Protecting private key on USB flash drive: how to?

Robert J. Hansen rjh at sixdemonbag.org
Fri May 9 19:56:51 CEST 2008


Arnaud Ongenae wrote:
> I just discover Truecrypt and there is a very interesting feature, the
> hidden volume (http://www.truecrypt.org/hiddenvolume.php) it could be
> good to use it for this case.

Depends on where you are and what you're doing.

I am not a fan of TrueCrypt's hidden volume feature, and I think most
people who are fans haven't thought things through.  Let's say that
you're visiting a repressive country.  For obvious reasons, you want to
put your personal data on a TrueCrypt drive.  You get arrested at the
airport because they think you're smuggling drugs in/working with the
rebels/an American spy/whatever.  You proceed to get the stuffing beat
out of you.

You're willing to divulge your secrets at this point, so you offer your
TrueCrypt password.  However, since you're not really an American spy/an
arms dealer/whatever, the data the interrogator is expecting to find
isn't there.

The interrogator demands you turn over the hidden volume.  You explain
there isn't one.  The interrogator demands you prove it.  You explain
that, by TrueCrypt's design, you can't.

The interrogator decides to keep on beating you until you decide to turn
over the (nonexistent) hidden volume.

Moral of the story: there are times when you very much want to prove
that you _don't_ have certain data.  TrueCrypt's design makes these
sorts of proofs impossible.




More information about the Gnupg-users mailing list