Featured Articles

Detecting (Malicious) Unicode in GitHub PRs
Crowdfunding on Crowd Supply (Review of my experience)
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Introducing BusKill: A Kill Cord for your Laptop
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
WordPress Multisite on the Darknet (Mercator .onion alias)
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Hardening Guide for phpList
previous arrow
next arrow

Plausibly Deniable File Encryption

Plausibly deniable encryption is a fascinating concept. For example, “TrueCrypt”:http://www.truecrypt.org/ (a FOSS for hard disk encryption) has a wonderful “Hidden Volume”:http://www.truecrypt.org/docs/?s=hidden-volume feature that provides “Plausible Deniability”:http://www.truecrypt.org/docs/?s=plausible-deniability. The concept is: you install 2 OS instances on your computer–1 in a hidden volume. If, for whatever reason, you were forced to reveal your encrypted data, you could give access to decrypt your fake, but seemingly legitimate, OS instance. If done correctly, this could prevent you from forfeiting your sensitive data.

What if you want to encrypt some data to a file, bury it on a thumbdrive somewhere, and make it appear to be just an obscure filetype (possibly corrupted)? I ran across “the answer”:http://old.nabble.com/Is-it-possible-to-decide-what-is-a-gpg-file–td26392408.html when studying for my Secure Computing final.

I haven’t had a chance to research this potential solution, but there seems to exist a project that builds onto the Blowfish cypher to achieve this plausibly deniable encryption: “Blowfish Updated Re-entrant Project (BURP)”:http://www.geodyssey.com/.

Exerpt from “burp.txt”:http://www.geodyssey.com/cryptography/burp.txt

Unlike many similar programs, BURP writes to the output file only the ciphertext (i.e., it writes no “file headers”, password verification data, system, program or content identification strings, etc.). Consequently, such file can not be “provably” identified as ciphertext, as long as the key
. . . → Read More: Plausibly Deniable File Encryption