[zacinbusiness]

Is it possible to encrypt two files together with two different keys? Say I have my class notes from freshman Latin and I have my plans to take over the world. I encrypt them together into a single file "dont_read_super_secret.encrypted" and if I enter "fuzzykitty98" as the key then I see only the notes. But if I enter "downwithfreedom2000" then I see only the diabolical plans. Is that possible?

If anyone builds this app, I'd like a slice of the pie, please :-)

[kybernetikos]

Truecrypt supports multiple encrypted partitions, and if you've got the details to decrypt one, you still can't tell if there are any others.

http://www.truecrypt.org/docs/plausible-deniability

[oskarth]

I believe this is possible with something like Truecrypt.

http://www.truecrypt.org/docs/plausible-deniability

[valarauca1]

It'd be possible but difficult.

I don't know how to do it without some kind of markup / document system (no morning coffee yet). I figure it wouldn't be that hard.

You could use a TDMS file(v1), which each channel is an item. When ran you give the program a password, which it checks against each channel, calculating the salted hash of your password. When it finds a matching hash it decrypts the document (saved as data within the channel).

This gives you a lot of plausibly defensibility because nobody understands TDMS file structure, not even people who work with them (it is an open standard, just nobody cares). And secondly, you decrypt the document and you get something out, even if that something isn't exactly correct.

I could likely push out a windows version by Saturday I guess if you don't mind it'd be using SHA-256 instead of [b/s]crypt for password checking. Maybe future updates to include some form of internal compression + some type of signing who last modified the document(s).

[zacinbusiness]

Knock yourself out. People will be buying anything that they think can keep their data safe, so someone may as well come up with a decent solution. We can build it and let the HN community battle test it. Split on profits can be 60/30 as you're doing the work :-)

[valarauca1]

Battle testing is a horrible way to prove crypto works, from the outside looking even horribly done crypto looks secure.

[zacinbusiness]

Yes, comments like this actually are what I'm looking for. We need to develop real tests.

[valarauca1]

The only real test is to make it open source. There isn't a lot of money in cryto done correctly, that is closed source. Because without public audits its impossible to know you've done it correctly, and even if you have, the public perception will be you haven't due to its closed-source-something-to-hide nature.

[zacinbusiness]

Makes sense to me. I've always wanted to get involved in a cool open source project. Anyone want to get this started? Make it a free time activity or something? Or are there already better solutions out there? No need to reinvent the wheel.

[IceyEC]

Can I have the extra 10 percent?

[zacinbusiness]

Yes!

[valarauca1]

So I did get an early version working, but 5 minutes to join to 4MB PDF's encrypt and compress.

Final fize size of 746kb though made me feel a bit happy.

[nmc]

Of course this is possible.

You can even take it a step further: full disk encryption, one key will give an innocent Windows install, and another key will give the diabolical plans.

However, information is only compressible to the extent of redundancy involved, so this can be spotted: compare the amount of encrypted data with the size of the innocent data.

[kubiiii]

Make sure to add some shameful evidences on the innocent Windows install to make it more convincing. "Sh.. you found my porn folder! Well done guys".

[mschuster91]

There's an even bigger weakness: timestamps in files and the Windows event log. These will show if your "innocent" OS hasn't been booted for $long_time...

[alextingle]

Just reset the hardware clock back whenever you power off. The pretend your clock is three years out of whack, and that you don't care. Hey presto - your ancient windows install looks "fresh".

[blueskin_]

2c2 by Michal Zalewski ( http://lcamtuf.coredump.cx/ ) is a theoretical exercise in this, but probably not safe for real use.