This project has moved. For the latest updates, please go here.

Please add the "Bytes" option to the "Volume Size" screen: plausible deniability concern

Topics: Feature Requests
Mar 3, 2016 at 8:41 AM

For starters I would like to say that I really love what you have done with the legacy of Truecrypt.
Keep up the good work!

Now, I have a recommendation that I think could help improve plausible deniability in volumes created by VeraCrypt.

When a user uses VeraCrypt it is VERY likely that he is going to use the GUI.
However in the GUI there is no option to set the Volume size in Bytes.

That has the unfortunate consequence that if a user creates a container file, this file will always have a neat size that ends in "000". That file will be just too perfect to pass as anything else than a container created by an encryption program.

If on the other hand the user can set the exact size in bytes, let's say:
1281034519077 bytes
then the user can more reasonably claim that he just created a test file and filled it with random data.

Or in another scenario, the user could have many smaller VeraCrypt file containers in a folder. In this scenario, it would be slightly more plausible for a defender to claim that these files as just files with random test data or files with corrupted data.
If their size of the files is so uniform though (all of them ending in "000"), then it is harder to support this claim.

I understand that this is close to security through obscurity, but in the end I think it can't hurt if you also add the "Bytes" option to the "Volume Size" in the GUI so that the user can select the EXACT size of the volume.

I welcome your feedback.

Kind regards!
Mar 3, 2016 at 10:04 AM
If I create a test file I use one of the following:
dd if=/dev/zero of=foobar count=1024 bs=1024
dd if=/dev/zero of=foobar count=1 bs=1GB # (Decimal SI prefix)
or the following for random content:
dd if=/dev/random of=foobar count=1024 bs=1024
dd if=/dev/random of=foobar count=1 bs=1GB

now compare to your answer, they end perfectly with 0's too, if don't want that you could also do that with dd. So I don't see how that would help in any way.