TrueCrypt, Encryption and Random Data

As far as I can understand the situation (as a layman), when using TrueCrypt it is impossible to prove (that is legally, as opposed to 'plausible deniability') that an encrypted volume exists, because it would appear on analysis to be random or pseudo-random data (and consequently could simply be previously-wiped disk space).

Two questions:

1. Is the above theoretically correct (ignoring password weakness, user-implementation errors, etc), ie. that a TrueCrypt encrypted volume appears as random/pseudo-random data?

2. If so, is TrueCrypt the only encryption software that appears forensically as random/pseudo-random data, and hence 'legal-deniability', or is there other encryption software that also has this characteristic?

Thanks for any input.

 

1. Yes, it is correct.

2. As far as I know, there are other tools that can create an encrypted volume too.

However, having a volume filled with pseudorandom data on your computer, may trigger some suspicions to a potential forensic investigator, and you might have to give explanations. In a normal, free and democratic society, they should prove your guilt, but I suspect that today you might need to prove your innocence.

 

But not if you encrypt system partition, there is a bootloader. Pseudorandom data is not really random that means you can check for tc´s pseudorandom system, imho.

 

All encrypted data, no matter the software used, appears as pseudo-random data; that's what encryption is. The key is that an observer should not be able to determine whether it is truly random or pseudo-random. That is, there should be no way to discern a "pattern."

This is why it is always a good idea to overwrite the entire hard drive with pseudo-random data prior to encrypting it. On *nix machines you can do it with:

Code:

dd if=/dev/urandom of=/dev/hda

This command uses the pseudo-random number generator built into *nix. You can use "/dev/random" which is stronger, but it would take a couple of centuries (literally) to overwrite a large modern hard disk.

The reason this is done is because when you encrypt your disk, only the data on it is encrypted (the "empty" portion of the disk is not). This means an attacker can easily determine where the data is and theoretically have an easier time cracking it. If you overwrite the disk with pseudo-random data prior to encryption, then the whole disk appears to be covered with random data -- not just the encrypted portions. This means an attacker cannot discern the real data from the "noise."

 

I understand that TCHunt recognizes TrueCrypt volumes (including hidden ones) as encrypted volumes that are distinguishable from random data.

http://16systems.com/TCHunt/index.php

 

Actually Truecrypt deniability consist in ability for the same volume to have 2 different passwords and opening 2 different disks, one is from beginning and another from the end (the hidden volume) See more here:

http://www.truecrypt.org/docs/?s=plausible-deniability

 

I've Used TCHunt, it just looks for files that meet a wide range of criteria. TCHunt chose 14 files in total 90% were from windows/system 32...2 or 3 were from my second HD (I have 2HDs in a Raid 0 configuration...spanned HD), the last file was my TrueCrypt file.

 

Thanks for all your replies.

(I think where I was confused was that the TrueCrypt documentation specifically states that one feature of the software is that an encrypted volume appears as random data; I haven't come across such a statement yet in the PGP documentation, for example, so I wasn't sure if it was specifically a TrueCrypt 'feature'.)

 

To verify that an encrypted virtual volume appears as “random data,” simply open the associated storage file (e.g., “<volume_name>.PGD” for PGP) in a disk editor and inspect its contents. With WinHex, for example, you can analyze the file (select "Tools | Analyze file") to see the distribution of data values in the file (0x00-0xFF). If the data are truly random, then the distribution should be flat - i.e., every data value should occur with approximately equal frequency.

 

No, that refers only to the optional hidden volume that can be located with a standard volume. As far as I am aware, it appears to be technically impossible to prove whether or not a hidden volume exists within a standard volume. This is because all of the data was encrypted using the exact same methodology and it is truly homogenous.

However, a large block of "random-appearing" data on a hard drive will come under immediate suspicion. If you attempt to explain it away as wiped data and you provide details as to which wiping program you used and the process that you followed, then an expert might be able to analyze the random-appearing data and determine that it could not have been created by the wiping program you specified in the manner that you claimed to have used it. This, plus any other evidence that your hard drive contains, might be enough for a court to find that you were lying about the source of the random data, and they might also find that you are most likely hiding encrypted data. It doesn't always take 100% proof to make a decision like this.

 

Is “plausible deniability” only of practical importance to citizens of countries that can compel an individual to reveal the password of an encrypted volume? If so, for citizens of the United States, “plausible deniability” isn't a benefit -- correct?

 

I have to admit that I'm a long-time opponent of plausible deniability, and as such your question takes me somewhat aback, but I can see what you're getting at. You're saying that if the court and legal system of a particular country isn't able to force you to reveal the passwords to your encrypted data then there's no real advantage in using the hidden volume feature, since you can merely refuse to provide any and all passwords whatsoever and things will never progress past that point.

Please don't take offence, but from my point of view your question might be rephrased (somewhat comically) along these lines: "I know a really good way to lie under oath and I'm wondering which countries might offer the best opportunities for doing so."

And my answer, of course, would be "none of them!" But others here might answer differently.

 

Why you're an opponent of plausible deniability?

 

Dantz, yes, that is the key point and the question about which I am wondering. In particular, are citizens of the United States able to refuse divulging a password without adverse consequences? If so, then it appears that a "plausible deniability" encryption feature has no practical benefit -- correct?

On this topic, does anyone know the current status of the case described in this Judge orders defendant to decrypt PGP-protected laptop article?

 

The whole PD aspect of TrueCrypt's hidden volume feature has been carefully designed to help you hide things and then successfully lie about it in court. Thus, you could say that one of the major design goals of TC is to help criminals get away with things, even if it requires them to commit another crime (lying under oath) in order to do so.

I realize that PD can also be used by a guy who merely wants to hide his personal porn collection from his wife in order to avoid embarrassment, and that sort of thing, but there are also many truly criminal uses for this feature such as the hiding of child porn, terrorism plans and a wide variety of other criminal activities that are likely to cause great harm. With all that's going on in the world I don't think we need to be handing hardened criminals these kinds of tools, and this is main reason why I oppose the incorporation of PD into software design.

 

Dantz, while any protection mechanism (e.g., locks on a house door, encryption on a PC) can be used inappropriately by those with dishonest objectives, the same tools can also be used by law abiding citizens who simply wish to protect their property and their privacy. I do not condone the former, but recognize these circumstances as an unavoidable consequence of having the latter. Individual rights of the many should not be abrogated by the wrongful acts of the few.

 

AMEN. Thank you.

 

I don't object to encryption. Encryption is great. What I object to is TC's hidden volumes and their so-called "plausible deniability" when used under certain conditions. If you truly understand this feature then you realize that it is useful only in a courtroom setting, and you probably also realize that if you make use of it in court by denying the presence of a hidden volume then you are intentionally committing perjury. Can anyone please explain to me why this feature is a good thing, using real-world examples?

 

I am on TC lastest version on windows server 2003enterprise box. I am having issues with hdd partitions with TC. The box is multiboot of windows xp & server 2003. In windows xp session, everything is normal with TC. But, in server 2003 session, if not enable letter drive to TC-Encrypted partitions (non-system and non-bootable partitions), TC can not mount those TC-Encrypted partitions, and it pops up error msg "The device is not ready"; I have to enable letter drive to each partition to have TC can work on them properly that I dont have any issue with TC & Partitions in windows XP.

 

Boss: What's that file on your computer, is that an encrypted container?

Employee: Yes, as a matter of fact, it is.

Boss: What's in it?

Employee: Just documents I wanted to protect.

Boss: Look, just so you know, we can't have pornography on our computers.

Employee: Pornography?!?!

Boss: What else would you lock up like that?

Employee: I told you, just documents. Being extra careful is all.

Boss: Open it.

Employee: WHAT!?!?

Boss: I said open it. If you have nothing to hide, open it. Now!

Employee: Well, yes sir. I hate you can't trust me, but...

(Employee opens outer container with Truecrypt which shows just what he said)

Boss: Ok. It just made me nervous. I'm, uh, really, uh..sorry. (Hurries off.)

Hidden container with job search information, updated resume, etc. is never seen by the boss.

If the boss comes back and says, "IT says you can hide another container inside the other one," you can deny (with plausibility) that it may have the feature, but you know nothing about it.

There, per your request, is a real-world example that is not in the courtroom.

 

Since the employee did not respond truthfully to the employer’s question, there exists an ethical issue. The intriguing point raised by Dantz is whether a technology that enables deceit (i.e., the “plausible deniability” feature of TrueCrypt) is itself complicit in the deception.

One can imagine, however, a case where political dissentients in a repressive regime are fighting for basic human freedoms and therefore need to protect sensitive content, even when compelled to disclose it. In such rare and extreme circumstances, it is commonly recognized that the necessity of deceit enables a more noble objective and thus is “justified.”

 

That's certainly the one example that has always come to mind when I've thought about deniable systems. My concern is that such systems are harder than they look, and I would be apprehensive to trust any of them without more intense scrutiny taking place. Information leakage is a real killer, and leaves little to no room for graceful degradation. And, for this type of threat model, that's a pretty big risk.

 

What business is it of anyone else what I keep on my computer? The problem with most of these laws that you consider so great is that most of the people who have run-ins with the law have done nothing more than have the wrong files on their computers. And don't make the mistake of thinking it's just child porn. The US has pretty oppressive obscenity laws compared to most of the world. Read about the guy from Brazil who produced the video that the "2 girls 1 cup" clip was pulled from. That guy actually pled guilty and got 3 years probation. He probably would have went to prison if he had gone to trial. And there are no shortage of cases like this

Bottom line: The law should be about actually protecting people, not flogging people about what they have on their computers. There's a certain subset of the population that seem obsessed with controlling what people think and what they do in their own homes. It's simply a mental defect that the rest of us have to put up with. It was the same mindset responsible for the Spanish Inquisition. People who think like that are often drawn to the law. What do you do with these people? You ensure you have technological superiority over them and pat them on the head, telling them "Good job sir for protecting us from people pooping. What would this world be without people like you?"

Call me an anarchist if you want, but I'm going to choose to obey the laws that make sense and not give a crap (no pun intended) about the rest. TrueCrypt is exactly the type of technology we need to make sure that the law is not abused by the people in charge of enforcing it.

Let me add that if someone has actually committed a crime, there should be more evidence than the files on someone's computer. If the only "crime" that someone has committed is having files on a computer, then the law is faulty and should be challenged. Either way, TrueCrypt does absolutely nothing to promote real crime. You cannot cover up a real crime with TrueCrypt. You can however frustrate the thought police. Sorry, but I don't see any negatives with encryption, and I don't believe there is a such thing as abusing TrueCrypt.

 

OK, your example nicely demonstrates that TC hidden volumes can sometimes be used in a non-courtroom setting in order to fool a gullible person in a relatively harmless way. Perhaps a few company rules were broken, but no great harm was done. I can appreciate that. Of course, this was a "best case" scenario.

However, since the employee was not being interrogated under a legal system that is based on the presumption of innocence, this was not quite PD, although I suppose you could call it "PD-Lite". What you have presented is basically a scaled-down version of a courtroom setting, but you have replaced a country's police, prosecutors and judicial system with a company's (assumed) internal policies, a gullible boss and a relatively unsuspicious IT guy.

