![]() ![]() ![]() Infinite nesting could actually cost the person his/her life. ![]() “As physical torture becomes less useful if the victim can plausibly deny any further layers…Thus the name Rubberhose” You cannot prove that a hidden TrueCrypt volume exists (unless you break AES or the mode of operation). “Rubberhose was always clunky, but the major feature it had, which TrueCrypt doesn’t, is the unprovability that there are any further layers of encryption.”Īctually, TrueCrypt does have that feature. Hardware solutions, as aforementioned, are probably best though of course you could simply put all your sensitive information on a Flash drive and keep a brick handy. Now, if the format was to have an encrypted segment at the beginning of the partition with partition information, that might be doable but in order to be secure, you’d have to fill the entire unpartitioned portion of the disk with Rubberhose-style chaff.Įven so, you’d have to be dealing with people who don’t presume guilt you’d have to hide the Rubberhose program and you’d have to hide any data that Rubberhose needs in order to mount that partition. Also, if there’s a predictable format for the partition, then it would be simple enough to search for it, even if you didn’t know what was on it. While you could try hiding partitions, that would require the Rubberhose program to recreate mount and save at least some of the partition information in an accessible file. The existence of a Rubberhose partition would be quite incriminating. I heard about Rubberhose perhaps two years ago but couldn’t find a copy of it when I looked again a few months afterwards. If detained by the secret police, however, one would be questioned about the use of this feature, and such (hopefully hypothetical) illegal organizations are willing and able to “extract” such information (e.g. If detained by “legal” police, you might have deniability - it would be hard for them to prove you have an I volume. In principle, however, the fact that TrueCrypt has this function is public knowledge, and therefore keeping I a secret isn’t trivial. The idea is that if someone captures your filesystem, you might be forced under duress to give up the passphrase for O, but could still keep the existence of I hidden. Nothing about O gives any clue as to the existence of I - you have to know I is there to even attempt to use it. Then, using some of the free space on O (which is random bits), you create an “inner” volume (‘I’), which looks like random bits. You put a few files in it that aren’t really all that important, and protect O with a passphrase. Tags: cryptography, deniability, encryption, flash drives, steganographyĭetails on the TrueCrypt “Hidden Volume”: īasically, you create an “outer” encrypted volume (we’ll call it ‘O’). Next request: A deniable file system that fits on a USB token, and leaves no trace on the machine it’s plugged into. But I’m pleased to see that someone is working on this problem. The devil really is in the details with something like this, and I would hesitate to use this in places where it really matters without some extensive review. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. But I just discovered a file system that seems to meet all of my design criteria- Rubberhose: This turns out to be a very hard problem for a whole lot of reasons, and I never pursued the project. I wanted to create a file system that was deniable: where encrypted files looked like random noise, and where it was impossible to prove either the existence or non-existence of encrypted files. ![]() The basic idea was the fact that the existence of ciphertext can in itself be incriminating, regardless of whether or not anyone can decrypt it. Some years ago I did some design work on something I called a Deniable File System. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |