Encryption plausible deniability
Hello, I have an idea that could easily help with plausible deniability when it comes to encryption in Tails.
In Tails there is an option to create a volume and encrypt it. The problem is that in most countries (USA and UK in particular) you have to disclose the password otherwise you are automatically guilty and you get an even longer sentence. There are lots of different examples where your adversary will try to make you decrypt a volume.
My solution: When Tails is started it should ask the user if they want to save files or not. If the user does not wish to save files then it will still create a place to store files and encrypt with a totally random password (perhaps using CryptGenRandom from the Win32API on windows). However, if the user does want to store files, instead of a random password being generated the user enters their own password.
This way if your adversary tries to force you to decrypt the volume created during Tails usage at least you have plausible deniability to state that you did not enter a password as you did not want to save files after reboot, this means that you will not know the password as the computer randomly generated a password to temporarily encrypt the volume.
There is no way the adversary can prove you know the password as they cannot prove you entered your own password to encrypt/decrypt the volume when you started Tails. For all they know it might be a randomly generated password for a temporary volume that the user will not have the password for.
You might have to adapt this idea a little to make it work, but I hope you get the general idea.
If you think this is worthwhile I hope I will have my name added to the credits in some way, as it would seriously help being added on to my resume when applying for a job as it shows I have been a part of this great project.
Related issues
- Is duplicate of #5929
Original created by @colas on 7630 (Redmine)