Decoy data

RichardPayne
RichardPayne
Community Member

@brenty's comment in another thread made me think:

you will be the weak link here: either due to a bad Master Password, or a guy with a wrench that is able to, well...wrench it from you.

TrueCrypt has a decoy mode. The idea is you have two passwords. Input the normal one and you get all your normal data. Input the decoy password and you get a load of dummy, but realistic data.

Then, if someone tries to coerce you into revealing the password you can just give them the decoy password and not risk revealing your true data.

Is it possible for 1Password's encrypted .1password file to use a system similar to Truecrypt's?

Comments

  • MrC
    MrC
    Volunteer Moderator

    This seems goofy. Any would-be-wrench-wielder with even some partial grey matter might consider testing the data before fleeing the scene. Just saying.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited August 2015

    I think it's a cool idea, but I think it's worth considering who the target of the decoy might be. I feel like someone savvy enough to go after TrueCrypt (or 1Password) data and get the "decoy password" should also be aware of said decoy feature. This would certainly thwart a novice who's none the wiser that s/he might be getting duped...but would this dupe really be able to get that far in the first place?

    I'd be interested to hear different scenarios though, since there may well be something I'm not considering. I guess I my mind I imagine an attacker targeting me and my data, getting the "decoy password", getting really p•••ed off, giving up on my data entirely, and instead resolving to focus on f•••ing me up any way they can — DDoSing, wiping, or physically assaulting me — as retribution.

    With all the lengths we go to to protect our data, I feel like sometimes we forget that there are even greater threats to our security and safety, especially in this age of doxxing and stalking. How's that for paranoia? :fearful:

  • MrC
    MrC
    Volunteer Moderator

    Well, this is Solution to a Mythical Problem posed a Mythical Attacker. In what Universe does this scenario exist, other than television or the movies? Sure, it could happen, but does it to any extant worth worrying about? Maybe that's what you were saying...

    About the whole coercion thing, and having the presence of mind to try to outsmart someone at their game, while under extreme duress or threat of violence. Forget it. Most if us will quiver, wet our pants (or worse), and comply promptly and truthfully. Having been held up at gunpoint, I can tell you firsthand my hero mentality and quick thinking abandon me the moment I saw the gun. It is a very rare person who has the presence of mind and steely nerves to successfully handle coercion of the nature being suggested in the posted scenario.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Well, this is Solution to a Mythical Problem posed a Mythical Attacker. In what Universe does this scenario exist, other than television or the movies? Sure, it could happen, but does it to any extant worth worrying about? Maybe that's what you were saying...

    @MrC: Yes. Very poorly. :lol:

    Having been held up at gunpoint, I can tell you firsthand my hero mentality and quick thinking abandon me the moment I saw the gun. It is a very rare person who has the presence of mind and steely nerves to successfully handle coercion of the nature being suggested in the posted scenario.

    Wow. You're right, of course. I don't think this person exists; rather, a person can be trained to react in critical situations. I, on the other hand, have no such training. :cry:

  • wkleem
    wkleem
    Community Member

    @RichardPayne, @brenty, Is there a name for the decoy mode in TrueCrypt? I vaguely remember that there is one but can't currently recall what it was!

  • wkleem
    wkleem
    Community Member

    Here's what Bruce Schneiner has to say on TrueCrypt's Deniable File System:
    https://schneier.com/blog/archives/2008/07/truecrypts_deni.html

  • AGAlumB
    AGAlumB
    1Password Alumni

    @wkleem: Ah, that's it! Thanks for the link. I never would have found that without being able to think of the name... :lol:

  • wkleem
    wkleem
    Community Member

    It actually did take me a few days. Try searching Google without knowing what you're supposed to search for! :(

  • AGAlumB
    AGAlumB
    1Password Alumni

    Welcome to my world. :crazy:

This discussion has been closed.