16

  1. I can't think of a reason as to why you'd want to create a hidden volume in VeraCrypt. It says because "you may be asked to hand the information," but why would I need to hand it over? Nobody has any proof of what may or may not be in that volume, so they can't claim that I'm doing something unlawful (assuming I was), because they literally have no proof of absolutely anything. Hence, they cannot make me hand over the password nor can they penalize me for defending my privacy and refusing to hand over my personal files without any proof that those files are somehow harmful (or whatever you wanna call it).

  2. Also, if you have to hand it over, it doesn't make sense that while there is 500mb/700mb occupied space when the files there only take 300mb. Where did the other 200mb go?

...But let's focus on #1, as that - in my opinion - is a more important point that just obliterates the suggested reason, far as I can figure.

Jack
  • 421
  • 2
  • 4
  • 10
  • 11
    It's to mitigate the [rubber hose attack](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis). – Michael Hampton Mar 01 '15 at 18:05
  • 2
    Fun fact: [in the US](http://www.macrumors.com/2014/10/31/fingerprints-not-protected-by-fifth-amendment/), you can be forced to unlock your devices if your lock is a fingerprint but you cannot be forced to reveal a password. The wording of the decision makes it seem that any biometric security could also be compelled. – tpg2114 Mar 01 '15 at 19:16
  • 8
    You absolutely should create a hidden volume! If you don't, how many of your fingers will the attacker cut off before he finally believes you that there really isn't a hidden volume? Better go 2 to 3 hidden volumes deep just in case. – TTT Mar 01 '15 at 21:41
  • 1
    @MichaelHampton: +1, never knew there was an english name for that. In Russia, we call it rectothermal cryptoanalysis :D – Mints97 Mar 02 '15 at 07:32
  • 2
    @tpg2114 There have been several cases where people have been compelled to enable decryption of a password protected device. – CodesInChaos Mar 02 '15 at 10:07
  • 2
    @TTT: Just one, because after that you tell them "yeah, there is information, but you just fed the fingerprint that will unlock them to your dog" – PlasmaHH Mar 02 '15 at 13:57
  • 1
    @MichaelHampton [Obligatory XKCD reference](http://imgs.xkcd.com/comics/security.png) – Canadian Luke Mar 02 '15 at 20:01

5 Answers5

39

Your first question is really a legal one, and you seem to be assuming two things:

  • The attacker is a government of some sort.
  • That government actually respects citizen privacy and requires some sort of reasonable suspicion before it can force people to give up encryption keys.

Neither of those assumptions are necessarily true. For all you know, some random thief could grab your laptop while you are using it, notice a VeraCrypt file sitting on the desktop, and pull out a gun and force you to decrypt it. It's not super realistic, but definitely possible.

And even if it is indeed a government, not all countries have privacy protections or require reasonable suspicion. Even in ones that do (e.g. US and many European countries), there have been lots of cases where courts have forced people to supply their decryption keys because it is deemed relevant to an investigation. Whether they have the authority to do so is a subject of current debate, especially in the US where there is supposed to be protection against self-incrimination. Here is one such case:

http://www.cnet.com/news/judge-americans-can-be-forced-to-decrypt-their-laptops/

For your second question, try it out yourself: Create a 500mb outer volume, containing a 300mb hidden volume. Completely fill the hidden volume with files. Then mount the outer volume. The outer volume will still show 500mb of free space.

How does this work? The idea is that you're never supposed to write to the outer volume once you have created it, as doing so could corrupt your hidden volume. If you open the outer volume, even veracrypt does not know that the hidden one exists. There is no way to tell that a hidden volume exists because the hidden volume is indistinguishable from free space (which is why veracrypt still shows 500mb free space when you mount the outer volume). That's the whole idea of plausible deniability; there is no technical way to prove that there is more encrypted data.

