twocrypt twocrypt provides a crypto tool with a deniable encryption option.
Download

twocrypt Ranking & Summary

twocrypt Tags

traditional traditional crypto deniable encryption subpoena proof twocrypt

twocrypt Description

twocrypt provides a crypto tool with a deniable encryption option. twocrypt provides a crypto tool with a deniable encryption option.twocrypt (2c) is a tool for the ultra-paranoid, providing a traditional crypto, but also an option of deniable (subpoena-proof) encryption. It encrypts one or two files at once.Each file can be recovered with its respective passphrase, but the presence of more than one file cannot be demonstrated, and the presence of this option alone should not be a credible argument for data hiding.2c2 is a simple symmetric file encryption utility. It comes with aninteresting optional feature - it is capable to embed an additional filewithin an encrypted data. This is done in a way that cannot be detectedwithout knowing the passphrase protecting the "hidden" file, even if thepassword for the primary file is disclosed. The design is such that thefact of using this method alone does not constitute a credible evidence ofdata hiding (IANALBMSUTDO). This kind of encryption is also called"subpoena-proof" or "deniable".There is some previous work in this area. There are two popular approaches,one is to throw away the encryption key, but store some information thatcan be used to recover the key with a considerable computation effort(several years or so). The concept seems to be risky for obvious reasons,and is also impractical if the data has to remain accessible before theprojected cracking date.The other approach is to have a number of containers protected with a number of passwords, of which some but not all might be encrypted data (rubberhose does that). I think it's needlessly complex, and usually applied to a storage such as a disk drive.As such, 2c would be the first tool to implement this functionality in areasonable and practical fasion, at least I think so.What's New in This Release:· It was possible to tell a two-file result from a single-file output,_statistically_. This does not mean the question can be answered for a particular archive, but single-file archives had a tendency to result in a slightly larger file, and if you have a number of 2c-protectedfiles for which the primary password has been obtained, it can betold how you use 2c. The reason for that was slightly broken compressed pad length logic.Severity: medium· As a cryptographic safeguard, the random pad stream now consists ofa random, compressed file of a random length, followed by true garbage.This is to mimick second file scenario more closely, so that if theencryption proves weaker than originally thought, and some statisticalproperties of a stream can be deduced, there's no exposure. Version1 always used a full-length compressed pad, which was silly in thatit's not that common to store perfectly-fit secondary files.Severity: hypotetical issue· In v1, random chunk would seldom get compressed, because the compressionalgorithm resorted to storing uncompressed data if compression would result in output bigger than input. This is not a flaw per se, butdefeats a minor safeguard intended to mimick a file that would oftenbe compressible. Now, encryption of all blocks is forced, even though it might be less efficient.Severity: hypotetical issue· Input blocks are now split randomly to avoid placing compressionheaders and other known structures at constant locations. This is justanother arbitrary safeguard for the algorithm.Severity: hypotetical issue· per James's suggestion, I added a counter to the PRNG generatorinternal state. This prevents a hypotetical (although *extremely*unlikely) generator stall scenario. This spectacularly breaks v1 compatibility, blame James ;-)Severity: low

twocrypt Related Software