this post was submitted on 29 Mar 2024
365 points (99.5% liked)
Programmer Humor
19557 readers
618 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
One possible countermeasure being https://en.wikipedia.org/wiki/Deniable_encryption
I know veracrypt has a form of this. You can set up two different keys, and depending on which one you use, you decrypt different data.
So you can encrypt your stuff, and if anyone ever compels you to reveal the key, you can give the wrong key, keeping what you wanted secured, secure.
won't they know there are files they haven't decrypted?
if it could hide or delete the remaining files encrypted that would be nifty.
If you set it up correctly, this is essentially what it does. You have a disc that is, say, 1tb. It's encrypted, so without a key, it's just a bunch of random noise. 2 keys decrypt different vaults, but they each have access to the full space. The files with the proper key get revealed, but the rest just looks like noise still, no way to tell if it's empty space or if it's a bunch of files.
This does have an interesting effect. Since both drives share the same space, you can overfill one, and it'll start overwriting data from the second. Say you have a 1tb drive, and 2 vaults with 400gb spent. If you then go try to write like, 300gb of data to one vault, it'll allow you to do so, by overwriting 200gb of what the drive thinks is empty space, but is actually encrypted by another key.
It's been a while since I've messed with this tech, and I'm mostly a layman, but this should be a fairly accurate depiction of what's actually happening.
Full disk (/partition) encryption means you don't know what files there are until you decrypt. Additionally for that sort of encryption scenario you fill the partition with random data first so you can't tell files from empty space (unless the attacker can watch the drive over time).
There was an encryption system a few years ago that offered this out of the box.
I can't remember the name of it but there was a huge vulnerability and basically made the software unusable.
Crypt box or something like that.
The prominent one was called Marutukku - and the developer turned out to be someone who might actually need the feature.
As referred in other comment, the counter counter is to just keep beating to get further keys/hidden data.
Game theory would lead you, as the tortured, to realize that they're just going to beat you until death to extract any keys you may or may not have, so the proper answer is to give them 1 and no more. You're dead anyway, may as well actually protect what you thought was worth protecting. Giving 1 key that opens a dummy vault may get the torturers to stop at you, thinking this lead is a dead one.
Probably best to avoid systems with known deniable encryption methods, and keep your dummy data there. Then hide your secrets e.g. in deleted space on a drive, in the cloud, or a well-hidden micro-sd card. All have risks, maybe it's best of all to not keep your secrets with you, and make sure they can't be associated with you.