A software feature for plausible deniability

[Offshore Guy]

What if when a container or partition is created, an optional second
password could be specified?

If it was specified, and then used to open the container, the
container would be written to from the tail end inward. That is to
say, the sectors would be used in reverse order. Call this side "B".

There would be no way to prove that this optional second password
feature has been used, and a user could provide a password to open
side "A" of the container and reveal "less" secure documents.

When the second password is used, the software could size the
container to prevent overwriting of side "A". This could not be done
when side "A" is open without compromising deniability.

Shaun, could such an approach be made to work?

[vibart]

Something like your suggestion already exists. It's called Bestcrypt.

Offshore Guy wrote in message
<0evgaucgfj1qmjq8n...@4ax.com>...

______________________________________________________________________
Posted Via Uncensored-News.Com - Still Only $9.95 - http://www.uncensored-news.com
With NINE Servers In California And Texas - The Worlds Uncensored News Source

[Paul Le Roux]

there are a whole host of problems with this:

if you run this through a debugger, seeing the thing
starting from the back and going to the front is going
to alert anyone that you've given out the dummy
password

remember the entire os is easy to debug, DCPP low level
development was basically done this way, I used a linux box and a
i386 emulator, I had a windows box running within my
linux box, and could watch each cpu instruction execute.

what you really need is for 1 or more containers within your
container but done in a way that does not allow someone who
has the full source code, and can debug your cpu to know if
you've given out the real password or some dummy, the software
itself must not care or be able to tell which is which

I talked to the SecurStar people about just such a system 1 year
ago, but it's on the back burner thanks to other priorities,

one problem with a product like this, is it's hard to think of
a legitimate reason for this sort of product...

In article <0evgaucgfj1qmjq8n...@4ax.com>,
offsh...@offshore.com says...

[Simon Hunt]

>
> one problem with a product like this, is it's hard to think of
> a legitimate reason for this sort of product...
>

One I can think of is people living and working in countries without free
speech, or with corrupt governments, where the suspicion of hidden data
would be damaging enough..

hang on - isn't "corrupt government" an oxymoron?

Simon.

[Paul Le Roux]

yes, this is the tired answer given up by the software industry anytime
the morality of handing out this sort of software comes up; and it's and
argument I support in principle.

but could I make 2 observations:

1. do people living in the third world actually have both a) computers
and b) the money to afford to buy software?

2. for that matter do they even have electricity?

Granted England, probably is getting close to third world levels of civil
liberties, but the unspoken truth is that the overwhelming majority of users
for this solution are not going to be living in the third world, and are not
fighting "the just fight" against "cruel, and ruthless dictators"

In article <1018449421.426.0...@news.demon.co.uk>,
nos...@never.com says...

[Simon Hunt]

you are bad! ;-)

>
> 1. do people living in the third world actually have both a) computers
> and b) the money to afford to buy software?

yes. especialy westerners helping them such as Amnesty int staff..

> 2. for that matter do they even have electricity?

yes, and soler cells, and cell phones, and satelite tv..

Simon.

[Paul Le Roux]

In article <1018453687.10463....@news.demon.co.uk>,
nos...@never.com says...

>
>you are bad! ;-)
>
>>
>> 1. do people living in the third world actually have both a) computers
>> and b) the money to afford to buy software?
>

this conversation has been dragged hopelessly off-topic, and I don't often
climb onto a public soap box, but here goes:
the "western" Amnesty guys don't set foot in the third world, most if not all
are simply armchair activists issuing press releases in the west about alleged
abuses in these places, yes there are "Amnesty" people all over the third
world
but these guys are basically locals and probably don't own a computer,
never mind a telephone, modem, or an internet account, yes there are NGO's and
western
people in third world places but they're not there to stir up political
descent,
and certainly don't make disparaging remarks about their host countries,
if they did they would be "disappeared"

>
>yes. especialy westerners helping them such as Amnesty int staff..
>
>> 2. for that matter do they even have electricity?
>
>yes, and soler cells, and cell phones, and satelite tv..
>
>

you must have visited a different third world to me,
where exactly in the third world did you visit?,
the oppressed masses of the third world don't have
any of these things, the third world rich do, but the rich are
exactly the people who are not about to blow the whistle on the
local system, because the fact that the masses are the uneducated,
un electrified, exploited, hopeless retches that they are
is exactly why the third world rich are rich

[Paul Le Roux]

In article <3cb4c956...@news.atl.bellsouth.net>, r.y.mi...@GoFor21.com
says...

