[Cryptography] Rubber-hose resistance?

Mon Dec 11 19:14:49 EST 2017

> On Nov 30, 2017, at 1:23 AM, Neuhaus Stephan (neut) <neut at zhaw.ch> wrote:
> 
> There is no such thing as plausible deniability.

Thank you for saying that. Usually, I'm the one who says that. Many times when someone says "plausible deniability" what they mean is "reasonable doubt." 

> Or rather, there is no such thing in the real world. For example, if you hand over your USB stick and the authorities find a TrueCrypt volume on it which, however, seems to contain only innocuous data, do you really think that the customs official will hand it back to you with a smile and a wink?
> 
> I’m not sure who it was, but on this very list a member posted a conversation they had with a customs official who essentially said that they *knew* that the whole purpose of TrueCrypt was to have a hidden volume with the true stash.

That was me. I had a wonderful conversation with a customs agent in New Zealand. I asked about TrueCrypt and he said, "Oh, we just ask you for the second password." I don't remember what I said afterwards, wanting to hear more, and there was a reply of, "Look, we don't look in your laptop just because you had an apple in your bag." (New Zealand has strict agricultural control, and if you do have contraband produce, it's something like a $200 instant fine.) I thought that was more telling than the first. The guy was telling me that he's got a job to do, and that involves stopping people who are going to overstay their welcome (they can and have refused people entry for not being able to show that they have a return ticket), people bringing in contraband, etc. If they want to look at your data, it's because they think that data is pertinent to *something*. If they find the equivalent of a suitcase that advertises as a feature that it has a false bottom, they're going to be intrigued as this indicates that whatever made them think they should be suspicious and probe more was right. And they're going to cut to the chase — show me the false bottom.

> 
> In your example, the page you link to says, “Since there is no way to prove that there is any wallet beyond the ones that you have admitted to, the “attacker” will have to be satisfied with the revealed ones.” This is of course not true. If they are truly determined, they’ll start removing fingernails until you reveal the true passphrase to them. And then they will probably remove the remaining ones too, just to make sure that there aren’t any other “true” passphrases.

To me, that goes more to my objection to so-called deniable encryption — that it presumes a threat model in which your adversary is stupid (they don't know or don't care about your false bottom) or good (they are willing to play by the apparent rules of the game as described, and even if they think you're cheating, they'll let you go if they can't prove it. An alternate scenario is that they'll play by rules that say you have to prove you're *not* cheating.

In the case of border agents anywhere, if you're not a citizen of their country, they don't have to let you in. They can deny you entry (in which case you have to go somewhere else, most likely the port of departure that brought you there), or they can keep you in the non-state area between countries indefinitely. 

> 
> On the page it also says, “[Turning passphrase entry off] creates an illusion that passphrases were never used in the first place — one cannot accuse you of having hidden wallets.” Of course one can. And, again, if one is determined, one will.

This advice is just silly. Of course they can accuse you of having hidden wallets. "Hey, I bet you have a hidden wallet!" In many instances, this is exactly what law enforcement does, to accuse someone of something to see what their reaction is.

> 
> It’s interesting that the page even shows the canonical XKCD, but without apparently realizing what it means. The whole point of the XKCD is that the attacker doesn’t have to prove or break anything: they can simply hit you over the head until you reveal what they want to hear.

The term "rubber hose cryptanalysis" was a term of art decades before XKCD.

	Jon