Previous Page

nihilist@mainpc - 2024-05-01

Clientside: Encryption is good, but you need Plausible Deniability!

Encryption Provides Privacy

Let's take our previous analogy to explain what Privacy is:

Bob wants to talk to Alice, He wants the conversation to remain private, so he closes the door
Jack can't spy on bob and alice's conversation, because the door is closed, 
The door is closed, the conversation remains between Alice and Bob, their conversation is Private.

For Alice and Bob to protect their conversation from being spied on by Jack, they encrypt their conversation for example by using PGP.

Here the most common usecase for encryption is for people to encrypt their system disk on their computers, because if someone (like jack) were to steal their computer, they don't want to read all of their data.

All in all, encryption is used to provide privacy. As long as the encrypted volumes are closed when Jack is trying to open them, Jack cannot read the contents of the volumes.

What happens when Bob is forced to give out his password ?

Encryption however, cannot protect against everything.

In this case, Bob is legally, although questionably morally, forced to decrypt his encrypted system disk by the judge. Keep in mind that this is not a far fetched scenario, this has happened previously.

  1. in January 2012 (source)

  2. in Febuary 2009 (source)

When that is the case, simply encrypting the disk is not enough, as all that is required is for the adversary to know of the existance of the encrypted drive, to be able to force Bob to open it

Why is Plausible Deniability is Vital?

From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive is to be able to deny the existance of said encrypted volume (Plausible Deniability) . If the encrypted volume does not exist, there is no password to be given for it.

So here we need a technology that can provide us Plausible Deniability. That is what Veracrypt can do for us.

In short, Veracrypt allows you to encrypt volumes, just like LUKS encryption does. However it gives you the choice to hide another encrypted volume inside the same volume, that is exactly what you can deny the existance of.

So you can hide some random meaningless data inside the decoy volume, while the real data that needs protection sits inside the hidden volume.

This means, when Jack forces Bob to open the vercrypt volume, Bob types Password A to open the decoy volume, Then, when asked by Jack, Bob declares that there is no Hidden volume, and Jack has no way to prove the existance the Hidden Volume.

To see how to implement Plausible Deniability protection with Veracrypt, check out this tutorial.


Until there is Nothing left.

About nihilist

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8

Contact: (PGP)