Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the official Truecrypt website, "plausible deniability" is one of its selling points.


...And plausible deniability seems to be exactly what it delivers. Meaning simply that 1) you can deny it, 2) and its plausible that your denial is true (the extra requirements on the hidden data, such as that the non-hidden part cannot grow, are kindof inconvenient - from what I remember). That this might not satisfy a rogue actor that likes to torture you without much if any cause doesn't change that fact.

Rather, this article argues something different, which is that in some (extreme) circumstances, plausible deniability won't help you much (though it's still optimal in that it's a "strictly dominant" strategy) . To which i would say "no duh".


I'm just saying that if you have something that needs that kind of deniability then counting on some software packages claims would be a bad idea.

I get that this is a big deal though, from a "is truecrypt" usable standpoint though...I just think that people should base their security procedures on more practical measures.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: