This project has moved. For the latest updates, please go here.

Destroy key

Topics: Feature Requests
Feb 26 at 1:03 PM
The outer container has 2 passwords.
Password #1 accesses the outer container.
Password #2 accesses the outer container and destroys (access to) the inner/hidden container.

The second option is used when being forced to hand over the key.
Mar 21 at 5:17 PM
+1
Mar 24 at 1:41 PM
Edited Mar 24 at 1:41 PM
This is THE function I miss most!
Please implement it as fast as possible.
Developer
Mar 24 at 8:08 PM
We can create simple "if"..."else" procedure. Might be it is not good idea.

Probably it requires some math investigation and modification of header authorization procedure. Task is not so easy.

Scenario:
  1. Correct password - header decryption is OK. Header is updated and remains correct.
  2. Wipe password - header decryption looks like OK. Header is updated and remains damaged.(correct password does not work after it but wipe password remains like OK).
There are other ideas but any suggestions are welcome.
Apr 1 at 4:04 AM
Actually, VeraCrypt would need three passwords (not just 2):

1) Access outer container, inner hidden container stays hidden and intact
2) Access outer container, inner hidden container and Password 3 are destroyed
3) Access inner hidden container, outer container stays intact

Strongly agree that this is a very important feature request.
Apr 1 at 3:03 PM
Edited Apr 1 at 3:11 PM
It will also require Phd in math and cryptography. It will lead to 30% loss of data due to forgotten passwords, keyfiles, pims, and most importantly, knowledge of how the system works....

At the same time, it doesnt offer any protection whatsoever to a dedicated attacker who will make backup copy of the encrypted data before attempting anything!


p.s. Why isnt PGP as popular as it deserves to be? Because its darn COMPLICATED! People dont bother with stuff that require too much of a brain nowadays! Dont make the same mistake with VC - it is already on the edge of the complexity's selfdestruction!
Developer
Apr 1 at 9:13 PM
Edited Apr 2 at 8:16 PM
Hello Alex512,

There is idea to create SDK for disk encryption (layers: crypto, middle ware/control, user interfaces) As result - possibility to create several UI with different complexity. But the project is too complex.
Apr 20 at 9:00 PM
Edited Apr 20 at 9:07 PM
Crypix wrote:
The outer container has 2 passwords.
Password #1 accesses the outer container.
Password #2 accesses the outer container and destroys (access to) the inner/hidden container.

The second option is used when being forced to hand over the key.
Hi,
I also had idea like this, but note that any forensic investigator will not perform decryption on real data - original is archived as evidence.
  • Self-destructing the backup is useless.
  • Even more it is revealing information that you know self-destruct password. And giving high certainty that you KNOW also real decryption password.
  • Imagine that you use password to self-destruct hidden container -> hidden container header is erased -> data in outer container must be modified -> thus revealing existance of hidden container.
  • Also when VeraCrypt would contain code to delete the volume header (because it is open-source) any investigator can create their branch skipping these actions.
This is dangerous feature
Apr 26 at 3:09 PM
What if the Destroy key opened a second but bogus file that looked similar to what was expected? That would work on the backup too, and divert further digging.
May 12 at 3:32 AM
You just said all I was thinking of saying. Please may I second your post and say this has to be a very desirable feature request!
May 12 at 3:36 AM
jetelina wrote:
Hi,
I also had idea like this, but note that any forensic investigator will not perform decryption on real data - original is archived as evidence.
  • Self-destructing the backup is useless.
  • Even more it is revealing information that you know self-destruct password. And giving high certainty that you KNOW also real decryption password.
  • Imagine that you use password to self-destruct hidden container -> hidden container header is erased -> data in outer container must be modified -> thus revealing existance of hidden container.
  • Also when VeraCrypt would contain code to delete the volume header (because it is open-source) any investigator can create their branch skipping these actions.
This is dangerous feature
Quite true, so not something you should use if being investigated by law enforcement. However if criminals are trying to force me to reveal my password, I would rather destroy them and take my chances, or the excellent idea of it opening a bogus volume with irrelevant data you stored there.