Introducing Blockcrypt, an encryption scheme with plausible deniability by design
HTML-код
- Опубликовано: 25 окт 2022
- In this episode, we explore Blockcrypt, an encryption scheme with plausible deniability by design.
==============================
SUGGESTED
==============================
How to back up and encrypt data using rsync and VeraCrypt on macOS (see change log) 👉 • How to back up and enc...
More on rsync and VeraCrypt backups on macOS and introducing the privacy guides docs 👉 • More on rsync and Vera...
==============================
LINKS
==============================
Blockcrypt (please star repo) 👉 github.com/sunknudsen/blockcrypt
Superbacked (join waiting list) 👉 superbacked.com/
I haven't seen the Sun for weeks.
Glad to see you back!
Happy to be back!
Seems like a really cool tool for keeping things secure without what you're securing being obvious. I've written a couple of steg tools in python that use the LSB method to hide encrypted information. You can hide messages, code, programs, files... whatever you want (as long as you use an image with enough pixels to accommodate the load, of course ha ha).
Great content on your channel and you've got a new subscriber who will be following the Superbacked journey and I wish you all the best!
Welcome back; good to see you again on RUclips 🤩
Brilliant! It’s even more than what I was hoping for! Also happy to see you being able to market your passion! Best of luck!
Glad you're back. I been thinking about where you've been and what happened to your projects.
Cool to see you back! Have you considered hashing the 4 words, taking that hash and doing modulo the length of the buffer to find the offset of the header, then decrypt the header from there, wrapping around the end of the blob if necessary? You do risk having headers colliding with each other (hence making some combination of passwords/decoy passwords invalid), but the upside is that adversaries have to try to decrypt from every byte/bit-offset in the blob instead of just the 4 fixed header-offsets, granting a larger search space. Hope the advisor from Palantir is treating you well. :)
Hey Chris, interesting feedback. I actually started project by using a similar scheme without headers… and as a result, one had to parse bytes byte by byte until ciphertext could be deciphered (granted valid passphrase was supplied). This ended up being a pretty slow scheme… the larger the block size, the slower it got. Later versions of scheme provided a needle (see github.com/sunknudsen/blockcrypt/blob/6281a2ce6b5986076179fc823e8fe20bb9159859/src/index.ts) one could memorize to speed things up. My understanding is that such a scheme adds some level of security by obscurity but little in the context of plausible deniability. With current scheme, if an attacker does not know passphrase, I believe it is “almost” impossible for attacker to know if slots 2-4 are used yielding what one could argue is an identical level of plausible deniability but significantly greater user experience given speed. What do you think?
Glad to have you back Sun. I'm been waiting like 2 months ish from you man. I suggest making videos like how to run your business(LLC) like a ghost in a legal way or how to use the laws to mask our identity like making aliases that will hide your assets, setup offshore accounts, or create aliases for your banks. I know your videos focus more on like in technical way but still I really love it Sun. #1 supporter here🖐️🖐️🖐️
wow! i cant wait to try it out!!
Happy to See you doing well but i just wanna ask how much will it cost?
Hey, not sure yet, but likely around 99USD for people having joined waiting list.
Interesting algorithm, but I have a few notes.
I feel like the deniability is a lot less plausible if you simply use 3 data slots while only having about 50% of the volume available to the main slot. That makes it a really really bad and inefficient scheme for not using hidden volumes. What you considered a disadvantage with the hidden volume being overlapped by main volume is actually part of what makes veracypts deniability plausible. The reason why it works for truecrypt and veracrypt is that most people actually don't use hidden volumes and in that case the first volume spans over the whole data. If someone does use a hidden volume, the main volume still spans all of the data, including the hidden volume.
Imo the fact that your scheme is solely built around plausible deniability makes it a lot less plausible to deny. Veracrypt / Truecrypt is mostly used without hidden volumes, while yours is really not optimal for the usage without hidden volumes.
Also I don't get the argument against veracrypt "being software based and generating binary files". Your scheme is obviously also software based and also produces binary output. Any binary data can be printed as QR Codes or in any other binary to text encoding like hex or base64.
Actually in your usecase (backing the data up on paper) there isn't even a case where you would add data that could overwrite a hidden volume, as it will get printed to non-editable paper anyways. You don't edit the paper, you print a new one and that can simply be newly generated each time from the previous data if something needs to change
Hey, great feedback! I believe the plausible deniability comes from the fact most users of Blockcrypt (when used as a cryptographic fundamental in Superbacked or any other implementation) will not use the extra space (same idea as VeraCrypt). About being software based… good point. Both are obviously software based. What I was trying to say is Blockcrypt generates a JavaScript object with is very easy to translate to JSON and print. Btw, I love VeraCrypt… That said, VeraCrypt requires a file system… in other worlds, it has some overhead that, I believe, is not required in the context of paper backups.
@@sunknudsen Good point. I would also guess that in a legal setting the deniability is still valid. That being said, I would probably break both of your legs before believing that you don't use the free space if I was a bad actor attacking you in person :)
Unfortunately, no app can solve for that one.
Yoooooo so cool to see you back man. Will try and contact one of my uni professors and see if he can give this a look. Also one last thing... define "soon" hahahah
Hey, glad to be back! “Will try and contact one of my uni professors” That would be amazing! Thanks so much for helping out.
@@sunknudsen Hi mate, I didn't forget about you. Sadly I don't have good news... I showed the video to my professor, he told that after watching it several times, he doesn't see any big problem with the tech but (here comes the but) he also told me that this wasn't his area of expertise. So yeah, I don't think his feedback is not very helpful.
This is vonu af!
Your superbacked website has a glaring spelling error. It should be “lose” not “loose” in that first line that says “don’t loose your”.
OMG, thanks for reporting this. Fixed!
Quality not Quantity
Can you have plausible deniability if you're using an encryption scheme for which the main selling point is plausible deniability? I always thought it was more likely to make the adversary keep beating you even after you've given up all of your keys. 😂
Kevin mitnik
I don't get it, why do you use paper to store this? Why not steel or titanium?
You need to find a metal sheet steel printer
Algorithm.
Super backed NOT open source? RED FLAG. The only exception the crypto community accepts is a closed source secure element chip
If this comes in at affordable price (maybe one time fee) then using Superbacked would be the first thing I will do!!
Hello... hello from Brazil, I came across your project in a post on Privacyguide, very interesting, I'm going to test it.
Another subscriber to your channel.
See you soon.
>iamcais<
⚡🇧🇷
Hey, welcome to the privacy guides community!