tlng05
  • 10,244
  • 1
  • 33
  • 36
  • Thanks, that was a very descriptive answer, especially for the second part. – Jack Mar 01 '15 at 16:23
  • 1
    So if the outer volume was changed recently, but none of the files in it, then it is clear that there must be a hidden volume in it, right? – Paŭlo Ebermann Mar 01 '15 at 17:03
  • 1
    Go one step further: it is also impossible to prove that an encrypted file is actually a TrueCrypt volume for the same reason. There is no common header or other structure. Enter your password, and the application tries every encryption method until one works and it can decrypt the volume header into something recognizable. –  Mar 01 '15 at 18:54
  • @Snowman, from an information-theoretic standpoint, there's no way to prove it. In the real world, people don't carry around large blocks of random data, so a large file with no structure is virtually certain to be an encrypted volume. – Mark Mar 01 '15 at 21:41
  • 3
    @Mark: I do. In the place where I keep my encrypted volumes, I also have a large file containing randomly-generated data. Which one is it? I'm certainly not telling you. It's a potential legal risk to do this, though, since here in the UK I could in principle go to prison for refusing to provide the password for it, despite that it doesn't have a password. So maybe I'm lying to you, and it's an empty encrypted volume just in case I need it to be. The "obvious" solution from a government's POV is just to criminalise random data, but in some countries that's difficult for constitutional reasons. – Steve Jessop Mar 02 '15 at 00:32
  • @SteveJessop IIRC, there have been actual situations where that's been a concern -- if you make it so an employee can't unlock something or bypass some system but don't sufficiently advertise that, it increases the risk to employees from criminals who try to force them to do that thing and don't know they can't (and dismiss protests as lying). – cpast Mar 02 '15 at 00:49
  • 1
    @cpast: yes, it's important for the safety of bank and security van staff that they can credibly deny being able to give access when they can't. Part of achieving that is to have a strong policy that if someone points a gun at you and requests access then you'll co-operate. Give them the money and hope to catch them later. But that doesn't help in cases like this where the whole point is to refuse to co-operate, and to try to credibly deny it when in fact you *can* give access... – Steve Jessop Mar 02 '15 at 00:53
  • 1
    Anyway, the point is that as a practical matter, *Mark* can't tell whether I have a random file or an encrypted volume. So it's more than just an information-theoretic point, in the real world he actually can't tell which it is. The reason is that he can't bring sufficient threat to bear against me that, if it were a volume, I'd give up the key. And neither can the government tell, really, since for all they know I'm genuinely enough of a legal risk-taker to run `dd if=/dev/urandom bs=10M count=1000` from time to time. If I was in the US it wouldn't even be a legal risk. – Steve Jessop Mar 02 '15 at 01:05
  • 6
    Actually it's possible to modify the outer volume after the inner volume is created, you will have to input both the inner and outer volume password. This will tell TC/VC about the size and location of the inner volume and so TC/VC will avoid writing over the inner volume while writing to the outer volume. – Lie Ryan Mar 02 '15 at 09:58
  • @LieRyan: I would think it might in some ways be better to have a policy that reserves 10% of the space used by every encrypted drive for a nested drive, whether or not the user would need such a thing. If the user must mount the inner drive in order to safely use the outer one, only people who knew the inner-drive password could safely use the outer one. If 10% of each volume were always allocated to an inner drive whether it was needed or not, the computer could be safely used by people who had no idea which volumes were used. – supercat Mar 02 '15 at 20:32
  • 1
    @supercat: the point of a hidden drive is to be undetectable. Always reserving space would mean that the sectors reserved for the inner drive is known by the adversary, this means if he obtained your encrypted file and detect changes have been made on the reserved space, that would be a good hint that you have a hidden partition. Also, a rational people would never choose TC without using its hidden partition feature if it always wastes 10% space compared to other encryption formats. This weakens everyone's claim that they don't have a hidden partition. – Lie Ryan Mar 02 '15 at 22:20
  • 3
    For the hidden partition feature to be plausibly deniable, there must be a large number of people that uses TC without hidden partition. This means the TC without hidden partition must be competitive with other encryption programs. An encryption program that wastes 10% space is not competitive. Plausible deniability cannot be achieved if everyone ended up using hidden partition. – Lie Ryan Mar 02 '15 at 22:25
  • @LieRyan: Drive space is sufficiently cheap that in many cases 10% of the smallest used partition wouldn't be a big issue if the software was in some other ways better than competitors. The key aspect of plausible deniability would be that some people would use one nested partition, some would use two, some would use three, etc. but *nearly everyone* would have space which might or might not actually be a partition. I'm not sure how to prevent an adversary who could take multiple snapshots of the innermost partition from knowing whether its unused space got disturbed, but... – supercat Mar 02 '15 at 22:37
  • ...an adversary would have to examine the innermost "acknowledged" partition both before and after data was written to the secret partition to discover that it was used. – supercat Mar 02 '15 at 22:40
  • 2
    Many comments here are based on wrong assumptions. There is *not* any space "reserved" for the hidden volume. The outer volume looks and behaves in every respect as if the hidden volume is not present. In fact, it does not "know" anything about the hidden volume. That means, if the outer volume is filled, the inner volume will be overwritten and destroyed. The hidden volume, is (usually - not necessarily, either) created so that it is small in enough for the (prior existing) content of the outer volume not being overwritten. But if you add to the outer, then to the inner, that will also occur. – Nicolai Ehemann Sep 29 '16 at 09:16
  • To clarify: You can create a tc/vc container with a size of 10 GB, a 10 GB outer volume. You can put some small alibi files in there. Then you can create a 9.9GB inner volume, and fill it up with data. The outer volume will always look and behave as a 10GB volume with nearly 10 GB free space. – Nicolai Ehemann Sep 29 '16 at 09:20
19

