[HN Gopher] Plausibly deniable encryption (2020) ___________________________________________________________________ Plausibly deniable encryption (2020) Author : yamrzou Score : 150 points Date : 2022-02-18 17:49 UTC (5 hours ago) (HTM) web link (spacetime.dev) (TXT) w3m dump (spacetime.dev) | lisper wrote: | Somewhat related: | | https://catless.ncl.ac.uk/Risks/16/87#subj3 | | (This is an article I wrote for Risks digest in 1995 regarding a | proposed law that would have made it illegal to transmit | pornography over the internet.) | nonrandomstring wrote: | > It's probably old news for RISKS readers, but a very | difficult concept for > lawmakers, that the semantic content of | bit streams is in the eye of the > beholder, and that the | apparent correspondence between bits and semantics is > the | result of engineering convention and not an inherent property | of the > bits. | | Nice article with great points. I gave a talk about this in | 2005 on why the more data intelligence agencies collect the | worse their results if their analysis does not match their | reach. It goes back to Quine and Shannon's ideas of salience as | pre-agreed patterns of interpretation. | | The talk was actually about a spooky phenomenon called | "listening in readiness". Mediums/charlatans and other cold- | reading hucksters used EVP (electronic voice phenomena) in the | 1930's and 40s, when radio, Theramins and such-like were more | woo-woo and barely understood by ordinary people. If you play | what is essentially noise/static to people and _tell_ (or | suggest) to them that voices are saying something - they will | hear that. | | The phenomenon is surprisingly reproducible. It works because | the cochlea and auditory neural system (See a text like Nelken, | King and Schupp's Auditory Neuroscience) can "listen in | readiness". We have affective and sensory hairs and feedback | loops in the cochlea that allow us to "tune" to what we | _expect_ to hear. In simple words, people can hear what they | expect/want to hear. | | When we apply AI and adaptive filters to data, a similar thing | is happening. False positives, indeed very elaborate | misinformation can be derived in intelligence work based on | unsupervised (arbitrary mass surveillance) when the gatherer | starts with an a-priori idea of what they are looking for and | sifts through chatter. | | I am not sure exactly how yet, but I think this can be | leveraged to some good use in privacy protection if, as in the | Dissident scheme discussed in TFA, there is some "fuzzy" | decryption and very many plausible but false decodings adjacent | to cipher-text. | | This leads to the idea of a cupher that is apparently very easy | to crack, but yields a false plaintext. When you "can't | remember" the password, your adversary finds a low hanging | "trap password" and smugly thinks they defeated your poor | opsec. | tifadg1 wrote: | Are the any configurations of LUKS that could achieve this? | seqizz wrote: | https://blog.linuxbrujo.net/posts/plausible-deniability-with... | btilly wrote: | I'm amazed that they didn't discuss | https://en.wikipedia.org/wiki/Steganography as an approach. | | There are lots of ways to hide encrypted data such that it is not | obvious that there is any data at all to be found. | upofadown wrote: | A coworker who grew up in Pakistan was telling stories one day. | He said the place that he grew up in had the best police in the | whole world. There were no unsolved crimes. The police always got | a confession. | | XKCD-538 has an implied third panel: | | Right guy: Wait, we can use the $5 wrench? Why not just hit him | until he confesses and names all his friends as co-conspirators | as per normal? | | Left guy: Yes, let's skip the geeky stuff entirely. We will be | done before lunch. | | People that use torture are not interested in any sort of | objective truth. Otherwise they would not do that. | dane-pgp wrote: | And here's the fourth panel: | | Right guy: Actually, why did we waste that $5 on a wrench when | we can just forge a confession document? | | Left guy: Yeah, and we can say that he also told us the names | of his co-conspirators, who happen to be the people I owe money | to, the annoying guy who lives next door to me, my ex-wife, and | anyone I can think of from the minority group that I want to | feel superior to. | noel99 wrote: | Generally true but there are many situations where torture can | and has worked | bduerst wrote: | Such as? | Tade0 wrote: | What ever happened to good old steganography? | | Or communicating via trading NFTs with the message encoded in | slight differences between the images? | | I'm sure there's at least 5 bits of data in the details of a | single Bored Ape picture. | delecti wrote: | Given there are 10,000 Bored Apes, there's at least a whopping | 13 bits of data. | noel99 wrote: | I was one of the activists who had their computers seized. I told | the police to kiss my ass and they gave up trying to get my | password. Though I guess a 6 month concurrent sentence when | you've already got 4 years isn't worth the paperwork. Prison was | butlins btw. I highly recommend it. Plenty of time to read books | meetups323 wrote: | What does animal rights activism to the point of that level of | government interest look like? Linked article didn't go into | any details on the matter at hand. | noel99 wrote: | "Urban terrorism" according to the incredibly foolish judge. | Considering no one ever had a finger laid on them he would | have a shock if he ever found out about the IRA | bmsleight_ wrote: | Not sure I feel comfortable with celebrating breaking the | law. No one laid a finger - ok no physical violence. | However some off the tactics used against people involved | in activities you disagree with were not pleasant. I not | sure I agree with the narrative that it is a victimless | crime. | | On the other hand prison works rehabilitated in to society. | noel99 wrote: | Prison doesn't work. At all. My views are more radical | than ever. The lesson to learn is; never try to effect | serious social change via peaceful means, go directly to | illegal means, bypassing legal protest will mean the | police won't know who they are looking for. | | I can't say I lose a seconds sleep over the "victims", | they are weak minded crybabies | Quekid5 wrote: | Very interesting. | | As far as I understand it, lengthy sentences don't work | -- the likelihood of getting caught does. (I mean in a | statistical sense. But I might have read this before the | replication crisis, so caveat lector.) | | ... but also: Do you have any evidence of your claims? | Literally any evidence of being who say you are? | missedthecue wrote: | What do you think could the prison system have done | differently to make your views less radical and extreme? | kspacewalk2 wrote: | This question somewhat trivializes the "radicals" and | their "extreme" views and denies them agency. What would | it take for you to change your strongly held views, | "extreme" or otherwise? Who the fuck knows, right? But | probably nothing formulaic and generalizable. So it is | with others. | [deleted] | staticassertion wrote: | How could a prison system ever really do that? It's a | punishment. You learn that what you did before has | consequences, not that it was wrong. | | Rehabilitating someone with "radical" ideas would involve | acknowledging and challenging their ideas. That's not how | rehabilitation really works even in theory - most | rehabilitation is taking criminals who aren't | ideologically motivated and solving the much simpler | problems of educating them so that they can work. | GoodbyeMrChips wrote: | > How could a prison system ever really do that? It's a | punishment. | | Reading this, I'd bet PS1000 to spat out sweet you are | US-American? | | Because elsewhere, most of the civilised world treats | prison as rehabilitation. | staticassertion wrote: | I would _assume_ that in most countries rehabilitation is | seen the same way as here in the US. It focuses on the | top causes for crimes - lack of education, lack of | opportunity. So there are rehabilitation programs that | educate people and help place them in work programs. | | I would assume that rehabilitation does _not_ focus on | changing people 's ideological values. | | Am I wrong? Is that a thing in other countries? | Retric wrote: | Very much so, de-radicalization in prisons is at least | attempted in many places. Here is a look at EU's approach | which varies quite widely. https://iris.unito.it/retrieve | /handle/2318/1720819/557443/Pr... | nootropicat wrote: | >most of the civilised world treats prison as | rehabilitation. | | Few countries in Western and/or Northern Europe? That's a | very narrow definition. | narag wrote: | There are actually three different justifications for | prison: | | * Retribution ("a punishment") | | * General prevention ("a jailed person cannot keep | hurting others and prison threat is a deterrent") | | * Special prevention (rehabilitation) | | Last time I looked, most countries are mostly for general | prevention with a pinch of special prevention. | Retribution is not currently defensible philosofically or | technically, though some people errounesly think it's the | basis of the system. | fennecfoxen wrote: | I'm quite curious: who counts as 'civilized' these days? | Clearly not the UAE (we've just seen an article on Dubai | debtors prisons on these pages) but it seems we'd need to | take Japan off the list, for instance (see e.g. | https://www.economist.com/asia/2015/12/03/silent-screams | ) and if we have to take them off the list I'm not sure | where we end up stopping | noel99 wrote: | Nothing, prison is a warehouse. Remember though all that | occurred was property damaged and a level of intimidation | that would make