[valarauca1]

It'd be possible but difficult.

I don't know how to do it without some kind of markup / document system (no morning coffee yet). I figure it wouldn't be that hard.

You could use a TDMS file(v1), which each channel is an item. When ran you give the program a password, which it checks against each channel, calculating the salted hash of your password. When it finds a matching hash it decrypts the document (saved as data within the channel).

This gives you a lot of plausibly defensibility because nobody understands TDMS file structure, not even people who work with them (it is an open standard, just nobody cares). And secondly, you decrypt the document and you get something out, even if that something isn't exactly correct.

I could likely push out a windows version by Saturday I guess if you don't mind it'd be using SHA-256 instead of [b/s]crypt for password checking. Maybe future updates to include some form of internal compression + some type of signing who last modified the document(s).

[zacinbusiness]

Knock yourself out. People will be buying anything that they think can keep their data safe, so someone may as well come up with a decent solution. We can build it and let the HN community battle test it. Split on profits can be 60/30 as you're doing the work :-)

[valarauca1]

Battle testing is a horrible way to prove crypto works, from the outside looking even horribly done crypto looks secure.

[zacinbusiness]

Yes, comments like this actually are what I'm looking for. We need to develop real tests.

[valarauca1]

The only real test is to make it open source. There isn't a lot of money in cryto done correctly, that is closed source. Because without public audits its impossible to know you've done it correctly, and even if you have, the public perception will be you haven't due to its closed-source-something-to-hide nature.

[zacinbusiness]

Makes sense to me. I've always wanted to get involved in a cool open source project. Anyone want to get this started? Make it a free time activity or something? Or are there already better solutions out there? No need to reinvent the wheel.

[valarauca1]

Not in this direct line of software of the encrypt multiple documents and only out 1 based on pass-phrase, this would be unique (as far as I can tell).

True crypt tells you how to set this up, but not do this automatically. Also it would require you selecting which volume, not just "insert password get document"

This would offer a higher degree of plausible-deniablity, and portability, by making it a file its not tied to one location. The structure of the file, and multiple hashes also grant plausable deniability why you can't just decrypt the entire file in one go and compare the 2 documents SHA hashes.

Would it stand up in court? No. It would help avoid less tech savvy people.

[IceyEC]

Can I have the extra 10 percent?

[zacinbusiness]

Yes!

[valarauca1]

So I did get an early version working, but 5 minutes to join to 4MB PDF's encrypt and compress.

Final fize size of 746kb though made me feel a bit happy.