Plausible deniability

jerm · April 9, 2024, 9:18pm

More info:

dngray · April 10, 2024, 9:54am

It’s also discussed in 5.18 of the cryptsetup FAQ.

jerm · May 19, 2024, 8:30pm

https://github.com/hakavlad/tird

hakavlad · May 20, 2024, 2:09pm

Plausible Deniability is Theoretically Useless in some cases.

You are a dissident under an oppressive government, and you want to encrypt your plans to overthrow the government.

If you’re under suspicion, you can be tortured indefinitely even if the volume TrueCrypt is not found: it’s impossible to prove that you are NOT hiding data anywhere.
A correct headline might sound like this: TrueCrypt is not a panacea and will not necessarily save you from torture.

See also https://github.com/dyne/Tomb/discussions/495#discussioncomment-7543879

Regime6045 · May 21, 2024, 1:57pm

This is very true. Plausible deniability only makes sense if:

You are in a country that generally respects the rule of law and in dubito pro reo, AND
Your country has key disclosure laws (give your password/biometrics or go to jail)

So in my opinion, the UK, France, or Australia could be countries where it makes sense.

The real problem is the first condition: even if you think your country is generally following its own laws right now, this might change in the future. Particularly when it comes to the worst crimes of all: criticizing the government or evading taxes. And don’t forget that data or opinions which are legal today might be illegal in the future.

hakavlad · May 21, 2024, 4:47pm

tird provides the following options out of the box:

Encrypted tird files are indistinguishable from empty tird containers.
You can argue that this random data, even if it is produced by tird, is just random data. Difference from data produced by VeraCrypt: the VeraCrypt container always has at least 1 key. The tird container is just random data, and there may not be a key or payload at all.
You may agree that encrypted data exists, but that you cannot decrypt the data quickly. You can claim that you encrypted this data using millions of Argon2 iterations. The attacker cannot refute this without verification.
You can agree that encrypted data exists. You can further claim, and this cannot be refuted: 1. Random data was encrypted (just for fun, for example). 2. Password: QWERTY. 3. Custom settings were used: a fake MAC tag was set, so authentication was not successful. (tird does not make it possible to distinguish between: 1. Incorrect keys. 2. Damaged ciphertext. 3. Deliberately set fake MAC tag. All of these options result in the same authentication failure)
You can agree that encrypted data exists, but keyfiles was damaged, so the data is undecryptable (it is acceptable to use any number of regular files, block devices, directories of any size. Corruption of any bit of any of the keyfiles results in the derivation of incorrect keys).

hakavlad · May 21, 2024, 5:14pm

Alternatively, you can use more complex schemes:

hide encrypted data in other encrypted tird files (inside padding).
hide on disks that look like empty or partially filled disks: write encrypted data into unused disk space.
hide encrypted data in unused space of VeraCrypt containers: you can prepare a container with 2 keys (for standard and for hidden volumes), and write hidden encrypted data over the unused space of one of the volumes. Revealing keys from both the standard and hidden volumes will not reveal the existence of the additional hidden data.

Topic		Replies	Views
Encryption Knowledge base Site Development	3	478	December 1, 2023
OS with real plausible deniability Questions	12	595	September 7, 2025
Shufflecake: plausible deniability for multiple hidden filesystems on Linux General	1	359	March 21, 2024
Passware 2023 version Decrypts Veracrypt RAM Encryption General	0	560	May 9, 2024
Something strange happened to BitWarden General	9	817	March 9, 2024

Plausible deniability

Related topics