That's why TrueCrypt, and I think Vera Crypt have support for a volume that can be decripted with two keys - one will yield a decoy volume where its free space is actually the real volume that you want to protect which gets decoded only with a second key
I'm not sure if the entropy analysis of that free space can suggest that there's something funky about that free space or not..
Because usually free space is either actual info just marked as deleted, or info reset to zeros by some pro active wiping of the free space.
So, having a bunch of whacky data that doesn't look like any kind of file, can probably be used as a tell tale sign? No?
My understanding is that people who torture you don't know what you don't know; so they don't know when to stop. As such, they'll keep torturing you way past the point where you've admitted to everything you know. This is why information obtained under torture is considered unreliable: eventually you'll just say anything to stop the torture; further admissions will support the use of torture as an information extraction tactic, and then lead to more torture.
In theory, you could just keep adding n+1 layers of fake passwords (maybe with realistic fake data), on the hope that after n attempts, they think they've broken you and hit the jackpot.
But as sibling commenters describe, if sufficiently motivated, there's no reason that an authoritarian state wouldn't just keep torturing you anyway. :(
> if sufficiently motivated, there's no reason that an authoritarian state wouldn't just keep torturing you anyway.
Sure, but it helps to make it look like you're someone not worth torturing in the first place. The same look would happen when you decrypt your TrueCrypt partition.
Large unused sections on the laptop with random data is a bad look for someone trying to say they're not a spy.
If it were me, I would do something more like bring a laptop with a bunch of biblical research and ask everyone in the checkpoint, if they've taken Jesus Christ into their heart.
This of course assumes that in this instance the authoritarian regime just finds these sorts of religious people annoying and not dangerous. I wouldn't do this coming into Iran, say.
When cryptographers talk about "security through obscurity" they're talking about cryptographic algorithms and protocols. So even systems that aim to prevent "rubber-hose" attacks could benefit by avoiding algorithms (like AES) who's security is based on obscurity, even if there are parts of the system that are obscured.
Only circumstantially in IMHO. Obscurity can be a semi-decent security tool in some situations, and in others completely and utterly useless. It depends on what you're trying to secure.
It seems like there's something like a way to measure the different mechanisms in terms of how inherently decoupled they are from their surroundings. So, a the fact you have to send messages to my server in a particular format is one type of obscurity- but it's highly non-incidental, linked to many different parts of the world (i.e. it's some common network protocol) and more easily investigated (you could get interesting different responses by vary what string of bits you send).
In comparison, which particular password I use can be very highly decoupled from the rest of the world and my architecture, which makes it vastly more (reliably) obscure.
Somewhere inbetween "you have to know my server exists to send 'login:admin password:pass' to it" and "the volume's encrypted with a 2048-bit cypher generated from atmospheric entropy" is, maybe, a useful middle ground.
Hidden volumes seem like more of a defensive meta-obscurity, in that they obscure your metadata (your ownership of a particular piece of encrypted data).
I'm aware. But Kerckhoff's principle is just saying that your mechanism of encryption shouldn't be obscured. It doesn't change that I can't define 'obscure' in a way that doesn't make it a mechanism (in itself inobscure) of obscuring data.
Also, there are plenty of historical ciphers that fall foul of Kerckhoff, I don't think we can say retrospectively that they weren't done for security, and in many cases were probably totally adequate for some time, if not their lifespan.
I think the authoritarian regime will just torture anyone with any VeraCrypt or TrueCrypt volume and the plausible deniability will come back to bite you as you can't prove that there are no other hidden volumes.
The problem is the level of scrutiny. Against some attackers, decoys have very very nasty game-theoretic failure cases.
Specifically- there's no limit to the number of decoys that could be on a disk. So you can get into the situation where you've decrypted every volume that exists, under coercion, but your adversary believes there are more volumes remaining.
By design, you have no way to prove that there isn't more hidden data on that disk. This is unlikely to end very well for you.
> So you can get into the situation where you've decrypted every volume that exists, under coercion, but your adversary believes there are more volumes remaining.
This is intentional.
If you could prove that there wasn't more hidden data, then the incentives would be to torture you until you did that.
Since you can't, there is no incentive to reveal a further hidden volume, since the attackers will either keep torturing you or not, and revealing more will most likely not help you.
If I remember correctly, the decoy volume treats all the hidden space as available disk space. TrueCrypt used to have a warning that booting into the decoy volume could scramble the hidden volume when the OS wrote files to disk if it happened to choose some space that overlapped with your data.
If your decoy only lists 5GB of space on a 5TB drive, then it isn't a very good decoy.
If you have a VeraCrypt partition that they can detect, it makes you look like a spy. Lots of random data in unused sectors on your hard drive is a bad look if you're trying to convince the border agent you're not a spy.
If you have a plain old laptop with some mildly embarrassing information on it that's not encrypted, you might still be a spy, but they wouldn't be able to tell from the laptop itself.
An encrypted volume (fixed space) should even remove the white space. After all, knowing the size of a file contained within could leak information about its contents.
I imagine the only way to detect a volume would be to have it decrypted (enforced by law enforcement), to take the supposed volume type and files within and then re-encrypt with the same data. If your volume and the supposed clone are different, it would suggest that you have hidden another volume within.
I think the defense is that (assuming IVs, nonces, etc... are held constant) that the files would encrypt identically. And the excuse for the rest of the disk is “it gets filled with random bytes to obscure how much disk space is actually being used.
I'm not sure if the entropy analysis of that free space can suggest that there's something funky about that free space or not.. Because usually free space is either actual info just marked as deleted, or info reset to zeros by some pro active wiping of the free space. So, having a bunch of whacky data that doesn't look like any kind of file, can probably be used as a tell tale sign? No?