Comment by johnisgood

3 months ago

You do not even need to enter a password.

Use a randomly generated key. Retrieve it from an USB drive at boot (it does it automagically), which contains everything, giving you full plausible deniability without it. It means literally everything you need to boot up is on the USB drive, and if you so want it, you can use 2 separate USB drives.

This is for computers you have physical access to, of course. You will need to carry the USB disk if it is a laptop, but you choose: you want to enter a password (which by itself gives you no plausible deniability BTW), or you want plausible deniability and/or you don't want to enter a password. And while we are at it, laptops (and even desktops) today have SSD, and encryption and plausible deniability is different for an SSD, but again, you choose. Right tool for the job.

https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_enti...

1 comment

johnisgood

Reply
DarkAtom  2 months ago

A password can definitely give you plausible deniability. Look at VeraCrypt, for example. In a sense it's less secure because it can be seen being typed by others or by cameras and is vulnerable to hardware (and sometimes even software) keyloggers. On the other hand, a USB drive can be stolen and can also make you vulnerable to extortion. It's harder to make someone give up information in their brain then to give up a USB drive.