[HN Gopher] Plausibly deniable encryption (2020)
___________________________________________________________________
Plausibly deniable encryption (2020)
Author : yamrzou
Score : 150 points
Date : 2022-02-18 17:49 UTC (5 hours ago)
(HTM) web link (spacetime.dev)
(TXT) w3m dump (spacetime.dev)
| lisper wrote:
| Somewhat related:
|
| https://catless.ncl.ac.uk/Risks/16/87#subj3
|
| (This is an article I wrote for Risks digest in 1995 regarding a
| proposed law that would have made it illegal to transmit
| pornography over the internet.)
| nonrandomstring wrote:
| > It's probably old news for RISKS readers, but a very
| difficult concept for > lawmakers, that the semantic content of
| bit streams is in the eye of the > beholder, and that the
| apparent correspondence between bits and semantics is > the
| result of engineering convention and not an inherent property
| of the > bits.
|
| Nice article with great points. I gave a talk about this in
| 2005 on why the more data intelligence agencies collect the
| worse their results if their analysis does not match their
| reach. It goes back to Quine and Shannon's ideas of salience as
| pre-agreed patterns of interpretation.
|
| The talk was actually about a spooky phenomenon called
| "listening in readiness". Mediums/charlatans and other cold-
| reading hucksters used EVP (electronic voice phenomena) in the
| 1930's and 40s, when radio, Theramins and such-like were more
| woo-woo and barely understood by ordinary people. If you play
| what is essentially noise/static to people and _tell_ (or
| suggest) to them that voices are saying something - they will
| hear that.
|
| The phenomenon is surprisingly reproducible. It works because
| the cochlea and auditory neural system (See a text like Nelken,
| King and Schupp's Auditory Neuroscience) can "listen in
| readiness". We have affective and sensory hairs and feedback
| loops in the cochlea that allow us to "tune" to what we
| _expect_ to hear. In simple words, people can hear what they
| expect/want to hear.
|
| When we apply AI and adaptive filters to data, a similar thing
| is happening. False positives, indeed very elaborate
| misinformation can be derived in intelligence work based on
| unsupervised (arbitrary mass surveillance) when the gatherer
| starts with an a-priori idea of what they are looking for and
| sifts through chatter.
|
| I am not sure exactly how yet, but I think this can be
| leveraged to some good use in privacy protection if, as in the
| Dissident scheme discussed in TFA, there is some "fuzzy"
| decryption and very many plausible but false decodings adjacent
| to cipher-text.
|
| This leads to the idea of a cupher that is apparently very easy
| to crack, but yields a false plaintext. When you "can't
| remember" the password, your adversary finds a low hanging
| "trap password" and smugly thinks they defeated your poor
| opsec.
| tifadg1 wrote:
| Are the any configurations of LUKS that could achieve this?
| seqizz wrote:
| https://blog.linuxbrujo.net/posts/plausible-deniability-with...
| btilly wrote:
| I'm amazed that they didn't discuss
| https://en.wikipedia.org/wiki/Steganography as an approach.
|
| There are lots of ways to hide encrypted data such that it is not
| obvious that there is any data at all to be found.
| upofadown wrote:
| A coworker who grew up in Pakistan was telling stories one day.
| He said the place that he grew up in had the best police in the
| whole world. There were no unsolved crimes. The police always got
| a confession.
|
| XKCD-538 has an implied third panel:
|
| Right guy: Wait, we can use the $5 wrench? Why not just hit him
| until he confesses and names all his friends as co-conspirators
| as per normal?
|
| Left guy: Yes, let's skip the geeky stuff entirely. We will be
| done before lunch.
|
| People that use torture are not interested in any sort of
| objective truth. Otherwise they would not do that.
| dane-pgp wrote:
| And here's the fourth panel:
|
| Right guy: Actually, why did we waste that $5 on a wrench when
| we can just forge a confession document?
|
| Left guy: Yeah, and we can say that he also told us the names
| of his co-conspirators, who happen to be the people I owe money
| to, the annoying guy who lives next door to me, my ex-wife, and
| anyone I can think of from the minority group that I want to
| feel superior to.
| noel99 wrote:
| Generally true but there are many situations where torture can
| and has worked
| bduerst wrote:
| Such as?
| Tade0 wrote:
| What ever happened to good old steganography?
|
| Or communicating via trading NFTs with the message encoded in
| slight differences between the images?
|
| I'm sure there's at least 5 bits of data in the details of a
| single Bored Ape picture.
| delecti wrote:
| Given there are 10,000 Bored Apes, there's at least a whopping
| 13 bits of data.