a person of sturdy character laugh, on | the spectrum of political action it really was not that | extreme | bmsleight_ wrote: | I do get that prison will not change your deeply held | views. | | I am curious if the getting a job using the A-level, | reduced your likelihood of reoffending, at the risk of | your current job ? | mLuby wrote: | Sorry that happened. Your password wasn't actually "kissmyass" | was it? | noel99 wrote: | It's chill, I redid my maths my maths A-level and got an A, I | basically had a one on one maths tutor for a year in the | prison learning complex, came in very useful now I am a | software engineer. | | The ironic thing is that the police waited about 2 years | after they seized the laptop to ask me for the pass phrase. | I'm not sure I even actually remembered it as it was so long. | PGP Whole Disk Encryption ftw. At the time WDE wasn't | available on the mac and the police got loads of data from my | pals text editor temporary files. No one got anything from | mine hahaha | hwers wrote: | Did you have any trouble getting a job with the sentence on | your resume? Just curious | willis936 wrote: | I think this is a better story than most one gets asked | about a 5 year gap. | xerxesaa wrote: | This person is in the UK. The rights afforded to | criminals in other places may not be so good. | noel99 wrote: | I do not have a criminal record. The wonderful | conservative/liberal coalition updated the rehabilitation | of offenders act 1974 so my conviction became spent. That | said I currently work for a 1000 employee plus employer | and they never did a criminal record check but others | have. | HoraceSchemer wrote: | moonchild wrote: | > Claim C is new and has some appealing properties but it can't | be used on a personal storage medium | | Freenet? | chrchang523 wrote: | Closely related topic: | https://en.wikipedia.org/wiki/Steganography | [deleted] | cookiengineer wrote: | There's always LUKS to cover this scenario: Nuke Keys that get | activated with a second password. [1] | | [1] https://github.com/roema/cryptsetup-nuke | deckard1 wrote: | with LUKS you can just use a detached header stored on a USB | thumb drive. Then just toss the thumb drive. | | But this isn't plausible deniability. You still have a hard | drive in your possession and it's still covered by random data. | Better deniability: always use an external drive and then | distance yourself from the drive. You want plausible | deniability of _the entire drive_ to the extent that no one | even suspects you of being the owner. Or, have such little | sensitive data that you can use steganography to hide it in an | image or video file. Just don 't put the steganography tools on | the same computer as the hidden data. | | Anything else is pretty much a joke. | boring_twenties wrote: | The adversary can easily just copy the encrypted data before | trying to decrypt it. | brian_herman wrote: | I think the idea is to have them enter the password that | destroys the data. | ratg13 wrote: | That may have worked 10-20 years ago. | | These days there are established procedures and protocols | that prevent this. | ohyeshedid wrote: | What protocols stop a person from removing the drive from | your machine, and imaging the drive? | g_p wrote: | Not even just that - in addition to imaging, write | blockers should be used for evidential integrity as well. | amiga-workbench wrote: | If only you could run your own code on the drive | controller. Start obliterating data at random if the disk | isn't initialized properly. | singlow wrote: | I think that's the point of that comment. Police have | procedures now to prevent a nuke script from being | effective. | boring_twenties wrote: | I think my point is that destroying one copy of the data is | pointless when other copies exist. | hinkley wrote: | Destroying 1 copy pretty much guarantees someone is going | to go find that $5 wrench and explain to you how | disappointed they are. | staticassertion wrote: | If your threat model is the police, a wrench could be a | best case scenario for you. If you can prove the police | took a wrench to you during an interrogation you're | definitely getting the case thrown out. | dheera wrote: | With police you can start a Twitter mob if you're lucky | but there are ten thousand other George Floyds out there | that didn't get any justice when police took wrenches, | tasers, knees, guns to them. | | And that doesn't really apply to the CBP and the CBP | equivalents of other countries. They're ruthless and can | lock you up in cages, there isn't really the opportunity | to start a "case" until you're past the CBP. If you | aren't a citizen you sadly don't have access to a lawyer | if the CBP wants to hit you with a $5 wrench, because you | aren't even in the US yet. | bduerst wrote: | If violence was an option in this hypothetical, it would | have already been used to get the