The reason that this is not what I would call a true usage of PD is that the employee's denial is not protected in a legal sense. TC's PD features are not merely "deceitware" that can be used safely in any situation, rather they have been designed to be used under the auspices of a legal system that presumes innocence and that requires the accuser to present genuine proof. In your example there is no overriding legal protection, there is merely the employee's attempt to deceive his boss, who may or may not be fooled. If the boss hadn't been so gullible he might have been within his rights to install keyloggers and hidden cameras or even to fire the employee outright, and if the hidden volume were eventually discovered then the situation might have escalated further. (And if the employee was smart enough to realize these possibilities then he would never again dare to access his hidden volume, for fear that he would both reveal its existence and provide the means of access.)

In some countries the employee might have been heavily pressured to reveal the password to his assumed hidden volume, with a variety of techniques that would probably not be considered legal in most civilized countries. This doesn't (usually) happen under a legal system that is based on the presumption of innocence, and it is only under these conditions can a person safely (relatively safely, that is) utilize the "plausible deniability" defense.

I think that a better definition of "plausible deniability" might be "An explanation which may or may not actually be plausible, but which is impossible to disprove in a court of law."

Outside of the protections of a legal system there is no true PD. At this point it's merely a matter of deceit. You may or may not be believed, and there may or may not be unwanted consequences. Here's a darker version of how a non-courtroom based PD/deceit scenario might go:

Suppose you are travelling in a foreign country and you are believed to be carrying extremely valuable data on your laptop computer. (Naturally, you have encrypted it and stored it within a hidden volume.) Suddenly a gang of thugs and/or secret police shows up, pulls you into a room, grabs your laptop, points a gun at you and insist that you tell them the password to your TC volume. You give it to them immediately, of course, and hopefully that will be the end of it. Unfortunately, your captors already know about TC's hidden volume feature, so the next thing they do is insist that you give them the password to the hidden volume. Now they're holding a gun to your head. Are you going to pull PD on them? Will you scream "There is no hidden volume! You can't prove it! I have plausible deniability!" to the gunman as he is about to pull the trigger? Whoops, I guess you just mistook deceit for PD. Better luck next time.

Another sad thing about this scenario, aside from the fact that you might be very close to getting your head blown off, is that an innocent person who doesn't even have a hidden volume might also be assumed to have one and might have to suffer the consequences. Like those "oh so secret" money belts that many muggers already expect you to be wearing, everybody who knows about TC already knows that most users have hidden volumes. (All you have to do is is browse the TC forums to notice the large number of discussions involving hidden volumes.) Anyone who thinks that their hidden volume is beyond suspicion is being extremely naive. And unfortunately, outside the rule of law you are subject to the rule of the streets, and "guilty unless proven innocent" turns out to be a common approach.

Another thing that bothers me is that the TC developers have intentionally dragged the remainder of their users into this scenario, even those who don't use the hidden volume feature, by making it almost impossible to disprove the existence of a hidden volume. They even made the default format FAT32 in order to help the hidden volume users blend in with the rest of the users. (FAT32 is the preferred format for an outer volume that contains a hidden volume). The non-hidden volume users are basically being used to provide cover for those who do have hidden volumes.

No, I believe that the hidden volume feature is a bad idea under almost all scenarios. At best it can be used to fool the gullible and uninformed, and at worst it can be used by hardened criminals to hide incriminating evidence from the court. In a non-courtroom setting, in some cases you can almost get your head blown off before you wise up, and in other cases you can be unfairly suspected of having a hidden volume even when you actually don't. There are very few winners, and I still wish that the hidden volume feature had never been made a part of TrueCrypt. (And we haven't even discussed the recently added "hidden OS" feature.)

 

I think this was the original guiding principle for the inclusion of PD features into TrueCrypt, and perhaps it made sense at the time, but unfortunately it turns out that hardened criminals are also taking advantage of these capabilities. You can't give this tool to civil libertarians without also giving it to criminals, and personally I don't think it's worth it.

The fact that a large number of users feel that they have "something to hide" and have chosen TC's hidden volume feature as the ideal vehicle for doing this doesn't overly concern me. I feel that for the most part the hidden volume feature has been overused and misunderstood.