| noel99 wrote:
| I was one of the activists who had their computers seized. I told
| the police to kiss my ass and they gave up trying to get my
| password. Though I guess a 6 month concurrent sentence when
| you've already got 4 years isn't worth the paperwork. Prison was
| butlins btw. I highly recommend it. Plenty of time to read books
| meetups323 wrote:
| What does animal rights activism to the point of that level of
| government interest look like? Linked article didn't go into
| any details on the matter at hand.
| noel99 wrote:
| "Urban terrorism" according to the incredibly foolish judge.
| Considering no one ever had a finger laid on them he would
| have a shock if he ever found out about the IRA
| bmsleight_ wrote:
| Not sure I feel comfortable with celebrating breaking the
| law. No one laid a finger - ok no physical violence.
| However some off the tactics used against people involved
| in activities you disagree with were not pleasant. I not
| sure I agree with the narrative that it is a victimless
| crime.
|
| On the other hand prison works rehabilitated in to society.
| noel99 wrote:
| Prison doesn't work. At all. My views are more radical
| than ever. The lesson to learn is; never try to effect
| serious social change via peaceful means, go directly to
| illegal means, bypassing legal protest will mean the
| police won't know who they are looking for.
|
| I can't say I lose a seconds sleep over the "victims",
| they are weak minded crybabies
| Quekid5 wrote:
| Very interesting.
|
| As far as I understand it, lengthy sentences don't work
| -- the likelihood of getting caught does. (I mean in a
| statistical sense. But I might have read this before the
| replication crisis, so caveat lector.)
|
| ... but also: Do you have any evidence of your claims?
| Literally any evidence of being who say you are?
| missedthecue wrote:
| What do you think could the prison system have done
| differently to make your views less radical and extreme?
| kspacewalk2 wrote:
| This question somewhat trivializes the "radicals" and
| their "extreme" views and denies them agency. What would
| it take for you to change your strongly held views,
| "extreme" or otherwise? Who the fuck knows, right? But
| probably nothing formulaic and generalizable. So it is
| with others.
| [deleted]
| staticassertion wrote:
| How could a prison system ever really do that? It's a
| punishment. You learn that what you did before has
| consequences, not that it was wrong.
|
| Rehabilitating someone with "radical" ideas would involve
| acknowledging and challenging their ideas. That's not how
| rehabilitation really works even in theory - most
| rehabilitation is taking criminals who aren't
| ideologically motivated and solving the much simpler
| problems of educating them so that they can work.
| GoodbyeMrChips wrote:
| > How could a prison system ever really do that? It's a
| punishment.
|
| Reading this, I'd bet PS1000 to spat out sweet you are
| US-American?
|
| Because elsewhere, most of the civilised world treats
| prison as rehabilitation.
| staticassertion wrote:
| I would _assume_ that in most countries rehabilitation is
| seen the same way as here in the US. It focuses on the
| top causes for crimes - lack of education, lack of
| opportunity. So there are rehabilitation programs that
| educate people and help place them in work programs.
|
| I would assume that rehabilitation does _not_ focus on
| changing people 's ideological values.
|
| Am I wrong? Is that a thing in other countries?
| Retric wrote:
| Very much so, de-radicalization in prisons is at least
| attempted in many places. Here is a look at EU's approach
| which varies quite widely. https://iris.unito.it/retrieve
| /handle/2318/1720819/557443/Pr...
| nootropicat wrote:
| >most of the civilised world treats prison as
| rehabilitation.
|
| Few countries in Western and/or Northern Europe? That's a
| very narrow definition.
| narag wrote:
| There are actually three different justifications for
| prison:
|
| * Retribution ("a punishment")
|
| * General prevention ("a jailed person cannot keep
| hurting others and prison threat is a deterrent")
|
| * Special prevention (rehabilitation)
|
| Last time I looked, most countries are mostly for general
| prevention with a pinch of special prevention.
| Retribution is not currently defensible philosofically or
| technically, though some people errounesly think it's the
| basis of the system.
| fennecfoxen wrote:
| I'm quite curious: who counts as 'civilized' these days?
| Clearly not the UAE (we've just seen an article on Dubai
| debtors prisons on these pages) but it seems we'd need to
| take Japan off the list, for instance (see e.g.
| https://www.economist.com/asia/2015/12/03/silent-screams
| ) and if we have to take them off the list I'm not sure
| where we end up stopping
| noel99 wrote:
| Nothing, prison is a warehouse. Remember though all that
| occurred was property damaged and a level of intimidation
| that would make a person of sturdy character laugh, on
| the spectrum of political action it really was not that
| extreme
| bmsleight_ wrote:
| I do get that prison will not change your deeply held
| views.
|
| I am curious if the getting a job using the A-level,
| reduced your likelihood of reoffending, at the risk of
| your current job ?
| mLuby wrote:
| Sorry that happened. Your password wasn't actually "kissmyass"
| was it?
| noel99 wrote:
| It's chill, I redid my maths my maths A-level and got an A, I
| basically had a one on one maths tutor for a year in the
| prison learning complex, came in very useful now I am a
| software engineer.
|
| The ironic thing is that the police waited about 2 years
| after they seized the laptop to ask me for the pass phrase.
| I'm not sure I even actually remembered it as it was so long.
| PGP Whole Disk Encryption ftw. At the time WDE wasn't
| available on the mac and the police got loads of data from my
| pals text editor temporary files. No one got anything from
| mine hahaha
| hwers wrote:
| Did you have any trouble getting a job with the sentence on
| your resume? Just curious
| willis936 wrote:
| I think this is a better story than most one gets asked
| about a 5 year gap.
| xerxesaa wrote:
| This person is in the UK. The rights afforded to
| criminals in other places may not be so good.
| noel99 wrote:
| I do not have a criminal record. The wonderful
| conservative/liberal coalition updated the rehabilitation
| of offenders act 1974 so my conviction became spent. That
| said I currently work for a 1000 employee plus employer
| and they never did a criminal record check but others
| have.
| HoraceSchemer wrote:
| moonchild wrote:
| > Claim C is new and has some appealing properties but it can't
| be used on a personal storage medium
|
| Freenet?
| chrchang523 wrote:
| Closely related topic:
| https://en.wikipedia.org/wiki/Steganography
| [deleted]
| cookiengineer wrote:
| There's always LUKS to cover this scenario: Nuke Keys that get
| activated with a second password. [1]
|
| [1] https://github.com/roema/cryptsetup-nuke
| deckard1 wrote:
| with LUKS you can just use a detached header stored on a USB
| thumb drive. Then just toss the thumb drive.
|
| But this isn't plausible deniability. You still have a hard
| drive in your possession and it's still covered by random data.
| Better deniability: always use an external drive and then
| distance yourself from the drive. You want plausible
| deniability of _the entire drive_ to the extent that no one
| even suspects you of being the owner. Or, have such little
| sensitive data that you can use steganography to hide it in an
| image or video file. Just don 't put the steganography tools on
| the same computer as the hidden data.
|
| Anything else is pretty much a joke.
| boring_twenties wrote:
| The adversary can easily just copy the encrypted data before
| trying to decrypt it.
| brian_herman wrote:
| I think the idea is to have them enter the password that
| destroys the data.
| ratg13 wrote:
| That may have worked 10-20 years ago.
|
| These days there are established procedures and protocols
| that prevent this.
| ohyeshedid wrote:
| What protocols stop a person from removing the drive from
| your machine, and imaging the drive?
| g_p wrote:
| Not even just that - in addition to imaging, write
| blockers should be used for evidential integrity as well.
| amiga-workbench wrote:
| If only you could run your own code on the drive
| controller. Start obliterating data at random if the disk
| isn't initialized properly.
| singlow wrote:
| I think that's the point of that comment. Police have
| procedures now to prevent a nuke script from being
| effective.
| boring_twenties wrote:
| I think my point is that destroying one copy of the data is
| pointless when other copies exist.
| hinkley wrote:
| Destroying 1 copy pretty much guarantees someone is going
| to go find that $5 wrench and explain to you how
| disappointed they are.
| staticassertion wrote:
| If your threat model is the police, a wrench could be a
| best case scenario for you. If you can prove the police
| took a wrench to you during an interrogation you're
| definitely getting the case thrown out.
| dheera wrote:
| With police you can start a Twitter mob if you're lucky
| but there are ten thousand other George Floyds out there
| that didn't get any justice when police took wrenches,
| tasers, knees, guns to them.
|
| And that doesn't really apply to the CBP and the CBP
| equivalents of other countries. They're ruthless and can
| lock you up in cages, there isn't really the opportunity
| to start a "case" until you're past the CBP. If you
| aren't a citizen you sadly don't have access to a lawyer
| if the CBP wants to hit you with a $5 wrench, because you
| aren't even in the US yet.
| bduerst wrote:
| If violence was an option in this hypothetical, it would
| have already been used to get the password anyway.