password anyway. | hinkley wrote: | One, the wrench can be metaphorical. If you brick the | device that's antagonistic. Getting you on a petty crime, | as a cop, or getting $50 from your wallet as a criminal, | may stop them from looking. Being combative results in | retribution, and as we all know cops can be petty, and | selective enforcement of rules is one of the hallmarks of | Institutional sexism/classism/racism. If using Crypto | While Black isn't already a thing, it's gonna be, and | there's nothing you and I can do to stop it. Slow it | down, absolutely, but stop it? Not without help from our | kids and possibly grandkids. | | This isn't a chess match between equals. This is someone | who can ruin your life just to make a point. Even keeping | you in custody for a day or three can screw up a lot of | people. | | The Lockpicking Lawyer put it pretty well recently. The | people who make locks are following rules that nobody | else is beholden to follow. The designer looks at the | parts and thinks about their purpose. Their design. The | picker is looking at what they can _make the thing do_ , | not what it's 'meant' to do. | | They are _repurposing_ things, to circumvent the wishes | of the manufacture and the consumer. That 's where the | wrench comes in. That's where cloning the device comes | in. That's where giving the adversary a fictional win to | regain your liberty comes in. | bduerst wrote: | Again, if it's an option, it's more like violence would | have been used to get the password, and _further_ | violence against your family /loved ones if you were | antagonistic. | | Real life scenario: | | https://www.yahoo.com/now/dutch-bitcoin-trader-suffers- | bruta... | bduerst wrote: | You're right, it's not a silver bullet but it is another | defense for the probable cases that they didn't make a | copy. | boring_twenties wrote: | What cases would those be? Any law enforcement or customs | agency will make copies. | ohyeshedid wrote: | I think the point you responded to was talking about | copying the encrypted data before attempting to unlock it. | brian_herman wrote: | Thank you for this I've always wanted something like this. | josephcsible wrote: | The whole concept of nuke keys is snake oil unless they're | implemented with something like a TPM or HSM, since otherwise | the attacker can just restore the pre-nuke image if you set it | off. | algrio wrote: | Another technique if you are interested, two factor encryption: | https://www.alvarez.io/posts/two-factor-encryption/ | garaetjjte wrote: | To avoid questions of suspicious unallocated space with hidden | volume, what about this: Use disk with vastly higher capacity | than you really need. Use standard filesystem on it. For hidden | volume, store data redundantly in multiple locations inside | unallocated space of standard filesystem. When running from | hidden volume you can avoid overwriting data on standard | filesystem. When running from standard volume you cannot, and it | could overwrite some parts of hidden data, but it will be | repaired from copies stored in many other locations. Standard | volume should be also encrypted to provide deniability why | unallocated space contains random-looking data. | dheera wrote: | Now I just wish there were actually competent encryption that | can keep up with PCIe SSD speeds. | | I have no option but to just use the BIOS SSD password | encryption thingy instead of some Ubuntu LUKS or ecryptFS which | are both slow AF. | mLuby wrote: | She could claim that the key for those books has been lost or | forgotten. | | I wonder if this "I forgot" defense is more accepted now that | there are stories of people having forgotten the password to | their multi-million dollar cryptocurrency wallets. | cle wrote: | "Forgot" is a bit strong, how about "I don't recall". | (reference: https://www.youtube.com/watch?v=7IBvZlRqOTw) | hinkley wrote: | Ronald Reagan used this during the Iran Contra investigation | as well. | | Boy, did the universe pull a monkey's paw on him for that. | anonymousiam wrote: | Not mentioned in the article are the consequences of using a SSD | with trim. Trim would destroy the data in the hidden encrypted | volume. | drsnow wrote: | Are you saying you should never use TRIM on an SSD that is | encrypted? | anonymousiam wrote: | I am saying that if you use a disk encryption technology that | puts the encrypted data in unallocated sectors (which is a | plausibly deniable method), if you run (or your OS | automatically runs) trim on the media, all of the data in the | unallocated space will be lost. | boring_twenties wrote: | Trim is not really recommended for any encrypted volume to | begin with, since it clearly reveals how much space is being | used as well as some other filesystem metadata. | a20eac1d wrote: | Does this apply to full disk encryption with Windows and | VeraCrypt? | | If so, do I need to disable TRIM? If