>
>pau...@rocketmail.com (Paul Le Roux) wrote:
>
>>one problem with a product like this, is it's hard to think of
>>a legitimate reason for this sort of product...
>

>In other words, as J. Edgar Hoover said:
>
>>"Why should you care if you have nothing to hide?"
>
>Do you agree with that?

no not at all, E4M source would not be available free now+source if I did not
value privacy and civil liberties, it's just whole "fighter for human rights
thing" is overplayed.

[nemo outis]

Hear! Hear!

[Paul Le Roux]

If you read my other post, and my original post,
you would see I am not judging anyone, I'm saying the
"fighter for freedom in the third world" argument is in a large
part the western software industries cover story for this kind of product.

The real trouble is that people in "important" countries are by far the
main users (maybe the only users), and maybe using the product for
things which their countries consider "illegal", but nobody
want's to confront head-on the issue that many western laws are
unjust, especially for example the UK RIP Act, the seizure of property
before trial in the US, not to mention detention without trial in the UK/US,
the UK restrictions on free speech which "incites hatred", the higher
likelihood of minorities facing capital punishment in the US, not to
mention the blanket surveillance of global communications; the banning
in Germany and France of nazi era symbols, the banning of far right
political groups in Germany, the criminal levels of taxation in the OECD,
the attacks on the right of adults to view adult material, etc it's
much easier for western software companies when confronted with these
issues to simply deflect them with the
"fighter for freedom in the third world" argument because the
issues are too controversial! they get away with it because third world
people are excellent scapegoats, most don't have electricity, computers,
phones, TV's and probably cannot even read! Africa for example has only 5
or 6 countries with Internet service providers out of 55 countries
(not counting any new ones which may have popped up there while I was
writing this post); and anyway third world people are far more likely to
need AK's to fight for freedom, than software.

[Flare]

pau...@rocketmail.com (Paul Le Roux) wrote in message news:<a91i7s$gjc$1...@reader07.wxs.nl>...

> there are a whole host of problems with this:
>
> if you run this through a debugger, seeing the thing
> starting from the back and going to the front is going
> to alert anyone that you've given out the dummy
> password

What do you mean 'alert anyone'? You mean 'LEA hackers'
monitoring your system??

>
> remember the entire os is easy to debug

And?

> what you really need is for 1 or more containers within your
> container but done in a way that does not allow someone who
> has the full source code, and can debug your cpu

What are you talking about? Who can debug my CPU? When?
While I am typing the passphrase or loading from the container?
By a stealth key-logger-sort-of debugging utility?

> one problem with a product like this, is it's hard to think of
> a legitimate reason for this sort of product...

Plausible deniability (even stronger than steganography)

[Paul Le Roux]

the point is that if your system is confiscated by some agency,
"insert agency here", and they wanted your data bad enough, they would hire
someone to examine your computer, if you gave up a password (your dummy
password that is) the person looking at your stuff can take out your harddisk,
and run it under an emulated cpu to examine every machine instruction if
they wanted, if you used the system the original poster suggested it wouldn't
take them long to figure out you'd given up the dummy password,
and they'd come back and slap your head again, this is the case where
your container has already been found...

In article <8d5e27d5.02041...@posting.google.com>,
flar...@yahoo.com says...

[Flare]

pau...@rocketmail.com (Paul Le Roux) wrote in message news:<a94kvu$t4k$1...@reader09.wxs.nl>...

> if you used the system the original poster suggested it wouldn't
> take them long to figure out you'd given up the dummy password

How would they know? Such a feature has already been implemented
in BestCrypt. AFAIK there is no chance to prove that a second
password and a hidden container have been used (no matter if being
debugged). Where is the weakness?