

Ask HN:Plausibly deniable email - dublinclontarf

I've recently been reading quite a lot about cryptography, and being the impressionable young man that I am I've become somewhat paranoid.<p>I've installed OpenPGP and Enigmail along with TrueCrypt.<p>But I have been wondering, is there a mail encryption tool that offers the same plausible deniability for email as TrueCrypt provides for encrypted volumes?<p>A tool that allows you to send two messages, one phoney and the other private, each to be revealed with a different password (ala hidden volume in TrueCrypt).<p>If no such application exists (I haven't managed to find one yet) what other steps might I take to achieve plausible deniability?
======
dxjones
Your deniability will not be "plausible" if the two-message feature you
described is in the software documentation.

At least with disk encryption, you could claim the rest of the disk is
"unused". With email, your encrypted message would be twice as big as
necessary for sending your "phoney" message, ... making it clear there is
still a "private" message in there.

Besides an academic curiosity in encryption, what makes an impressionable
young man paranoid these days??

~~~
adamsmith
One could always add a random length of random bytes to the message so the
size comparison method doesn't work.

This assumes that real ciphertext is indistinguishable from random data
without the key.

~~~
derefr
Real cyphertext should have less Shannon entropy/higher compressability than
random data, I think, unless a one-time pad was used. However, it's fully
possible to create _semi_ -random cyphertext to a set entropy, which means all
your encrypted transmissions could just be filled with "sparse" or "dense"
extra data to balance them out with your chosen "inconspicuous" entropy value.

Then again, I seem to recall that the cyphertext is compressed _before_
encryption in PGP/GPG, likely in order to obviate exactly this problem. Then
you would indeed just have to add white noise to the messages until their
post-compression, pre-encryption filesizes match, as hopefully the encryption
layer won't allow the compression ratio information to leak through.

------
zain
Look into the protocol for OTR:

<http://en.wikipedia.org/wiki/Off-the-Record_Messaging>

It is used for plausible deniability in a secure IM conversation, but I don't
see any reason it couldn't be applied to email.