yes, in Windows or the | BIOS? | anonymousiam wrote: | It does not apply to most mainstream encryption methods. Most | methods will allocate the sectors containing encrypted data, | but you need to use the decryption APIs to access the data. | m3kw9 wrote: | What if they detect the protocol? | cortesoft wrote: | Good encryption protocols create cyphertext that is | indistinguishable from random data. You can't tell the protocol | from the cyphertext. | charcircuit wrote: | Can you give an example of one of these "good" protocols? | Most are not just random data. | golem14 wrote: | To my, trociny! | drexlspivey wrote: | BIP-39 mnemonics are designed like this, you can add an optional | passphrase to the 12/24 mnemonic words and it unlocks a different | set of privatekeys. This way you can have a passphrase (or no | passphrase) where you only store a small amount of cryptocurrency | and a separate passphrase that unlocks your real wallet, to avoid | the $5 wrench attack. | throwhauser wrote: | If you're being attacked with a wrench, wouldn't you want to | _avoid_ deniable encryption? | | If there's no way to 100% establish that all the money has been | extracted, an attacker might keep going indefinitely to see if | there's more. | littlestymaar wrote: | In fact, since there's no way you can prove that you haven't | used deniable encryption, you'll probably be in a really bad | place anyway. | | That creates an interesting game theory situation though, | where nobody has any incentive to disclose anything, since it | wouldn't change the outcome anyway, which ends up negating | the whole point of torture: the victim needs to believe that | the tormentor will stop if they disclose the truth. | | (Unfortunately, the real world isn't a game theory | problem...). | dane-pgp wrote: | This is the game theory that the Rubberhose file system | (co-invented by one Julian Assange) is based on.[0] It's a | pity the blog post didn't link to that article, and only | linked to the one about rubber-hose cryptanalysis, since | this prior art does seem to overlap significantly with the | scheme that the post is proposing, as does the Owner-Free | Filesystem[1]. | | Anyway, you're right that the real world isn't a game | theory problem, but I do think that if someone is faced | with being tortured for information, they should at least | attempt to ask the torturer "How do I know that you will | stop when I give you the information?". Or, perhaps less | incriminatingly, "I don't have that information, and it | doesn't matter because you'll keep torturing me | regardless". | | You may not be able to convince the torturer to give up on | the torture (much less convince them to let you go free), | but you might at least be able to convince yourself that | there is no point talking or trying to come up with a lie. | Having said that, it's also instructive to look at the | example of Marcus McDilda who was tortured by the Japanese | for information about atomic bombs, about which he knew | nothing.[2] His lies may have saved not just his own life, | but millions more. | | [0] | https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29 | | [1] https://en.wikipedia.org/wiki/OFFSystem | | [2] https://en.wikipedia.org/wiki/Marcus_McDilda | TimedToasts wrote: | > they should at least attempt to ask the torturer "How | do I know that you will stop when I give you the | information?" | | Anyone who will torture you for information is going to | include this in your torture now, just fyi. Might as well | just ask them to let you go. | [deleted] | hinkley wrote: | STREET SMARTS! | | You need your proverbial money clip with $50 that you can throw | and run when you're being mugged. | | STREET SMARTS! | CaptainNegative wrote: | What I'm hearing is that I need to keep pounding that $5 wrench | after they unlock their wallet in the off chance they have a | second passphrase giving a larger payload. | chordalkeyboard wrote: | indeed, for all such victims, naturally. and you can never be | certain you've extracted the full amount. so you can _never | stop pounding_ | TimedToasts wrote: | Anyone who has a second password might have a third one, | better keep that arm in shape 'cause it's poundings all the | way down. | openfuture wrote: | If you want plausible deniability just have a few obscure ctfs | cloned next to your fake ctfs that you haven't solved yet. | bruce343434 wrote: | ugh, why the single letter variables? Makes the text that much | harder to read imo. I keep having to think to myself "oh yeah, | that means 'the key'" | bowmessage wrote: | but it makes the author look smart /s[arcasm] | Koshkin wrote: | In mathematical writing variable names are usually single- | letter. (This, in fact, makes mathematics easier to read and, | especially, compute with.) ___________________________________________________________________ (page generated 2022-02-18 23:00 UTC)