Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why aren't plausible deniability passwords a feature in operating systems? Especially since many now offer full disk encryption.

What would happen to these searches if plausible deniability passwords became more widely used?



I took a workshop on custom Kali builds where they specifically spoke about LUKS headers and shipping them via email/gdrive to yourself and removing them from the physical device. It renders the partition useless. This was viewed as a better alternative than something like TrueCrypt with decoy passwords since if the government can ever prove you did it then that's obstruction. With the headers gone and no local copy you can't provide what you don't possess.


> This was viewed as a better alternative than something like TrueCrypt with decoy passwords since if the government can ever prove you did it then that's obstruction.

If that qualifies as a type of legally actionable obstruction, it would seem that intentionally wiping your device before you cross a border and then reloading data onto it once you arrive at your destination would also qualify.


In one, you intentionally give false information and lead the government believe you in good faith complied. In the other, the data is inaccessible and the government is aware it is inaccessible. They can then evaluate risk and seize the device or take some other action from that knowledge. IANAL and I don't play one on TV.

ETA: To complete the threat analysis, and if they seize two devices, one with a password protected key and a LUKS volume without headers? I'll take LUKS.


> In the other, the data is inaccessible and the government is aware it is inaccessible.

Because the person made it inaccessible with the intention of concealing it from law enforcement and others. There is still a means to decrypt the data.

All of the actions described in this thread - whether it's decoy passwords, encrypted volumes with headers, burner devices, or wiping data and then restoring at the destination, all seem like they could be construed by law enforcement as a person obstructing their ability to sift through the individual's data.

(But IANAL either.)


Just don't use LUKS, use dm-crypt in plain mode and separate 2 flash drives - one with the bootloader, another with unformatted partition with the key at certain offset (or you can have both on single flash drive).

Then you can mail those flash drives around and backup them as you need. I think it is even possible to use Yubikey for dm-crypt in plain mode.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: