The point is they don’t have to proof if a piece of random data is indeed an encrypted blob.
Imagine you passing border security and got selected for search. They found a piece of data on your device with high entropy without known headers in the wrong place. You can claim you know nothing about it, yet they can speculate the heck out of you. In more civil nations, you might got on to a watch list. In a more authoritive nations, they can just detain you.
They don’t have to prove you hiding something. The mere fact of you have that piece of high entroy data is a clue to them, and they have the power to make your life hard. Oh you said you deny them for a search? First congrats you still have a choice, and secondly that’s also a clue to them.
For more info, read cryptsetup FAQ section 5.2 paragraph 3, 5.18, and 5.21. It is written by Milan Brož who way more experienced than me on this matter.
I think you overvalue the skillset of border security. This may seem trivial to you but it’s uncommon to hire people trained to this level of competence and put them at every point of entry. A decent cybersecurity investigator needs a big salary.
That would probably happen if you were already a suspect of something or a high profile person and they moved in resources for you. No way border security is randomly sweeping for headers and entropy, they basically just look at it with the explorer and clone it, possibly using some software to scan for known security vulnerabilities to access encrypted parts. That would be a court ordered search or a high profile crime investigation, or maybe a really really unlucky day where the expert was already there for another reason, but the rest i agree.
Is it really though? I would assume there would be automated systems that can do 80% of the job. It can be as simple as a USB key holding a portable executable that can run and connect to a remote system and report back the findings which the officer can just read the report in plain English. Training, of course, is expensive and rarely do so, but automation can get somewhere close relatively inexpensive.
Sure but knowing nothing much of encryption. If they put you away for non-compliance and suspicion its probably less than what they could put you away for if they actually found the <whatever it is> file.
Like. I can cut the bags of coke and empty it into the ocean. They probably knew I had it, but not how much.
The point is they don’t have to proof if a piece of random data is indeed an encrypted blob.
But they do need to suspect it.
If they find an encrypted blob, ask for the decryption key, they decrypt the data and analyse the decrypted data, then they may not suspect that a different decryption key will reveal a different set of data.
You cannot differentiate between random data or encrypted data, when it is done right. That is one of the reasons why you should initialize an encrypted drive with random data beforehand
That scanner is simply looking for high entropy data, and then report to its operator. It wouldn’t care if it is a drive or a volume or a file. If the entropy is high, flag it.
All random data have high entropy, same for encrypted data. The officer can see you have high entropy data then start throwing questions at you.
This community need some understanting cryptography and its prctical use. Deniable encryption exists and does work on paper, but only on paper.
The point is they don’t have to proof if a piece of random data is indeed an encrypted blob.
Imagine you passing border security and got selected for search. They found a piece of data on your device with high entropy without known headers in the wrong place. You can claim you know nothing about it, yet they can speculate the heck out of you. In more civil nations, you might got on to a watch list. In a more authoritive nations, they can just detain you.
They don’t have to prove you hiding something. The mere fact of you have that piece of high entroy data is a clue to them, and they have the power to make your life hard. Oh you said you deny them for a search? First congrats you still have a choice, and secondly that’s also a clue to them.
For more info, read cryptsetup FAQ section 5.2 paragraph 3, 5.18, and 5.21. It is written by Milan Brož who way more experienced than me on this matter.
I think you overvalue the skillset of border security. This may seem trivial to you but it’s uncommon to hire people trained to this level of competence and put them at every point of entry. A decent cybersecurity investigator needs a big salary.
That would probably happen if you were already a suspect of something or a high profile person and they moved in resources for you. No way border security is randomly sweeping for headers and entropy, they basically just look at it with the explorer and clone it, possibly using some software to scan for known security vulnerabilities to access encrypted parts. That would be a court ordered search or a high profile crime investigation, or maybe a really really unlucky day where the expert was already there for another reason, but the rest i agree.
Is it really though? I would assume there would be automated systems that can do 80% of the job. It can be as simple as a USB key holding a portable executable that can run and connect to a remote system and report back the findings which the officer can just read the report in plain English. Training, of course, is expensive and rarely do so, but automation can get somewhere close relatively inexpensive.
Sure but knowing nothing much of encryption. If they put you away for non-compliance and suspicion its probably less than what they could put you away for if they actually found the <whatever it is> file.
Like. I can cut the bags of coke and empty it into the ocean. They probably knew I had it, but not how much.
But they do need to suspect it.
If they find an encrypted blob, ask for the decryption key, they decrypt the data and analyse the decrypted data, then they may not suspect that a different decryption key will reveal a different set of data.
The most relevant part is 5.18 and it only talks about partitions not files. A file can be way more easily hidden in a partition then a partition.
It is simply no hope aginst an automated scanner. No one search for files manually today.
You cannot differentiate between random data or encrypted data, when it is done right. That is one of the reasons why you should initialize an encrypted drive with random data beforehand
That scanner is simply looking for high entropy data, and then report to its operator. It wouldn’t care if it is a drive or a volume or a file. If the entropy is high, flag it.
All random data have high entropy, same for encrypted data. The officer can see you have high entropy data then start throwing questions at you.
This community need some understanting cryptography and its prctical use. Deniable encryption exists and does work on paper, but only on paper.
That is exactly what i said.
If random or deleted or fragmented or corrupted files will lead to me being questioned, then every data carrier will lead to a lotof questions.
Sorry. Data structures exists and uniformly random data is rare. Patterns still exists.
And deleted is a bad counter as deleted files won’t have a record in the file system.