

TrueCrypt's Plausible Deniability is Theoretically Useless (2013) - galapago
https://defuse.ca/truecrypt-plausible-deniability-useless-by-game-theory.htm

======
fabian2k
If you're in a country where the government would torture you indefinitely
just for suspecting that you have a hidden TrueCrypt volume, you're probably
screwed anyway if you ever appear on their radar. At that point you probably
did something else besides using encryption that would be sufficiently
susicious to get you tortured.

Plausible deniability is simply not a useful defense against someone that
would decide to torture you for a mere suspicion.

~~~
betterunix
It is not just about torture. You might be penalized by a judge for failing to
disclose your "other password" regardless of whether or not it actually exists
-- you might even be asked to prove that there is no other password. A customs
officer might refuse to allow you to bring your laptop across the border until
you enter your "other password," also regardless of whether or not there
actually is another password.

It is also worth pointing out that the number of passwords you deny having is
completely irrelevant. You could claim to have forgotten the one password you
use for non-deniable encryption and the effect would be the same (and your
story is equally plausible). It is much easier to claim to have forgotten one
password than to try to maintain an innocent partition, so you might as well
just do that.

~~~
DanBC
> A customs officer might refuse to allow you to bring your laptop across the
> border until you enter your "other password," also regardless of whether or
> not there actually is another password.

I never thought I'd feel the need to offer this as serious advice, rather than
just a novelty toy, but SpyCoin is a way to get data across borders.

[http://spy-coins.com/](http://spy-coins.com/)

I have a pound coin and it's pretty good.

------
computer
Plausible deniability is not intended to protect you; it is intended to
protect the data. If you know that giving up the key (or all the keys) will
not make them stop torturing you (as you cannot prove that you have given them
all the keys), there's no incentive to give up any keys in the first place.

At least that was Julian Assange's vision when he invented the Rubberhose
filesystem[1] in 1997.

[1]
[https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29](https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29)

~~~
pessimizer
Exactly. There's no reason for the government not to torture all suspects to
death, because they can never be sure that there's not another volume
somewhere, or whether the outer or adjacent volumes that they've gotten access
to that appear to have the information that they want are decoys, or even
whether the bearer of the computer has knowledge of or the ability to open the
relevant volume which may or may not exist or be a decoy.

The rational thing for the government to do would be to ignore the computer
(after forensics), and work on the person. If the information turns out not to
be productive, escalate the torture. When the suspect dies and/or fools you
into a significant expenditure or public failure, you lose and the suspect
wins. Same as it's always been.

edit: of course, faced with the fact that there's no reason not to torture you
to death, you may just become a willing collaborator.

------
easy_rider
This is stupid. The author clearly missed the word "PLAUSIBLE". Yes, in any
country where they will torture you you're fucked. In any other country you
can put your hand on your heart and swear there is one volume, and you gave
the correct password. Now it's up to them to prove you wrong.

I hoped this would b a technical article explaining a flaw in TrueCrypt, but
it is just flawed logic based on a misconception that "plausible" means "full-
proof".

~~~
bashinator
The author specifically mentions that this argument doesn't apply in countries
with a presumption of innocence.

------
gesman
We need to shift encryption paradigm from local mindset "I own it and only I
can read it" to globally distributed anonymous data sets: "No one (including
data server) knows who owns and whats inside it".

Zerobin gives an idea:
[http://sebsauvage.net/wiki/doku.php?id=php:zerobin](http://sebsauvage.net/wiki/doku.php?id=php:zerobin)

------
joejohnson
I think the author made a mistake. The first case (but bottom left square of
the table) is this scenario (Keep Torturing, No Hidden Volume):

    
    
      If you don't have a hidden volume and the government decides to keep torturing you, 
      you're screwed. You have no way of stopping the torture even if you wanted to, and you
      probably get killed. So your reward is -100. The government's reward is 10 because 
      although they may have wasted some time torturing you, they have your plans, can prove
      your guilt, and arrest your accomplices.
    

