Slashdot Mirror

You mean like Rubberhose?

(Seems down, see archive.org copy.) And i just noticed that /. breaks on archive.org urls, hence the tinyurl.

Rubberhose was a plausibly-deniable disk encryption system which allowed you to create 2 distinct encrypted file systems which occupied the same disk space.

One would be the decoy and have harmless boring info, the other would be the "real" file system.

If you were compelled to give up the passphrase to the filesystem, you could give up the decoy passphrase.

The implementation was tricky, because neither file system could "know" about the other, otherwise, an enemy would know you were hiding the "real" file system and could imprison or torture you into giving up the passphrase.

Since the stakes were high, Rubberhose had features to thwart forensic disk-surface analysis. A percentage of disk blocks from both file systems would be randomly repositioned on the drive, to ensure that the more heavily used "real" file system didn't stand out in any statistical way.

I'd love to see something similar revived.

-Sean

Valid point, but doesn't apply if I'm using an OS that has any sort of protection (i.e., they'd have to be root to install anything) or if I use a laptop that I take with me everywhere (or possibly put in a safe).

I thought rubber hose cryptography was pretty cool, but the link I visited seems to be down (or the project is now defunct: http://www.rubberhose.org/) Anyone know what happened to the project? Whatever--thanks to the wayback machine for this link. Briefly,

Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.

Written by Julian Assange, Ralf P. Weinmann and Suelette Dreyfus, Rubberhose is currently available for Linux 2.2. Userland daemons and tools are highly portable. NetBSD & FreeBSD kernel modules are nearing completion.

I guess I should be more precise, since it seems "rubber hose cryptology" is the process of beating someone with a hose until they give you the key. But the project had the goal of plausible deniability. It was impossible to determine how many encrypted objects were on a disk, so you could have a decoy encrypted message in case someone did beat the crap out of you.

Of course, removable media themselves are a good way to avoid a keylogger program. Go to some public terminal, plug in your USB drive, and you're set. The feds can't possibly install keyloggers on all public terminals, or sift the wheat from the chaff if they did collect that much info.

The FBI cannot make any person provide testimony which would be self-incriminating. If person A has been trading kiddie porn on Kazaa, they cannot make person B turn over the encryption key to the ZIP file that contains all of the kiddie porn he downloaded from person A.

Can you cite any relevant laws or cases?

The cryptonomicon FAQ states that this issue is still undecided. (see 10.3.4) Although I believe that page is quite old.

There seem to be a lot of issues here. My current understanding is that you should not expect to keep you encryption key secret.
This is mainly because a judge might hold you in contemp of court indefinately, until you gave them your key.

There seems to be a discussion of this very subject in Risks digest as well.

So far the only info I've ever heard on the subject is mere speculation.

Here's another discussion of the topic on the Rubberhose website (an encryotion scheme which offers deniable encryption).
It's by far the best discussion of the subject I've seen, but even this (with its 159 footnotes) refuses to make a conclusive judgement on the topic. It states what the courts "should" do, but wouldn't do me much good in a jail cell. It's seems like the privacy of your crypto key is quite debatable.

IANAL, but I am quite interested in this topic, and AFAIK the issue is still up in the air.

if your hard-drive is filled with what appears to be random garbage, but contains multiple encrypted slices (that cannot be detected without their respective magic keys)... there is an open source project that does this (i forget the name)

Rubberhose

Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.

Written by Julian Assange, Ralf P. Weinmann and Suelette Dreyfus, Rubberhose is currently available for Linux 2.2. Userland daemons and tools are highly portable. NetBSD & FreeBSD kernel modules are nearing completion.

Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.

Written by Julian Assange, Ralf P. Weinmann and Suelette Dreyfus, Rubberhose is currently available for Linux 2.2. Userland daemons and tools are highly portable. NetBSD & FreeBSD kernel modules are nearing completion.

Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.

