> > First, I will do more research on this to see how they get around this.
> > BUT on first blush it seems like encrypted data will leave a "footprint"
> > if you will, it will have a different character to it then the "garbage"
> > around it.
>
> ...but on the topic of differentiating encrypted data from garbage
> data, it sounds like you might have meant to reply to my other thread
> about plausible deniability. Is that right?
Yes. Oh and my other problem was that if TrueCrypt can find the data
then another program should also be able to. And since the whole point
is to have "plausible deniablity" that would end it. But like I said
I'll keep looking into it.
The only footprint left by encrypted data in general is high entropy;
no file is more likely to contain fewer patterns than a file full of
securely encrypted data. Since having large files full of random data
is hard to explain away, TrueCrypt provides plausible deniability
through hidden volumes
Data from a hidden volume is stored inside the free space of a regular
TrueCrypt volume file or partition. In order to mount a hidden volume
for use, you must provide the hidden volume's passphrase. Then
TrueCrypt will go to the area of the file/partition where a hidden
volume's header would be stored if a hidden volume existed on the disk
and try to decrypt that area with the passphrase provided. If
TrueCrypt succeeds because there is a hidden volume and the passphrase
is correct, it will mount the hidden volume. If TrueCrypt fails, there
is no way for an adversary to tell if a bad passphrase was guessed for
the hidden volume or if there is no hidden volume at all.
Eric
|