I don't understand why the government's reward is 10. How do "they have your
plans" if there is no hidden volume? Are the plans in the "outer" partition in
this scenario?

~~~
klon
Yes

------
thatthatis
Simple solution: 3 hidden volumes.

------
Spooky23
When you're ordered by a judge to disclose the contents of your computer or
media by lawful order, or the police have reasonable suspicion that you have
some sort of hidden container, than yes, it's pretty useless. In those cases
your refusal to comply can be used against you.

It's a very useful mechanism to protect information important to you in other
situations. Perhaps you don't want your spouse, kids, boss or employees to
have access to some data. Or you need to hide sensitive data in plain sight
for preservation purposes.

------
Dylan16807
_It 's important to note that the actual number's don't really matter here.
All that matters is their ordering (greater than or less than)._

And your irrefutable logic for picking that ordering is what, exactly?

The reasoning behind the 9 and 10 on the 'no hidden volume' side is especially
flawed, and seems to be a backwards argument made to support the number,
rather than to derive it.

Somehow being wrong and wasting resources costs no points, but uncertainty and
being correct costs points.

------
eximius
To go along with what everyone else is saying, TrueCrypt is meant as _legal_
protection. Assuming anything more leads us to the ever-relavent xkcd:
[http://xkcd.com/538/](http://xkcd.com/538/).

Also, there is no strictly dominant strategy in the prisoners dilemma like he
says.

~~~
maxerickson
I use encryption to store vaguely sensitive documents because it mitigates the
consequences if my computer is stolen.

I guess that means I'm not a true crypto nerd?

(I think it is unfortunate how dismissive that comic is, exactly because of
this use case...)

~~~
eximius
No, that's what I do too. My point is simply that crypto only protects you
from attack vectors targeting the data. If _you_ are the target, your crypto
won't save you.

------
lostmsu
There's a bigger mistake. If government keeps torturing until all volumes are
discovered and unblocked (or until you're dead), than why your points when you
have hidden partition are higher, when you don't? Considering this, it is no
longer a strictly dominant strategy for you to have it.

------
callesgg
The logic of the article is flawed. On many points.

~~~
deong
Well, the underlying issue is quite real -- TrueCrypt's hidden volume
capability is so well-known that it provides little to no practical benefit.

Look at it this way, if the US government could get Glenn Greenwald's laptop,
which in this scenario is TrueCrypt-encrypted, do you think they would simply
give it back to him and say, "I guess he didn't have anything after all" if
the first password he gave them turned up nothing but pictures of his cat?

Of course, the goal of TrueCrypt may be to provide a small amount of extra
security, which it does. As others have said, a regime that would torture you
to death likely doesn't need your laptop anyway. But the point is reasonably
valid that a hidden volume is only _enormously_ valuable if no one thinks you
might have it, which isn't the case with TrueCrypt anymore.

~~~
ensignavenger
If Greenwald were trying to hide what he has, he could put the
documents/information he has already leaked, plus a bunch of stuff he decided
not to, plus some other documents that are undecided and innocuous in an
unhidden (encrypted) partition- or have a second hidden partition- that he
could give the Feds access to very reluctantly and such, and they would find
all those documents and possibly think that was all he had. They still would
not know what else he had, and really wouldn't know that he had anymore, even
if they suspected it.

------
blahbl4hblahtoo
If you were counting on TrueCrypt for "plausible deniability" than you are
stupid.

That's "magic bullet" security/magic thinking if I've ever heard it...

~~~
galapago
In the official Truecrypt website, "plausible deniability" is one of its
selling points.

~~~
sixbrx
...And plausible deniability seems to be exactly what it delivers. Meaning
simply that 1) you can deny it, 2) and its plausible that your denial is true
(the extra requirements on the hidden data, such as that the non-hidden part
cannot grow, are kindof inconvenient - from what I remember). That this might
not satisfy a rogue actor that likes to torture you without much if any cause
doesn't change that fact.

Rather, this article argues something different, which is that in some
(extreme) circumstances, plausible deniability won't help you much (though
it's still optimal in that it's a "strictly dominant" strategy) . To which i
would say "no duh".

