How plausibly deniable are TrueCrypt hidden volumes?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The idea is that there is no sign of the hidden volume's existence within the outer volume even if the user is forced to disclose the outer volume password. For this to be plausible the outer volume must be used or the user has no plausible reason for having it.
Quote:
If you mount a TrueCrypt volume within which there is a hidden volume, you may read data stored on the (outer) volume without any risk. However, if you (or the operating system) need to save data to the outer volume, there is a risk that the hidden volume will get damaged (overwritten). To prevent this, you should protect the hidden volume in a way described in this section.
The way described results in the outer volume properties including 'Hidden volume protected: Yes' which discloses the hidden volume's existence.
The next section in the documentation has a diagram showing how the hidden volume is created at the top end of the outer volume space. Use of the outer volume must not write in the hidden volume space or the hidden volume will be corrupted. That limits the choice of outer volume file system to one of the FAT series because more sophisticated file systems do write in places across their whole space.
How plausible is the choice of a FAT file system on Linux? Even on a dual boot system with the usual Windows versions NTFS is a better choice.
This is a fundamental problem with the hidden volumes. In order to keep them from being overwritten, you need to mark them, which makes them not hidden. I think if you want to go to this level, you will need to dedicate the device, put what you are going to put in the 'outer' volume, then create the hidden 'inner' volume and don't mess with the outer one again.
You mention plausibility and file system. FAT is a perfectly acceptable file system for Linux, especially on a (smaller) USB stick. From a practical standpoint, I also think you need to ask yourself what is the point, what are you trying to accomplish, and what are you trying to protect against? In other words, what practical situation would you use this type of encryption and obfuscation method? In cases where I can think of that you would want to use this technique, they are not ones where having a lot of dynamic access to the 'outer' volume would be of paramount concern.
I keep thinking of the XKCD comic regarding the $5 wrench: here.
I think that hidden volume idea is relatively insignificant. If the user will be forced to disclose the outer volume password also well he can be forced to reveal the hidden volume password. No one can known about existence of some hidden data, but if I would want to access that data, and I know about hidden volumes I will "ask" (for example through tortures) about password for it.
How plausible is the choice of a FAT file system on Linux? Even on a dual boot system with the usual Windows versions NTFS is a better choice.
I think it's very plausible. You could say that you want to have a FAT volume on the disk drive to keep files that will be moved to/from a USB flash drive. You could say that you want to ensure that the file characteristics won't change so you don't want to copy between different file system types. People would say that your concerns were misplaced but it still sounds like a plausible reason to have a FAT file system on a Linux machine.
Last edited by stress_junkie; 11-21-2010 at 07:33 AM.
Thank you for replies. The $5 wrench cartoon is great and makes a valid point. That is why it is essential there is not the slightest hint that a hidden volume exists. If a coercer had reason to suspect a hidden volume they could force the password out of the user. Reasons for suspecting include unused outer volume, overt hidden volume protection and a FAT file system where FAT is an irrational choice or anything else that suggests the outer volume is not the purpose of encryption. The concept of plausible deniability requires that it is plausible to deny there is a hidden volume.
Noway2's suggestion of not writing anything to the outer volume would create suspicion.
stress_junkie's position might work for a naive user but if the system were otherwise set up by best practice it would create suspicion.
I think the important word here is plausible not likely, or even convincing. As you can see from this article Man jailed over computer password refusal many countries have laws which make it an offence not to disclose a password if required to do so by a court. If the man above had been using hidden volumes he could have disclosed the password for the outer volume and it would then have been impossible to prove that he had been using the inner one beyond reasonable doubt, however fishy the setup may have been!
One problem with the replies here, is that I get a distinct feeling the inquirer is actually considering the use of this facility in a country where non-compliance with government could be a cause of death. Which would make it all the more imperative that the inquirer is given good advice - always assuming that he/she/it is on "our" side.
Personally, I am actually thinking of things like "Steganography" for such uses as hiding vital info securely - but the problem with that suggestion, is that I have no experience, or updated usage info, concerning how this would be implemented, and especially about any possible detection algorithms (which are the danger to this approach, obviously). A classical version (pre-computer, obviously) is that of hiding something "in plain sight", but how that would translate to computer systems, is anybody's guess.
The OP has not stated what their intentions are. This thread topic, in my opinion, is walking a a fine line on the LQ terms of use. So far, it has stayed on the side of not providing information that is being or could be used to perform illegal or harmful actions and instead has remained an intellectual discussion on the practical aspects of modern PKI applications. If the OP is considering using this application for illicit purposes, the advice of the LQ team should be clear and simple: DON'T!
The use of encryption should be considered as along the lines of putting your paper mail in an envelope. You may be able to prevent access to such evidence, just as you may destroy the paper, but you shouldn't rely on it for purposes other than for which it was intended.
I also don't think that my earlier statement about not writing stuff to the outer volume was entirely clear. Yes, you would need to put stuff in the outer volume, but that you would do so before you create the inner volume. After which you would not modify the contents of the outer volume. Physically, this technique is very similar to the classic copy protection methods of the early 80's where information or even sector errors were placed in predetermined locations on the disk. The data stored itself appeared to be garbage, but if the contents were altered either intentionally or not, the software would refuse to load.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.