How do I make a file self-destruct?

3

Does anyone know of an easy way to encrypt a file that deletes itself if I type in the false-password: oklahoma?

It would need to self-destruct only if I type oklahoma.

I would need it to decrypt if the correct password is entered: turtle

Any suggestions? Strong encryption preferred...

Alex Waters

Posted 2011-08-09T03:14:38.073

Reputation: 1 216

5

Obligatory: http://xkcd.com/538/

– trolle3000 – 2011-08-09T05:55:20.510

Answers

11

The data destruction tactic could be defeated if a backup copy is first made. As an alternative, you might be interested in Truecrypt's hidden volume feature. It offers two forms of plausible deniability:

  1. The encrypted data appears to be random noise, and thus cannot be proven to be a truecrypt volume.
  2. If you are forced into revealing your password (e.g. extortion), you could fake decryption of the volume without revealing the passkey of the hidden volume.

isuldor

Posted 2011-08-09T03:14:38.073

Reputation: 1 726

3This is a great answer (+1) because it also offers a solution (TrueCrypt's excellent "hidden volume" feature, which I have never tried but I know some people who have and apparently it works very well) after providing a correct explanation of how such a self-destructing solution can be defeated very easily. – Randolf Richardson – 2011-08-09T03:57:27.353

The hidden volume feature is great, but just to be clear on the "random noise", it is constructed so it cannot be proven to be encrypted data. It is often possible to show that it is statistically likely to be encrypted data. The wikipedia article on truecrypt amoungst others discusses this. – TimothyAWiseman – 2011-12-21T23:15:32.257

-1

You don't. Data is data.

If you need it to handle like it's not data you need to make it not be data. People facing this have come up with a couple of schemes:

It could work like a smartcard so it's a self-contained active device that can't be read (for duplication) and you can only negotiate with the device to give you temporary access. Then you could have anti-tampering tricks in it. Self-destruction on 'oklahoma' can be done by the gatekeeper logic.

It could be on-line or otherwise in a "trusted" place, and as before you'd need to negotiate temporary access to it. This means there isn't any access to the container. You'll need someone/something that provides the gatekeeping service for you. They should also guarantee that the data is destroyed on 'oklahoma'.

XTL

Posted 2011-08-09T03:14:38.073

Reputation: 190

Asked: 2011-08-09T03:14:38.073

Viewed: 6 970 times

Active: 2012-03-07T12:44:33.397