Topics: Feature Requests
Oct 23, 2014 at 8:49 PM
Edited Oct 23, 2014 at 8:50 PM

At the moment no one can actually claim plausible deniability with Truecrypt or even VeraCrypt. The reason is that there is no plausible excuse to having so much cryptographically random data on a hard drive.

Users could claim to have used DBAN, but not only does DBAN sometimes fail to write to the entire disk, I am not 100% convinced the random data outputted by DBAN is statistically similar to the data written by VeraCrypt.

This is why I am suggesting a new product called "VeraWipe" This should be a stand alone product separate from VeraCrypt. VeraWipe would allow users to securely wipe (data destruct) their hard drives like DBAN offers now.

The main reason for VeraWipe is that it produces the exact same random output as VeraCrypt would. Having this separate tool available gives all users the excuse they have simply wiped their hard drives with VeraWipe and they are not encrypted at all.

Without VeraWipe no user can be confident to make a claim of a wiped disk as I am sure (guessing) there will be some difference in the output from DBAN ( or any wipe program) and VeraCrypt.

I hope this would be an easy tool to make as VeraCrypt has all the functionality needed to do this now. Just create a random 63 character password and encrypt the entire hard drive, then dispose of the password. This would obviously be packaged and distributed as a hard drive wiper / overwriting software to enhance the plausible deniability.

Thanks :)
Oct 24, 2014 at 8:16 AM
I agree that this is a good idea for plausible deniability. It can also be used as a regular wipe program even if it will always be slower than the others because of the various cryptographic operations involved.

DBAN uses dwipe which in turn uses Mersenne Twister as its default random generator. This makes DBAN random data statically different from those generated by VeraCrypt which uses more cryptographically secure PRNG. That's why it is possible to distinguish between DBAN erased disks and VeraCrypt volumes.

Technically speaking, it is not something difficult to implement as you pointed out. Once we finalize all the current modifications, we'll evaluate all the new features and definitely VeraWipe will have its place.

By the way, excellent name!
Oct 24, 2014 at 1:43 PM
Thank you for your interest in this :)

I have always been amazed by the public’s lack of foresight regarding the plausible deniability of Truecrypt or VeraCrypt WDE or Volumes.

Until the release of VeraWipe there simply isn't any plausible deniability available to users.

Please don't be unduly concerned about the speed issue of VeraWipe, faster would obviously be better but speed is not the issue. There just has to be the ability to use VeraWipe, or at least the program has to be available for everyone to enjoy the benefits. It's main purpose is it's existence, this alone provides the plausible excuse we all need to be able to refer to.

I am so pleased you understood my point and that you seem to be interested in it. Thank you very much for all your work.
Oct 26, 2014 at 3:59 PM
I notice you have created a project called VeraWipe on :) Yay !

Please can I make some suggestions before you start coding, in case it affects how you make a start ?

VeraWipe's main purpose is to provide PD, however a small change to it's coding would also make it a useful wipe tool. We need many members of the public to adopt VeraWipe widely, especially non VeraCrypt users, to add to it's PD value.

DBAN and other wipe tools often do not overwrite the ENTIRE disk. VerWipe could be promoted in order to address this issue and also encourage the uptake of VeraWipe.

The method to employ to encourage people to switch to VerWipe would be the simple inclusion of HDDerase. Making it simple and easy to use HDDerase would be enough to attract new users and the public in general.

So my suggestions are as follows.

VeraWipe should be an ISO which people can write to a CD/DVD or Bootable USB Flash Drive.

A simple and user friendly interface, again to encourage the wide adoption of VeraCrypt to the general public and non VeraCrypt users.

Option to select a single drive letter or partition, option to select all attached drives or any number of.

Option to format drive after wipe. Option must be "opt in" so default leaves drives suitable for PD. Obviously user definable format type.

Use HDDerase as first wipe pass. Optional. As explained this is the only method to write to the entire surface. Default should be YES.

The second pass ....

VeraWipe should create a 63 character random password for each selected drive or partition, no user input option for this.

Randomly select between AES or Twofish as cipher, no user input option for this.

No option should be available to write anything to drive after the CSPRNG pass (unless format option has been used), This enables good PD and leaves many drives around the world with end to end random data :) Which is the aim of this software.

PD = Plausible Deniability.

Information on HDDerase

Thank you :)
Oct 27, 2014 at 9:54 PM
Thank you again for sharing these ideas, this is very helpful.

Concerning the tool itself, my idea is to have it in two format:
  • standalone program that can used under Windows/Linux/MacOSX in order to perform the wipe of external or internal hard drives.
  • a bootable ISO image that performs the wipe and that uses internally the standalone program.
DBAN is architecture the same way and having a standalone program will help its usage spread more widely.

Ideally, VeraWipe should be released under a GPL license in order to push its adoption in Linux distribution in the long term. Of course, we can start with the current sources and license for version 1.0 and then start a code rewrite of the core engine once all the functionality are here.
Oct 27, 2014 at 10:38 PM
I am overjoyed you are interested in this request :) At last, a real step forward for plausible deniability !

Your ideas for the standalone and ISO are great !

I did a little more research and noticed a program called hdparm which might be helpful for VeraWipe.

More information here...

I still believe employing the hardware wipe tool (HDDerase) inbuilt in all modern hard drives would be a significant improvement over DBAN and it will also massively promote VeraWipe.
Nov 4, 2014 at 11:54 PM
I agree this a great idea!!!!