| hinkley wrote:
| One, the wrench can be metaphorical. If you brick the
| device that's antagonistic. Getting you on a petty crime,
| as a cop, or getting $50 from your wallet as a criminal,
| may stop them from looking. Being combative results in
| retribution, and as we all know cops can be petty, and
| selective enforcement of rules is one of the hallmarks of
| Institutional sexism/classism/racism. If using Crypto
| While Black isn't already a thing, it's gonna be, and
| there's nothing you and I can do to stop it. Slow it
| down, absolutely, but stop it? Not without help from our
| kids and possibly grandkids.
|
| This isn't a chess match between equals. This is someone
| who can ruin your life just to make a point. Even keeping
| you in custody for a day or three can screw up a lot of
| people.
|
| The Lockpicking Lawyer put it pretty well recently. The
| people who make locks are following rules that nobody
| else is beholden to follow. The designer looks at the
| parts and thinks about their purpose. Their design. The
| picker is looking at what they can _make the thing do_ ,
| not what it's 'meant' to do.
|
| They are _repurposing_ things, to circumvent the wishes
| of the manufacture and the consumer. That 's where the
| wrench comes in. That's where cloning the device comes
| in. That's where giving the adversary a fictional win to
| regain your liberty comes in.
| bduerst wrote:
| Again, if it's an option, it's more like violence would
| have been used to get the password, and _further_
| violence against your family /loved ones if you were
| antagonistic.
|
| Real life scenario:
|
| https://www.yahoo.com/now/dutch-bitcoin-trader-suffers-
| bruta...
| bduerst wrote:
| You're right, it's not a silver bullet but it is another
| defense for the probable cases that they didn't make a
| copy.
| boring_twenties wrote:
| What cases would those be? Any law enforcement or customs
| agency will make copies.
| ohyeshedid wrote:
| I think the point you responded to was talking about
| copying the encrypted data before attempting to unlock it.
| brian_herman wrote:
| Thank you for this I've always wanted something like this.
| josephcsible wrote:
| The whole concept of nuke keys is snake oil unless they're
| implemented with something like a TPM or HSM, since otherwise
| the attacker can just restore the pre-nuke image if you set it
| off.
| algrio wrote:
| Another technique if you are interested, two factor encryption:
| https://www.alvarez.io/posts/two-factor-encryption/
| garaetjjte wrote:
| To avoid questions of suspicious unallocated space with hidden
| volume, what about this: Use disk with vastly higher capacity
| than you really need. Use standard filesystem on it. For hidden
| volume, store data redundantly in multiple locations inside
| unallocated space of standard filesystem. When running from
| hidden volume you can avoid overwriting data on standard
| filesystem. When running from standard volume you cannot, and it
| could overwrite some parts of hidden data, but it will be
| repaired from copies stored in many other locations. Standard
| volume should be also encrypted to provide deniability why
| unallocated space contains random-looking data.
| dheera wrote:
| Now I just wish there were actually competent encryption that
| can keep up with PCIe SSD speeds.
|
| I have no option but to just use the BIOS SSD password
| encryption thingy instead of some Ubuntu LUKS or ecryptFS which
| are both slow AF.
| mLuby wrote:
| She could claim that the key for those books has been lost or
| forgotten.
|
| I wonder if this "I forgot" defense is more accepted now that
| there are stories of people having forgotten the password to
| their multi-million dollar cryptocurrency wallets.
| cle wrote:
| "Forgot" is a bit strong, how about "I don't recall".
| (reference: https://www.youtube.com/watch?v=7IBvZlRqOTw)
| hinkley wrote:
| Ronald Reagan used this during the Iran Contra investigation
| as well.
|
| Boy, did the universe pull a monkey's paw on him for that.
| anonymousiam wrote:
| Not mentioned in the article are the consequences of using a SSD
| with trim. Trim would destroy the data in the hidden encrypted
| volume.
| drsnow wrote:
| Are you saying you should never use TRIM on an SSD that is
| encrypted?
| anonymousiam wrote:
| I am saying that if you use a disk encryption technology that
| puts the encrypted data in unallocated sectors (which is a
| plausibly deniable method), if you run (or your OS
| automatically runs) trim on the media, all of the data in the
| unallocated space will be lost.
| boring_twenties wrote:
| Trim is not really recommended for any encrypted volume to
| begin with, since it clearly reveals how much space is being
| used as well as some other filesystem metadata.
| a20eac1d wrote:
| Does this apply to full disk encryption with Windows and
| VeraCrypt?