Written by Julian Assange, Ralf P. Weinmann and Suelette Dreyfus, Rubberhose is currently available for Linux 2.2. Userland daemons and tools are highly portable. NetBSD & FreeBSD kernel modules are nearing completion.

of the American Constitution requires that no person "shall be compelled in any criminal case to be a witness against himself."

In a 1996 paper Greg S. Sergienko explains that in America, the Fifth Amendment would give a suspect the right to refuse handing over encryption keys.

I agree with that analysis.

Therefore, I think that any legislation based on Article 19 of the Cybercrime Treaty would only enable law enforcement authorities to request encryption keys from third parties who run no risk to be prosecuted themselves. Article 19 should not be constructed as requiring self-incrimination.

http://www.rubberhose.org/

See http://www.rubberhose.org/. It's out there for, say, human-rights investigators to help keep them alive if they're captured by the nasty people they investigate.

...is if it included an actually USEFUL form of steganography, like the steganographic/encrypted filesystem Rubberhose, which is related in spirit to good old stegfs.

Unfortunately both of these are too old and crufty to have support beyond linux 2.2... implementing 2.6 support or freebsd or openbsd support might be interesting.

Why do we get articles about tools that are what? 3 years old?

There is enough new and interesting (and better) stuff around. For example, rubberhose would've been much more interesting to read about.

I stumbled across the page a feew weeks ago and found it intresting, but it seemed abandoned. (Availible to linux kernel 2.2 etc). Altso the page has disappered, google cache.

Has anybody tried to use robberhose, any experiense to share?

They should start using Rubberhose. Basically, you have a partition that looks like it's filled with random data, but give a password, and you see some files, give another password, and there are other files, and so on, but the KGB agents won't know if there's still another cache of data hidden in there or if that really was all of it, and the rest is really just garbage.

The encryption algorithm is stored on a flash-rom so it can be changed if the method is broken.

Feel free to implement it and make all the money in the world. I'm too lazy for that. I just like to come up with great ideas and give them away.

What's next? A HOWTO on setting up an encrypted file system for our child porn?

rubberhose would be a good piece of software for this. Bestcrypt containers are also good for plausible deniability. Freenet or GNUnet are the way to go for distributing it.

This reminds me of my old old old PC from 1990 (An old Apricot Qi) which came with what was quaintly termed 'Apricot LOC Technology'.
The hard disks were encrypted in hardware even back then. Also, there was no reliance on any USB dongle to just get the disk unencrypted.
LOC tech worked by the user having an IR transmitting card which authenticated you to the machine. If it was in secure mode, you had to transmit from your card (encrypted transmission.. No copying the transmission and replaying), which then gave you the login screen for your user (this is the first point the keyboard unlocked).
You enter the password and it lets you use the system.
The encryption was independant of OS. This was damn cool 'paranoid' gear. It won me a few contract jobs on the basis that nobody else could get into the machine apart from me, and a couple of my clients at the time were pretty much requiring security and confidentiality.
Nice for the single user PC where you really don't want someone else turning it on and reading your email.
Still, I'd much prefer to use something that can be used to hold differently available data depending on the user.. The day they put rubberhose in hardware, I think they'll really have a winner...
Still, it seems odd they they are trying to hype tech that's a cutdown version of 13 year old tech as something new and revolutionary..

Malk

While the ABIT 40bit DES version is good for simple security to keep people off the computer, for free its a nice add on. Enova has those nice 192bit Triple DES cards or Bay slots that look more upto the task.

I think if I was really paranoid, I'd setup something like the following.

Linux server running Rubberhose encrypted filesystem with Enova's 192bit triple DES secure bay kit.

Then on your PC using PGPDisk or Bestcrypt volume on a SMB share over IPSEC and maybe even with Stunnel. (Or multiple PC's in a client/server setup)

Then for backups, It seems you could do a simple dd to a tape drive. Too many encryption layers on the backup to restore without the proper settings and software. Should be pretty safe.

Pretty much all simple software thats easy to use, and wouldnt take too much setup. Just need a way to have the Enova's keys use timebased passphrases, and I'd feel it was secure enough.

