If you're in a country where the government would torture you indefinitely just for suspecting that you have a hidden TrueCrypt volume, you're probably screwed anyway if you ever appear on their radar. At that point you probably did something else besides using encryption that would be sufficiently susicious to get you tortured.
Plausible deniability is simply not a useful defense against someone that would decide to torture you for a mere suspicion.
It is not just about torture. You might be penalized by a judge for failing to disclose your "other password" regardless of whether or not it actually exists -- you might even be asked to prove that there is no other password. A customs officer might refuse to allow you to bring your laptop across the border until you enter your "other password," also regardless of whether or not there actually is another password.
It is also worth pointing out that the number of passwords you deny having is completely irrelevant. You could claim to have forgotten the one password you use for non-deniable encryption and the effect would be the same (and your story is equally plausible). It is much easier to claim to have forgotten one password than to try to maintain an innocent partition, so you might as well just do that.
> A customs officer might refuse to allow you to bring your laptop across the border until you enter your "other password," also regardless of whether or not there actually is another password.
I never thought I'd feel the need to offer this as serious advice, rather than just a novelty toy, but SpyCoin is a way to get data across borders.
A large chunk of unexplained high entropy data is a bit of a giveaway.
You can't really hide the fact that you're using encryption, because it doesn't really look like anything else apart from random data & people don't usually go around piping /dev/random into large files for no good reason. Compressed data is high entropy, but can be decompressed to something lower entropy, so you can easily eliminate png filess, zipped files etc.
I thought full disk encryption left the drive looking entirely unformated. Although you'd probably have truecrypt installed on the computer. You would also want to not save volume mounting history.
But if you had truecrypt installed and 1 drive that wasn't formatted... Yea
Yup. Plausible deniability only works if a strategy is unlikely to be known by an adversary. In this case, it is widely known that TrueCrypt has hidden volume capabilities, so there's not much of a veil of ignorance to hide behind.
Btw: there's no explicit restriction on N-level deep of hidden volumes, but TC won't automatically make the outer ones read-only.
Plausible deniability is not intended to protect you; it is intended to protect the data. If you know that giving up the key (or all the keys) will not make them stop torturing you (as you cannot prove that you have given them all the keys), there's no incentive to give up any keys in the first place.
At least that was Julian Assange's vision when he invented the Rubberhose filesystem[1] in 1997.
Exactly. There's no reason for the government not to torture all suspects to death, because they can never be sure that there's not another volume somewhere, or whether the outer or adjacent volumes that they've gotten access to that appear to have the information that they want are decoys, or even whether the bearer of the computer has knowledge of or the ability to open the relevant volume which may or may not exist or be a decoy.
The rational thing for the government to do would be to ignore the computer (after forensics), and work on the person. If the information turns out not to be productive, escalate the torture. When the suspect dies and/or fools you into a significant expenditure or public failure, you lose and the suspect wins. Same as it's always been.
edit: of course, faced with the fact that there's no reason not to torture you to death, you may just become a willing collaborator.
This is stupid. The author clearly missed the word "PLAUSIBLE".
Yes, in any country where they will torture you you're fucked. In any other country you can put your hand on your heart and swear there is one volume, and you gave the correct password. Now it's up to them to prove you wrong.
I hoped this would b a technical article explaining a flaw in TrueCrypt, but it is just flawed logic based on a misconception that "plausible" means "full-proof".
We need to shift encryption paradigm from local mindset "I own it and only I can read it" to globally distributed anonymous data sets: "No one (including data server) knows who owns and whats inside it".
I think the author made a mistake. The first case (but bottom left square of the table) is this scenario (Keep Torturing, No Hidden Volume):
If you don't have a hidden volume and the government decides to keep torturing you,
you're screwed. You have no way of stopping the torture even if you wanted to, and you
probably get killed. So your reward is -100. The government's reward is 10 because
although they may have wasted some time torturing you, they have your plans, can prove
your guilt, and arrest your accomplices.
I don't understand why the government's reward is 10. How do "they have your plans" if there is no hidden volume? Are the plans in the "outer" partition in this scenario?
When you're ordered by a judge to disclose the contents of your computer or media by lawful order, or the police have reasonable suspicion that you have some sort of hidden container, than yes, it's pretty useless. In those cases your refusal to comply can be used against you.
It's a very useful mechanism to protect information important to you in other situations. Perhaps you don't want your spouse, kids, boss or employees to have access to some data. Or you need to hide sensitive data in plain sight for preservation purposes.
It's important to note that the actual number's don't really matter here. All that matters is their ordering (greater than or less than).
And your irrefutable logic for picking that ordering is what, exactly?
The reasoning behind the 9 and 10 on the 'no hidden volume' side is especially flawed, and seems to be a backwards argument made to support the number, rather than to derive it.
Somehow being wrong and wasting resources costs no points, but uncertainty and being correct costs points.
To go along with what everyone else is saying, TrueCrypt is meant as legal protection. Assuming anything more leads us to the ever-relavent xkcd: http://xkcd.com/538/.
Also, there is no strictly dominant strategy in the prisoners dilemma like he says.
No, that's what I do too. My point is simply that crypto only protects you from attack vectors targeting the data. If you are the target, your crypto won't save you.
There's a bigger mistake. If government keeps torturing until all volumes are discovered and unblocked (or until you're dead), than why your points when you have hidden partition are higher, when you don't? Considering this, it is no longer a strictly dominant strategy for you to have it.
Well, the underlying issue is quite real -- TrueCrypt's hidden volume capability is so well-known that it provides little to no practical benefit.
Look at it this way, if the US government could get Glenn Greenwald's laptop, which in this scenario is TrueCrypt-encrypted, do you think they would simply give it back to him and say, "I guess he didn't have anything after all" if the first password he gave them turned up nothing but pictures of his cat?
Of course, the goal of TrueCrypt may be to provide a small amount of extra security, which it does. As others have said, a regime that would torture you to death likely doesn't need your laptop anyway. But the point is reasonably valid that a hidden volume is only enormously valuable if no one thinks you might have it, which isn't the case with TrueCrypt anymore.
If Greenwald were trying to hide what he has, he could put the documents/information he has already leaked, plus a bunch of stuff he decided not to, plus some other documents that are undecided and innocuous in an unhidden (encrypted) partition- or have a second hidden partition- that he could give the Feds access to very reluctantly and such, and they would find all those documents and possibly think that was all he had. They still would not know what else he had, and really wouldn't know that he had anymore, even if they suspected it.
...And plausible deniability seems to be exactly what it delivers. Meaning simply that 1) you can deny it, 2) and its plausible that your denial is true (the extra requirements on the hidden data, such as that the non-hidden part cannot grow, are kindof inconvenient - from what I remember). That this might not satisfy a rogue actor that likes to torture you without much if any cause doesn't change that fact.
Rather, this article argues something different, which is that in some (extreme) circumstances, plausible deniability won't help you much (though it's still optimal in that it's a "strictly dominant" strategy) . To which i would say "no duh".
I'm just saying that if you have something that needs that kind of deniability then counting on some software packages claims would be a bad idea.
I get that this is a big deal though, from a "is truecrypt" usable standpoint though...I just think that people should base their security procedures on more practical measures.
Plausible deniability is simply not a useful defense against someone that would decide to torture you for a mere suspicion.