fruit, and in a typical scenario probably won't.
As far as I know, every country asserts the right to thoroughly inspect anything that crosses its border. There may be a few exceptions, and it may not matter in a practical sense for situations like (e.g.) within the EU, where you don't actually have to go through customs when you cross the border, but in the general case, it's true.
At this point setting up a secure connection to a device in a secure location is way easier than trying to protect your data against someone with physical access.
You can also get your collaborators to revoke access if you fear you might be 'compromised', although ultimately it's hard to protect a system against yourself.
I believe Truecrypt supported a feature where different passwords would unlock different partitions in a volume. So someone could ask you to input the password for BadBoy.tc, and if you enter password1, then you get say the data they actually want. But if you enter password2, it mounts a different part of the file which gives the appearance that you unlocked the whole thing. So, you could stage a dummy partition that has false but convincing data and hopefully fool any captors.
2) that’s still true even if the reason you don’t have a key is because you don’t actually have a secret encrypted partition — or whatever — to supply a decryption key for
So the best thing to do is avoid being in a situation where someone is allowed to do that in the first place.
This is interesting. This also means that using encryption or anything that can plausibly make someone even slightly suspect you're using encryption (even if you are not) can make your situation worse, with certain classes of enemies.
I'm sure advanced configurations with well-crafted decoys and steganography can help combat that, but as we can see, encryption can only take you so far and it's only one element of the picture.
Plausible deniability, like hidden containers in TrueCrypt?
That's a double edged sword though - imagine you give up, surrender the password and are then being asked to unlock a hidden volume, which you don't have.
Encrypt with two keys, one that you know and one that a trusted third party , knows. When you reach your destination, establish secure contact with the third party and have them share their key.
I think one method would be to ensure you don't have the full key, i.e. you have some select friends, each that have part of the key (with some redundancy) - all unaware of one another and potentially all unaware that they even have part of the key.
Then you position your friends over multiple jurisdictions so that they cannot legally compel all of them to play along.
Sharded secrets... you only have one part of a key or keys needed to decrypt some data so even extracting that from you by torture will not suffice. Of course this isn't always practical.
The trick is to ensure you are never near all the people who know the secret when there is the possibility of trouble. That makes kidnapping everyone harder.
Of course if you really worry about such things you shouldn't be trusting the other people you are working with either...
I was at the Sydney launch event for Assange's implementation[0] in 1997. It is amazing that, after all of this time, it is still apparently such a major theoretical touchstone within the open source cryptography landscape[1].
I'm not sure if the entropy analysis of that free space can suggest that there's something funky about that free space or not.. Because usually free space is either actual info just marked as deleted, or info reset to zeros by some pro active wiping of the free space. So, having a bunch of whacky data that doesn't look like any kind of file, can probably be used as a tell tale sign? No?