I see two possibilities for plausible deniability1. A fully encrypted device, no hidden volume. You can simply claim the device was securely wiped with random data.2. A fully encrypted device with a hidden volume. You give them the decoy password.In scenario #1 the plausible deniability is good but they might say you're refusing to give a password. In scenario #2 they can't say you've refused to give a password, so you look better in that sense, however you've disclosed that you're using veracrypt and now they can suspect a hidden volume. They could accuse you of not disclosing the hidden password, but on what basis? But then on what basis can they say you're refusing to give a password in scenario #1? I think in scenario #1 it's easier to portray you as uncooperative, while in scenario #2 it's a bit harder, since you did at least disclose something. It seems like a delicate balance.Another possibility I could see is that the presence of pseudorandom data nullifies plausible deniability off the bat. The only way to truly prove your device has nothing on it is if it's very low entropy, i.e. just straight 0s or 1s or other low entropy patterns. I'm not sure if any countries have taken this stance. In this scenario, #2 is the only route for some plausible deniability.
counter argument: feds dont care. They will manufacture evidence and get you. In fact, they don't even need to do that. They can just get you and figure out the rest later>>108000000
>>1080000113. You go out with a bang or rot in prison anyway that is if you already know you're a high profile liability.
True/Vera leak key to ram so no matter what you do its pointless already
>>108000074Non-system containers have their keys wiped from RAM immediately after dismounting. Anyway, in this scenario, it's assumed you had proper opsec and they were not able to get the keys from RAM.
>>108000011>hidden volumeNo such thing.
>>108000106Instead of leaking key to ram you could use something that just doesn't do that, like using a ftpm 2.0 with luks/dmcrypt.Also you won't have time to properly unmount (like pirate robert) and even if you pull the plug they can extract key from ram (cold boot attack). So just don't use unsecure shit on the first place.
>>108000106That apply to system and non system drives, true/vera is shithttps://youtube.com/watch?v=Ej-Nr79bVjg
>>108000011>feds look at the drive>says it's 1TB>look inside>the volume is only ~500gb>"yup, nothing's hidden there"
>>108000168It all boils down to the cost of freedom. That's the currency the feds deal in.
>>108000124>>108000155It's a rather old video, Veracrypt does have some mitigations against cold boot attacks. I am interested what Veracrypt's behaviour is if an encrypted USB is yanked out, whether it wipes the keys from RAM.I'm also a bit skeptical of this tpm's effectiveness, since even iPhones struggle against exploitation after they are unlocked. And finally this is about plausible deniability. LUKS has none while Veracrypt does.>>108000168The volume will appear to be the full size unless you put both passwords to protect the hidden volume.
>>108000251>I'm also a bit skeptical of this tpm's effectivenesslol>iPhones struggle against exploitation after they are unlocked. LOL>And finally this is about plausible deniability. LUKS has none while Veracrypt does.LMAO
>>108000258What? GrapheneOS dev says TPM is garbage and iPhones generally have good security while desktop Linux doesn't. And saying le lmao doesn't negate the fact that LUKS has no plausible deniability.
>>108000269Also from what I am seeing, TPM does not even keep the encryption keys out of RAM?
>>108000011>But then on what basis can they say you're refusing to give a password in scenario #1?Because it's not _plausible_ for your laptop to be unable to boot because you walk around with a completely wiped drive in it. I'd say it's more likely than not that nobody is going to only use half their drive, and that anyone schizo enough to go with VeraCrypt isn't going to NOT use a 2nd volume, but it's at least _plausible_. I've read a bit that VeraCrypt somehow masks this by still appearing to use the full volume, but I can't see how that's truly hidden unless it has 0 data loss protections when booted into "unhidden" mode.But, in the end, it doesn't matter because fpbp >>108000028
>>108000011if there's a warrant out for your arrest and you claim scenario A to the police they'll just slap destruction of evidence onto your case and you're almost guaranteed to go to jailthe correct thing to do in every case is if you truly are in the situation where the police take you into custody and seize your computers you shut the fuck up, ask for a lawyer, and you dont say or admit to shit almost all criminals get caught because they are incapable of shutting the fuck up and dont ask for a lawyer
>>108000338I should've clarified, the encrypted device is an external device such as a USB drive.>but I can't see how that's truly hidden unless it has 0 data loss protections when booted into "unhidden" mode.That is exactly how it works. If you don't enter both passwords in the mount options, you are risking data loss on the hidden volume.
>>108000351>the encrypted device is an external device such as a USB drive.If it's some USB drive found in a pile of other USB drives, PERHAPS it's plausible that it's "randomized", if it's on your person, not really. IMHO the most likely situation of any storage device that appears randomized IS that it is encrypted. A fresh drive will be zeroed, a non-encrypted one will be obvious, a corrupted one will have remnants of a filesystem, and a reformatted one will have a live fs and remnants. The ONLY non-encrypted scenario is someone wiping the drive by filling it with random rather than 0s, which is unnecessary but still a protocol for some drive resellers. There's no real situation where a drive is uniformly random unintentionally.>That is exactly how it works.Well that's good then. I'm assuming entering both passwords then lets you use the "fake" volume safely to generate normal usage data on it so it doesn't look like a clean, sterile, install when you're forced to show it.
>>108000011>but on what basis?"Your honor, drive is 500GB but the partition is 250."
It depends on the volume of material you wish to hide. But if you were really paranoid you could have a single encrypted partition then hide your actual secrets in various files e.g. salting them in the complete Seinfeld collection or some shit. If you actually need to hide many gigabytes of super secret material on your laptop then reconsider your life choices and seek Jesus immediately.
>>108000011if feds raid your home the best option is to fight to the death. if you are captured alive you will be tortured til you are physically or mentally disabled. if the data itself is worth more than your life, consider burying an encrypted microsd in the forest or something
>>108000338>I'd say it's more likely than not that nobody is going to only use half their driveIs now the time to point out I initially formatted the SSD in here to 50% it's listed capacity?My idea was wear levelling will eat the unpartitioned anyway, and double the lifespan of the device... I'll accept I'm not "normal"....
>>108000011A regular volume with a hidden volume in it.
>>108000011VC somehow must prevent overwriting of the hidden volume in normal operation. so the feds will>copy the whole drive on a block level>mount the drive with the decoy password>write to the decoy volume>if they can't write the whole volume, there is a hidden volume
>>108000288Tpm2.0 does