On 1 single pc, rubberhose+bestcrypt would be my choice.

This is a bit offtopic, but I think it's valuable for anyone wanting to know about encryption - really GOOD encryption when someone's life/freedom may be on the line.

One of the biggest problems with regards to encryption (aside from snakeoil salesmen) is that if someone suspects/knows you're using encryption, they're going to try and get the key out of you. Either by legal means like locking you away in a hole for years until you make with the key, or just resorting to good old fashioned torture to make you cough up the info. Neither option is particularly appealing, so a rather smart solution to the problem was devloped.

Naturally, it's called "Rubberhose" (The website)

The gist of it is that you make a large container file (say, 1gb for example). Inside that container file, are many smaller container files, each one having their own encryption key. You'd have one container with moderate-level stuff that you could "give up" if forced, and another container with the "real good stuff" that you'd get imprisoned/killed if the badguys discovered it.

The interesting way that it works is that in order to get access to the "real good stuff", you need to input the keys to all of the other containers to both decrypt the containers in question, and to fully map the filesystem. No container knows about any other container, nor where it's data is stored inside the 1gb file. Of course the data isn't stored in contigious blocks, and the containers could be fragmented into millions of pieces interwoven with eachother. It's also impossible to "prove" by any means that another container even exists.

So you can open any container and see the info inside it, but all of the containers appear to utilize the entire 1gb of storage space. You never know that anything other than empty space exists in the drive.

It's kind of complex, and I may not have explained it all that well, so before jumping on me, please read up at the website.

It's absolutely elegant, although perhaps not currently easy enough to be utilized by the masses. Still, if I was going into hostile territory, this would be the first thing I got operational on my portable equipment.

N.

You could even encrypt the music directory on your hardrive with a stenographic plausible deniability app like rubberhose, bestcrypt etc. So even if they get a warrant (or buy a law to gain access to all computers) to search your computer they will find nothing. Although you have to be careful to not just delete but to do enough random overwrites to the original data, preferably from one of the newer ultra high aureal density PRML drives (60 or 80 GB/platter). It is extremely difficult to recover ghost data from these newer drives, especially after it's been overwritten 30 times with (pseudo)random data.

"Of course a simple search of *his HD would prove otherwise."

http://www.rubberhose.org/

"Sadly, in the UK, there is a law specific to encrypted data that places the burden of proof on you. If you forget the key to some encrypted data that the government decides it wants to read, you can go to jail."

Marutukku or plain old destruction

Does anyone else find it worrying that a privacy system designed to withstand people being tortured is of most use in the UK?

"In the case of encryption, you're just going to rot13 in jail until you give the key up."

Best make sure you've got a key that you can give up then...

So what you're after is this

This analysis suggests that compelling the production of crypto keys wouldn't be interpreted as contrary to the fifth amendment. I found it at the Rubberhose site another reply mentioned. (Rubberhose looks interesting, but for the uses they're describing, like human rights workers, being caught with the executables might be worse than being caught with the data one's opponents are looking for!)

That's why you encrypt in such a way that you can give them a password and it will decrypt some things, but it still won't decrypt the "interesting stuff", whatever that may be in your case.

See Rubberhose for one possible implementation of this idea.

Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.

People interested in this might also be interested in the rubberhose project.

From the homepage:

"Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanisms, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST."

Hydan doesn't give you any deniability, does it? I just read the artice; I haven't tried the program, but if you use a well-known method of embedding info, it's not very steganographic anymore. The bad guys can just run hydan on your executables and see what comes out.

If you want deniability even in the face of torture, you want rubber hose crypto. You might also want to use an authentication method more complicated than a password, so they'll have to torture you in the computer room instead of the dungeon, and they can't break your fingers or damage your higher brain functions.

One word.

Rubberhose.

Good point.

I counter with the aptly-named Rubberhose deniable crypto system. :)

There's an excellent system called rubberhose that solves the problem of 'rubber hose' cryptography (ie. beating the key out of someone.)

