English 19-year-old jailed for refusal to disclose decryption key

Nicolas Williams Nicolas.Williams at oracle.com
Thu Oct 7 20:04:54 EDT 2010

On Thu, Oct 07, 2010 at 01:10:12PM -0400, Bernie Cosell wrote:
> I think you're not getting the trick here: with truecrypt's plausible 
> deniability hack you *CAN* give them the password and they *CAN* decrypt 
> the file [or filesystem].  BUT: it is a double encryption setup.  If you 
> use one password only some of it gets decrypted, if you use the other 
> password all of it is decrypted.  There's no way to tell if you used the 
> first password that you didn't decrypt everything.  So in theory you 
> could hide the nasty stuff behind the second passsword, a ton of innocent 
> stuff behind the first password and just give them the first password 
> when asked.  In practice, I dunno if it really works or will really let 
> you slide by.

There is no trick, not really.  If decryption results in plaintext much
shorter than the ciphertext -much shorter than can be explained by the
presence of a MAC- then it'd be fair to assume that you're pulling this
"trick".  The law could easily deal with this.

Plausible deniability with respect to crypto technology used is not
really any different than plausible deniability with respect to
knowledge of actual keys.  Moreover, possession of software that can do
"double encryption" could be considered probable cause that your files
are likely to be encrypted with it.

Repeat after me: cryptography cannot protect citizens from their states.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list