Open vinhdizzo opened 1 year ago
There has been a lot of talk about plausible deniability over the last tens of years and the outcome seems quite clear:
Plausible deniability works well only and only if the whole device (especially the HW) and ideally the whole world is made to contain only plausible deniability functionality.
So I think in this project it would not make much sense. But YMMV.
@dumblob sorry I'm not as well versed in cryptography and such. I wasn't aware that implementing a second passphrase for plausible deniability is not effective. Could you provide some references? Thanks.
Basically plausible deniability relies on indistinguishability in the given context. It goes somewhat like this:
police: we see this file you stored/sent/had_lying_somewhere/... and can not read it - please provide password you: will provide a password police: but we encrypted the revealed content with your password and the file shows a very different metrics (enthropy, sizes, blocks, structure, patterns, whatsoever... - search for "forensic analysis") - please reveal what is there you: oh s***t
This simple issue (technical means will prove that what you revealed is not everything) holds until you really encrypt all the drives on the bit-level (before any MBR/filesystem/... gets imprinted on it). So now assume you really did that.
Then applies what VeraCrypt describes in https://www.veracrypt.fr/en/Plausible%20Deniability.html - namely that you have to maintain two plausibly normal-looking systems all the time along each other (you have to e.g. log into both systems every day to not create any precedent such as "but we have a CCTV recording that she worked on her computer but she has shown us a system which was not used for more than a day at all based on logs etc. in the system").
But even when there is zero (really zero) other evidence (this basically never happens but let us just assume it here), then there will always be the question: why do you use VeraCrypt which has the plausible deniability feature and not other much more widespread SW which does not have this feature.
And here comes the HW. If you will buy HW which has other-than-plaus.-deniab. primary functions but it uses plausible deniability under the hood without even marketing it as a major feature and without any options to turn it off, then it is much easier to counter this argument with other obvious capabilities the HW offers as the reason you bought it.
Unlike with VeraCrypt where it is not obvious what the other major features are and thus you would be suspected to be an expert on encryption and thus what you say would definitely not be considered plausible :wink:.
This is a really useful and simple tool. Thank you!
In regards to usability while traveling, sometimes authorities at an authoritarian country may coerce the visitors to decrypt the files on on a USB drive. It would be nice to have a plausible deniability feature linked to a second passphrase where the second passphrase would decrypt some dummy data of the user's choosing (e.g., another PDF file). Just a thought.