You're wrong in your assumptions. There are many legal jurisdictions where you can be required to produce passwords for encrypted data on suspicion, rather than proof, that the data may be relevant to a criminal investigation. If you don't provide your password, you can be jailed. But if there's no encrypted volume visible, they don't know to do it. For example, the United Kingdom, under the Regulation of Investigatory Powers Act 2000.

Mike Scott
  • 10,118
  • 1
  • 27
  • 35
  • I see. But what about #2? The volume says 500mb is occupied, but the files only weight 300mb. Where's the extra 200mb? It's obvious that there is something hidden in there. – Jack Mar 01 '15 at 16:03
  • 10
    @Jack A deniable VeraCrypt volume is apparently just random data, with no indication that it's encrypted. It could equally well be an unused volume that has been put through a secure-erase process to write random data to it. You can see the space, but you can't tell that it's encrypted data. Furthermore, VeraCrypt volumes contain random data in their unused space. That random data can be a second hidden volume with a different password. After you've provided the first password for the visible volume, there's no way to tell if the unused space on it is a second volume or just unused space. – Mike Scott Mar 01 '15 at 16:07
  • I see then, that works. Just as I asked below, is there any other - more convenient - way to hide my data from anyone seeing it under any circumstances? Hidden volumes are mighty inconvenient. – Jack Mar 01 '15 at 16:13
  • 1
    If you want to hide your data from _anyone_ seeing it, physically destroy the drive it's stored on and scatter the fragments. Of course, you yourself are included in "anyone". If you want to stop anyone _except yourself_ from seeing it then deniable hidden volumes are probably the easiest way -- but don't forget your passwords. If you store them _anywhere_ then that's your weak link rather than the file encryption. – Mike Scott Mar 01 '15 at 16:16
  • How strong would a password for this have to be? I.e. 12-16 characters containing upper and lower case letters, symbols and numbers - would that be enough to properly protect it? – Jack Mar 01 '15 at 16:21
  • 9
    That's a separate question, and should be asked as such, not hidden down here in the comments. – Mike Scott Mar 01 '15 at 16:37
5

Your assumptions in 1 are just false in many places. In the US, you cannot be forced to hand over encryption keys. That is not generally the case; in the UK, the Regulation of Investigatory Powers Act makes it a criminal offense to not surrender encryption keys when asked. Assuming "just because they know I encrypt my data doesn't mean they think I'm breaking the law" is also misguided; someone who wants access to your data and sees it's encrypted may well think you have something to hide. Even when the law prohibits it, or if it's a criminal trying to access your data, you expose yourself to the $5 wrench attack: someone beats you with a wrench until you give them your password.

As for "no proof:" You forget that they can have some idea what it'll contain before looking at it; in fact, they often have a pretty good idea, because they know something about you. While it could have anything, no court in the world will be so stupid as to pretend that you've actually encrypted random files. In reality, this sort of thing happens all the time: police have some good reason to suspect they'll find evidence somewhere, and so they get a court order to look for it. In the US, you can get a search warrant on probable cause, which is way below the threshold to convict of a crime. The whole point of search warrants is to allow police to search something, when they have a decent idea that they'll find evidence of a crime there, even though they can't know for sure what's in it. Even in the US, the reason you can't be forced to disclose keys has nothing to do with "it could have anything in it" and everything to do with "that's self-incrimination." So the fact that an encrypted volume exists means people know where to look, plus some reason to suspect that you have evidence of a crime hidden somewhere, is a risk.

