Replies: 13 comments
-
|
Or maybe using a method similar to how TrueCrypt manage hidden volume: |
Beta Was this translation helpful? Give feedback.
-
|
truecrypt method seems to rely on the fact that all the data are put near the "start" of the disk. I can't see how this can be done without violating some layers. |
Beta Was this translation helpful? Give feedback.
-
|
I'm not too crazy about this feature. Since there is no way to prove you have or don't have a hidden volume(s) it creates a serious problem. The problem is that if you are held by someone, they can claim that you have other passwords that you have not given up just because they THINK you might have a hidden volume regardless if you do or don't. You might be held in a cell or beating/tortured until you produce a password that may not even exist. |
Beta Was this translation helpful? Give feedback.
-
|
No amount of encryption will save you from such people. |
Beta Was this translation helpful? Give feedback.
-
|
Evil people will always do evil things, but by having hidden volumes you give them a valid excuse to do it. If the excuse were not there, either the country's legal system or the international community will have more leverage for the individual. |
Beta Was this translation helpful? Give feedback.
-
|
Hidden volumes are no excuse to do anything evil, and they can protect you when the country's legal system is controlled by evil people. |
Beta Was this translation helpful? Give feedback.
-
|
No hidden volumes = Give password, volumes open, people see you only have tax return documents and other innocent documents. Little incentive for keeping you around. Hidden volumes = Give password, volumes open, people see you only had tax return documents and other innocent documents. Your capturers say, yeah my foot! I don't believe you. Hold you forever on the premise that you have a hidden volume with the evil data. Furthermore, now the capturers have a legit PR reason to be holding you. (You can not prove that you do not have a hidden volume) If you indeed have something that will get you in trouble, simply don't give the password. Say you forgot it. You will still be beaten and/or jailed but that was going be your fate with hidden volumes anyway. Summary:
Hidden volumes is a great way to hide things from people that don't have power over you, say, friends, boss, etc. When it comes to serious matters, hidden volumes provide as much protection as refusing to give the password with the side effect that you can not convince anyone that you do not have a hidden volume. You can reason, well, if you are not hiding anything from the state, then create a hidden volume and give the password to both the data and the hidden volume. That way you prove your hidden volume is empty. You could do that but then you will be back to square one. If you don't give a password for a hidden volume then you are still assumed to be protecting a hidden volume. This boils back down to not giving a password. Hidden volumes give a false sense of security that is dangerous to everyone that uses the technology. Read more: (A word on the dangers of TrueCrypt’s hidden volumes feature https://www.bestvpn.com/blog/7580/word-dangers-truecrypts-hidden-volumes-feature/). This will be the last reply I make to this thread. |
Beta Was this translation helpful? Give feedback.
-
|
I agree with you, yet I think it depends on who your adversary is. It's a complicated matter. |
Beta Was this translation helpful? Give feedback.
-
|
In general I believe Tomb should cover most cases, being a flexible building block to script what is needed and face most situations. AFAIK there aren't 100% hidden volumes: running Shannon's entropy filter on raw disk blocks would still detect the presence of something big and encrypted, giving certainty if there is an hidden volume or not... but speculating on the boogie men decision-making is a little beyond my capacity anyway. Cases I know where Tomb is used comprehend physical data transport and personal storage with fast access to data from apps via $HOME hooks. In case of dangerous transport splitting the key and data among different people still doesn't avoids jail / torture for whoever gets caught, it just insures that the data is not easily obtained unless everyone is captured / all devices holding pieces of keys/data are captured. Ultimately if one desires to be able to give up all secrets to avoid things like torture then should be using an encryption scheme permitting that, some kind of TSA lock that allows "lawful interception" to operate. In my perception something like EcryptFS based home encryption is something like that. |
Beta Was this translation helpful? Give feedback.
-
You cannot prove that you are not hiding encrypted files somewhere else. You cannot prove that you have not volumes at all (hidden ot not).
This is true even if the attacker did not find a single encrypted file at all. Even if encrypted files not found on your disk, there is still a chance that you are hiding something somewhere. So, following your logic, the attacker has a reason to torture you anyway, even if you only use 7z or PGP. Just because I didn't find any disks on you during my search doesn't mean you're not hiding them somewhere else. The absence of hidden information cannot be proven in any case. Thus, on the one hand, the use of hidden volumes can be useful in legal states where torture is prohibited and evidence is needed to imprison. On the other hand, refusing to use hidden volumes will not save you from torture where the law and humanism are not respected: you cannot prove that you are not hiding something, and you can be tortured even if no storage media was found on you at all. |
Beta Was this translation helpful? Give feedback.
-
Yes. It is impossible to prove that you are not hiding files somewhere. There is no way to prove that you are not using some kind of steganography technique. However, steganography will help where the attacker needs evidence to coerce you. |
Beta Was this translation helpful? Give feedback.
-
There are no such encryption schemes. You cannot prove that you are not hiding data anywhere. You cannot prove to the attacker that he found all your disks during a search. |
Beta Was this translation helpful? Give feedback.
-
|
Everyone knows that photos of cute animals can contain hidden information. How do you prove to an attacker that you are not hiding anything in your photos? Thus, hidden containers are no more dangerous than photos of cats and dogs. |
Beta Was this translation helpful? Give feedback.
-
Wait: we'll explain what we mean with this.
Sometimes we MUST reveal the password, and the enemy has the keyfile. We've lost.
BUT what if we had two filesystem, one "clean" and the other really secret, with two different passwords? we could reveal the wrong one, asserting that is what we were hiding.
how to do this?
ideas:
Beta Was this translation helpful? Give feedback.
All reactions