|
| If so, do I need to disable TRIM? If yes, in Windows or the
| BIOS?
| anonymousiam wrote:
| It does not apply to most mainstream encryption methods. Most
| methods will allocate the sectors containing encrypted data,
| but you need to use the decryption APIs to access the data.
| m3kw9 wrote:
| What if they detect the protocol?
| cortesoft wrote:
| Good encryption protocols create cyphertext that is
| indistinguishable from random data. You can't tell the protocol
| from the cyphertext.
| charcircuit wrote:
| Can you give an example of one of these "good" protocols?
| Most are not just random data.
| golem14 wrote:
| To my, trociny!
| drexlspivey wrote:
| BIP-39 mnemonics are designed like this, you can add an optional
| passphrase to the 12/24 mnemonic words and it unlocks a different
| set of privatekeys. This way you can have a passphrase (or no
| passphrase) where you only store a small amount of cryptocurrency
| and a separate passphrase that unlocks your real wallet, to avoid
| the $5 wrench attack.
| throwhauser wrote:
| If you're being attacked with a wrench, wouldn't you want to
| _avoid_ deniable encryption?
|
| If there's no way to 100% establish that all the money has been
| extracted, an attacker might keep going indefinitely to see if
| there's more.
| littlestymaar wrote:
| In fact, since there's no way you can prove that you haven't
| used deniable encryption, you'll probably be in a really bad
| place anyway.
|
| That creates an interesting game theory situation though,
| where nobody has any incentive to disclose anything, since it
| wouldn't change the outcome anyway, which ends up negating
| the whole point of torture: the victim needs to believe that
| the tormentor will stop if they disclose the truth.
|
| (Unfortunately, the real world isn't a game theory
| problem...).
| dane-pgp wrote:
| This is the game theory that the Rubberhose file system
| (co-invented by one Julian Assange) is based on.[0] It's a
| pity the blog post didn't link to that article, and only
| linked to the one about rubber-hose cryptanalysis, since
| this prior art does seem to overlap significantly with the
| scheme that the post is proposing, as does the Owner-Free
| Filesystem[1].
|
| Anyway, you're right that the real world isn't a game
| theory problem, but I do think that if someone is faced
| with being tortured for information, they should at least
| attempt to ask the torturer "How do I know that you will
| stop when I give you the information?". Or, perhaps less
| incriminatingly, "I don't have that information, and it
| doesn't matter because you'll keep torturing me
| regardless".
|
| You may not be able to convince the torturer to give up on
| the torture (much less convince them to let you go free),
| but you might at least be able to convince yourself that
| there is no point talking or trying to come up with a lie.
| Having said that, it's also instructive to look at the
| example of Marcus McDilda who was tortured by the Japanese
| for information about atomic bombs, about which he knew
| nothing.[2] His lies may have saved not just his own life,
| but millions more.
|
| [0]
| https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29
|
| [1] https://en.wikipedia.org/wiki/OFFSystem
|
| [2] https://en.wikipedia.org/wiki/Marcus_McDilda
| TimedToasts wrote:
| > they should at least attempt to ask the torturer "How
| do I know that you will stop when I give you the
| information?"
|
| Anyone who will torture you for information is going to
| include this in your torture now, just fyi. Might as well
| just ask them to let you go.
| [deleted]
| hinkley wrote:
| STREET SMARTS!
|
| You need your proverbial money clip with $50 that you can throw
| and run when you're being mugged.
|
| STREET SMARTS!
| CaptainNegative wrote:
| What I'm hearing is that I need to keep pounding that $5 wrench
| after they unlock their wallet in the off chance they have a
| second passphrase giving a larger payload.
| chordalkeyboard wrote:
| indeed, for all such victims, naturally. and you can never be
| certain you've extracted the full amount. so you can _never
| stop pounding_
| TimedToasts wrote:
| Anyone who has a second password might have a third one,
| better keep that arm in shape 'cause it's poundings all the
| way down.
| openfuture wrote:
| If you want plausible deniability just have a few obscure ctfs
| cloned next to your fake ctfs that you haven't solved yet.
| bruce343434 wrote:
| ugh, why the single letter variables? Makes the text that much
| harder to read imo. I keep having to think to myself "oh yeah,
| that means 'the key'"
| bowmessage wrote:
| but it makes the author look smart /s[arcasm]
| Koshkin wrote:
| In mathematical writing variable names are usually single-
| letter. (This, in fact, makes mathematics easier to read and,
| especially, compute with.)
___________________________________________________________________
(page generated 2022-02-18 23:00 UTC)