You give it a certain amount of space to play with and then can encrypt "aspects", sets of files, to it. Each aspect is protected with a passphrase and there isn't any way to show how many or few there are. If tortured, the user has no way to prove they've given up all the keys - making it possible for them to hold out.

It's also possible to use it to give people some information and limit disclosure - the documentation has an excellent example using safehouses.

Julian (quoted in the update) is one of the authors of the incredible Rubberhose filesystem (rubberhose.org). Wish a better hacker could port this thing to 2.4!

No, Rubberhose is much better. They can't even prove you're hiding anything.

Just use rubberhose with a wireless receiver...

Try this link. It allows for hiding partitions and for encryption.

http://www.rubberhose.org/

Cheers

However, experience with alarm systems shows that accidental use of duress passwords is much too common among civlians!

But a duress password for a mail server, as you suggest, would be a good idea whether it's hosted at HavenCo or not. The problem is that if it were part of a well-known commercial product, once the adversary was aware that such a product was in use, there wouldn't be time to use the duress password--armed men would storm into the server room, copy the disk bit-for-bit, and the guy with the keys would be in jail for contempt until the prosecution's (or other adversary's) forensic analyst could verify he had both passwords. Same idea goes for personal encryption systems.

A file system encryption program that implements this idea deniably is Rubberhose. Unfortunately, I think the name is apt, because if nothing substantially incriminating were found on a machine running it, law enforcement (or other adversary's) assumption would be that there's another layer that a little more pressure (or pain) would cause the user to give up the next password.

The key would be to find a product that can be used without leaving a sign that the user is using anything but innocent (and perhaps appropriately backdoored) commercial products. I have yet to run across anything like this.

Jedidiah
--

It's called deniable cryptography.

From the website (for the lazy or bandwidth impaired):

Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.

Currently alpha, but has a cool graphic, cool idea and cool name :)

Worrying about wiping isn't as big of a deal if you make the data indecipherable in the first place. :-) Check out rubberhose for more information: Basically an encrypted file system that's free and gives deniability. Who cares about file echoes when they're all chaos?

the product was rubberhose maybe?

It's not that easy. See these quotes from the guide.

"You can only safely write to the diskette or other data storage device with Rubberhose if you know all the passphrases. If you try to write to the disk without first decrypting the entire disk, you risk overwriting information stored in some other encrypted portion."

"it breaks up the pieces of the 400MB encrypted portion into tiny pieces and scatters them across the entire 1GB drive. This is done in a random manner, so the bits of data can not be tracked and re-assembled by an adversary. When you decrypt that 400MB section, it will look as though it is actually 1GB in size, with 600MB free space. This structure is how Rubberhose hides the existence of data in the remaining portion of the disk."

Someone help me, I read the great 12-page introduction to Rubberhose, but I cannot figure out how to reconcile ''An aspect doesn't know about the other aspects'' (paraphrasing) and the way blocks are spread over the disk, with no collisions(? or collisions that are resolved) between aspects (that is, only one aspect may own a block).

Or restated; if the aspects doesn't know about each other, then how can they avoid interfering with each other?

One dosage of Enlightenment requested.

The Rubberhose encrypted filesystem might be more suitable for individuals.

Read about it at www.rubberhose.org. It's primary feature is deniability, (from their web page)

Rubberhose is a computer program which both transparently encrypts data on a storage device, such as a hard drive, and allows you to hide that encrypted data. Unlike conventional disk encryption systems, Rubberhose is the first successful, freely available, practical program of deniable cryptography in the world. It was released in an earlier form in 1997, but has undergone significant changes since that time. The design goal has been to make Rubberhose the most efficient conventional disk encryption system, while also offering the new feature of information hiding.

Encrypted filesystems are useless without deniability. Rubberhose gives you that: http://www.rubberhose.org

Here you go, enjoy -

Rubberhose

This is where Rubberhose comes in. Never thought I'd need it in America....

-Legion