VeraCrypt and TrueCrypt plausible deniability - security flaw.
From this 3 minutes review you will know:
- Why VeraCrypt plausible deniability is dangerous for the Linux users.
- Why you should avoid to use hidden / inner volumes (plausible deniability) if you are the Linux user.
Why VeraCrypt plausible deniability is a fake.
Some presuppositions / legend:
- Outer volume - sensitive-looking files (data to reveal).
- Inner volume = hidden volume - really sensitive data.
- Plausible deniability = nobody can guess if there any hidden/inner volume.
- FS = filesystem.
- Let's assume that you want to create hidden / inner volume with really sensitive data.
- To create the hidden volume (a.k.a inner volume) you have to create the outer volume (by definition, this is just how it works).
It is impossible to create hidden/inner volume if the outer volume formatted as NON-FAT FS.
This is why when you want to create hidden volume you can NOT select FS type for the outer volume in the GUI.
This is why when you want to create hidden volume you can NOT select FS type for the outer volume in the GUI.
Bingo! Goal!
Thus, plausible deniability collapses here - If you are a Linux user and the outer volume formatted
as FAT - this is extremely implausible, so any fool (not even an IT experts) will confidently assume
the presence of a hidden volume.
This is all you need to know about plausible deniability in VeraCrypt / TrueCrypt.
as FAT - this is extremely implausible, so any fool (not even an IT experts) will confidently assume
the presence of a hidden volume.
This is all you need to know about plausible deniability in VeraCrypt / TrueCrypt.
If your are the Linux user you may want to keep file attributes (like mode, ownership etc) on outer volume
but the FAT FS lack of it.
The obvious choice for the Linux user is to create outer volume with the EXT or XFS or the other Linux-like FS type.
but the FAT FS lack of it.
The obvious choice for the Linux user is to create outer volume with the EXT or XFS or the other Linux-like FS type.
Vendor was informed, but no action taken.
Little more details.
Even worse.
The situation is complicated by the fact that we can create any linux-like FS types (any FS type) for the outer volume.
Any FS type will work OK for the outer volume if there is no hidden volume ;)
Knowing this, you can decide for sure whether a hidden volume exists.
You can create Linux-like FS for outer volume with the regular GUI or with the CLI command:
The situation is complicated by the fact that we can create any linux-like FS types (any FS type) for the outer volume.
Any FS type will work OK for the outer volume if there is no hidden volume ;)
Knowing this, you can decide for sure whether a hidden volume exists.
veracrypt --text --volume-type='normal' --filesystem='ext3' ..