2

I was reading the VeraCrypt documentation about hidden volumes [[1]] (plausible deniability), and they recommend putting "sensitive-looking files that you actually do NOT want to hide" in the fake part of the encrypted volume (called outer volume). I do understand the point of making your "attacker" believe that they accessed sensitive information and not keep searching.

My interrogation is: how would you go about generating such convincing, fake sensitive data. I guess it vastly depends on your work and the kind of file an attacker expects to find, but I am interested to know general solutions for this problem.

Agriseld
  • 23
  • 2
  • 3
    Weird porn would be something one would like to hide... – ThoriumBR Apr 14 '22 at 03:11
  • 4
    It's actually quite difficult to create a dummy volume that is plausibly deniable. While it's perfectly possible cryptographically, forensic analysis of the filesystem will show that it was likely created once and then untouched (or even unopened) for a very long time. – forest Apr 14 '22 at 06:04
  • 2
    I mean you could regularly watch the weird porn, if that's your thing. – foreverska Apr 14 '22 at 16:38
  • Plausible deniability is also not very reliable; see [this](https://security.stackexchange.com/questions/135846/is-plausible-deniability-actually-feasible-for-encrypted-volumes-disks?rq=1) question for discourse on the matter (slightly different situation however many of the points are still valid; when subjected to thorough investigation, most excuses don't hold up - however you may not be looking at that as a threat model so it may not matter). – belkarx Apr 14 '22 at 19:07
  • 1
    [a forensic analysis can reveal the hidden volume](https://crypto.stackexchange.com/a/81020/18298) – kelalaka Apr 14 '22 at 21:09

2 Answers2

0

I don't know if there's a right answer to this, here's an idea:

Files named with sensitive names (passwords.db for example) with completely random data. Completely random data is indistinguishable from encrypted data, of course. To point of the comments, depending on your platform, I could imagine a script on one's computer that could be run when the drive is plugged in and one or more random "sensitive" files updated with new random data.

foreverska
  • 1,712
  • 11
  • Depending on the attacker (for example govt) the sensitive data may need to be decryptable. Also running a script like that would likely not evade foren and make your activities much more suspicious. But it's not reasonable if you wish to defend against other forms of attack. – belkarx Apr 14 '22 at 18:55
  • "Depending on the attacker (for example govt) the sensitive data may need to be decryptable." Everything is decryptable. For any given random selection of bytes which are long enough there is probably a key which turns it into the entire works of Charles Dickens. Unless you're referring to rubber-hose cryptanalysis, in which case plead the truth "it's just random data." Makes for a really awkward conversation but I didn't quite go that dark. – foreverska Apr 14 '22 at 19:16
  • @foreverska There's probably **not** a key that turns random data into the works of Charles Dickens. For example, in AES256 there are 2^256 different keys, which seems like a lot, but is negligible compared to 2^M, where M is the number of bits in the complete works of Charles Dickens. So unless you reverse engineered the "random data" from the works of Dickens in the first place, you will not find a key that turns truly random data into those works (not that you could actually try 2^256 keys, but nevertheless you would not succeed). – hft Apr 14 '22 at 19:22
  • Of course, if you are using a one-time-pad, you could turn any random data into Dickens (with the right pad). But one of the downsides to the one-time-pad is that it has to be as long as the message itself (and this is why we use strong ciphers with (relatively) short (e.g., 2^256) keys in the first place). – hft Apr 14 '22 at 19:25
  • I was being a little facetious but 2^256 is 10^70 times the rough size of moby dick (depending on encoding). I don't think Mr Dickens was quite that prolific. The point was, somewhere in the astound keyspace of most ciphers is probably a file which looks reasonable. Without AAD one would not know this from the actual contents. – foreverska Apr 14 '22 at 19:31
  • In this scenario, the data needs to be decryptable and must look sensitive so attackers don't suspect this is fake data and keep beating you (or keep you in an airport backroom). This is more a human psychology than a cryptography question. – Agriseld Apr 15 '22 at 01:45
0

You're absolutely right that it depends on your work and your threat model. One way is to use actual sensitive info that doesn't identify you enough for it to matter and/or use "uncomfortable" (nsfw) data. Here are some ideas:

  • More-or-less innocuous business data (this is partially dependent on your job) such as

    • Release cycle for a product
    • Names of committers on a project
    • Resume and cover letters
    • Receipts
    • Client requests

  • NSFW cache

    • Porn*
    • Pictures of your parts
    • Audio*
    • Drawings*
    • Erotica*
    • *these can be your own of that of others

  • Information/records concerning personal affairs (these may require some creative fakery)

    • "Coming out"
    • Suicide letter
    • Records of cheating
    • Rants about people (SO, friends, randoms) [ie "wow this person is really attractive but I'm married I can't ...]

  • Dumps of not-too-sensitive personal data

    • Browsing history
    • Emails
    • 4chan/Reddit/Twitter screenshots
belkarx
  • 1,288
  • 3
  • 18