cpast
  • 7,223
  • 1
  • 29
  • 35
  • That may as well be an anonymous phonecall if you are say a blogger or a youtuber. But anyway, speaking of self-incrimination, there are people who simply like their privacy. I.e. in case someone breaks into their computer or steals it, they don't want personal documents to be seen or maybe they are writing a book or maybe they have some pictures they don't want to be seen or voice recordings or anything else. Personally, I wouldn't want anything to be seen by anyone, law or not. Are hidden volumes the only way to hide data from potentially prying eyes? They are quite inconvenient to use. – Jack Mar 01 '15 at 16:12
  • @Jack for privacy, simply proper encryption is enough. The only added benefit of hidden volumes is only to resist coercion (legal, physical, whatever) by adding some plausible deniability. – Peteris Mar 03 '15 at 09:05
  • @Peteris Well, most people seem to assume that privacy is your cousin peeking in. But what if you are say on YouTube or own a blog and post ideas that some people hate? If someone knows your identity, they may tip off the authorities, who in turn may ask you to reveal the data, even if you have nothing illegal there. The authorities would still see whatever the data is and they would have to examine it, which means my privacy would still be invaded. – Jack Mar 03 '15 at 09:42
2

You have to create a hidden volume for two related reasons.

  1. If you are arrested by the government and they suspect that some of the data in the encrypted volume is evidence, you can be forced to provide the password. Since TrueCrypt advertises its ability to create a hidden volume and encourages its use (and that's stating it mildly) the government is right to assume that a hidden volume exists and can force you to provide the key. If no hidden volume exists, the burden of proof rests with you: you have to somehow prove that despite everything you didn't create a hidden volume. So you have to make sure that such a volume exists, so you can provide the password. As a corollary, make sure it's an easy password and fill up the hidden volume so no empty space remains.
  2. Non-government attackers similarly will suspect the presence of a hidden volume. Not bound by rules and regulations, they will just beat you until you provide the password, so you better make sure there's a password to provide.
Jens Erat
  • 23,446
  • 12
  • 72
  • 96
Anonymous
  • 21
  • 1
  • "make sure it's an easy password and fill up the hidden volume so no empty space remains." -- or just fill up the outer volume to prove that no hidden volume exists. – Steve Jessop Mar 02 '15 at 00:47
  • 1
    "If no hidden volume exists, the burden of proof rests with you: you have to somehow prove that despite everything you didn't create a hidden volume." -- I call hogwash on that. There's no reason why the burden of proof would suddenly be on you to show that you do *not* a hidden volume. For a start, it would be impossible to prove this if it were true (unless the outer volume was full, but why would it be 100% full all of the time?). – Desty Mar 02 '15 at 10:26
  • @Desty Well, he has a point. To me it doesn't make sense that someone would ask me to disclose personal data with no tangible and factual proof that there is something wrong with it, but I understand how it makes sense legally. Same here - they have to assume that there is a hidden volume and if someone believes it bad enough, they can work you up pretty bad. However, I don't know what they could do if you keep denying it, assuming it's a legal procedure. Otherwise they can kill you of course, but if it's a legal procedure, they simply cannot prove it. – Jack Mar 02 '15 at 13:59
  • 1
    @Jack By analogy, consider if the police suspected you had hidden drugs in a certain location, but had no evidence to suggest that this was the case. If you *did* have drugs hidden there, it would of course not be in your interest to tell them anything, and if you did *not* have drugs hidden somewhere, then you can't prove that (not in practice, anyway). The advice here seems equivalent to telling people to hide an empty box in the one place you might otherwise hide drugs, then provide police with the location of the empty box to prove that you haven't hidden drugs... – Desty Mar 02 '15 at 14:38
  • 1
    @Jack The only real difference between that scenario and this one is that it seems like you can only have a maximum of *one* hidden volume, whereas there are almost infinitely many potential hiding places for drugs. So I do see the logic behind "filling" the one slot that *could* contain a hidden volume and showing that to the interrogators. Unless you can have as many hidden volumes as you like, in which case the advice is certainly useless :) – Desty Mar 02 '15 at 14:40
  • 1
    @Desty Indeed I see your point. Also - your post made me realize something unrelated to this, which, while you nor me could've been aware of beforehand, is a very interesting realization, so I'm voting your messages up. :) – Jack Mar 02 '15 at 15:56
0

Also in your comments about having to hand over passwords. You are wrong that act was over turned by the 11th circuit. Saying in that you do not have to provide passwords to law enforcement. I just defended a guy who was brought up on charges the police told him he had to provide the passwords becouse it was covered under the warrents I got it kicked on the 11th circuit opinion. The only thing you have to provide is passwords to get into files that are not encrypted.

user143250
  • 1
  • Wait what? you have to give passwords to files they have in plain text? Do you mean you do have to comply and log into a laptop for example? But do not have to provide a key to open a specific file? The hidden volume is still useful here before it goes to court because you want to show full co operation or you get arrested for 'talking back'. – daniel Mar 28 '17 at 09:40