Plausible deniability

More info:

It’s also discussed in 5.18 of the cryptsetup FAQ.


Plausible Deniability is Theoretically Useless in some cases.

You are a dissident under an oppressive government, and you want to encrypt your plans to overthrow the government.

If you’re under suspicion, you can be tortured indefinitely even if the volume TrueCrypt is not found: it’s impossible to prove that you are NOT hiding data anywhere.
A correct headline might sound like this: TrueCrypt is not a panacea and will not necessarily save you from torture.

See also deniable encryption (decoy inner tomb) · dyne/Tomb · Discussion #495 · GitHub


This is very true. Plausible deniability only makes sense if:

  1. You are in a country that generally respects the rule of law and in dubito pro reo, AND
  2. Your country has key disclosure laws (give your password/biometrics or go to jail)

So in my opinion, the UK, France, or Australia could be countries where it makes sense.

The real problem is the first condition: even if you think your country is generally following its own laws right now, this might change in the future. Particularly when it comes to the worst crimes of all: criticizing the government or evading taxes. And don’t forget that data or opinions which are legal today might be illegal in the future.

1 Like

tird provides the following options out of the box:

  • Encrypted tird files are indistinguishable from empty tird containers.
    You can argue that this random data, even if it is produced by tird, is just random data. Difference from data produced by VeraCrypt: the VeraCrypt container always has at least 1 key. The tird container is just random data, and there may not be a key or payload at all.
  • You may agree that encrypted data exists, but that you cannot decrypt the data quickly. You can claim that you encrypted this data using millions of Argon2 iterations. The attacker cannot refute this without verification.
  • You can agree that encrypted data exists. You can further claim, and this cannot be refuted: 1. Random data was encrypted (just for fun, for example). 2. Password: QWERTY. 3. Custom settings were used: a fake MAC tag was set, so authentication was not successful. (tird does not make it possible to distinguish between: 1. Incorrect keys. 2. Damaged ciphertext. 3. Deliberately set fake MAC tag. All of these options result in the same authentication failure)
  • You can agree that encrypted data exists, but keyfiles was damaged, so the data is undecryptable (it is acceptable to use any number of regular files, block devices, directories of any size. Corruption of any bit of any of the keyfiles results in the derivation of incorrect keys).

Alternatively, you can use more complex schemes:

  • hide encrypted data in other encrypted tird files (inside padding).
  • hide on disks that look like empty or partially filled disks: write encrypted data into unused disk space.
  • hide encrypted data in unused space of VeraCrypt containers: you can prepare a container with 2 keys (for standard and for hidden volumes), and write hidden encrypted data over the unused space of one of the volumes. Revealing keys from both the standard and hidden volumes will not reveal the existence of the additional hidden data.