Posted Dec 2, 2011 0:02 UTC (Fri) by PaulWay (✭ supporter ✭, #45600)
Parent article: DM-Steg
I keep thinking: I'm sure these are clever and probably well-written attempts to give people deniably-encrypted storage, but is it really answering the problem? The very existence of random data on your hard disk is probably a sign to some organisations that you're hiding data - sure, you can tell them what the first aspects are but it's not going to get you off the hook. And when they realise that there's multiple possible aspects, they're going to apply pressure to get what they think you're hiding. Denying the existence of another level is like denying that the data is encrypted in the first place: it only satisfies people who believe you're innocent and only works where you can say "Right, I've divulged all my information, I can go now".
Even a system that works invisibly - it hides data steganographically in your existing files in such a way that you can't even be sure that the data is there - doesn't help if there's a known block device that provides access to that data. The evidence of crypto drivers on your machine is going to be enough to make you suspicious. Even a driver which itself is steganographic - a hidden, unpublished set of switches allow you to use it as a steganographic driver - isn't going to work if the source code is published, and even probably if it isn't.
The fundamental problem here is that once you're suspected it's impossible to prove your innocence. Any attempt can be seen as hiding your guilt. Even the existence of a perfectly clean file system with no suspicious random patches could be considered suspicious. Are we really protecting those people?
Maybe, though, it's good enough just to provide this kind of encryption for people like you and I who want to keep our emails private and our bank account details even more so.