File Encryption Tactics - The Rubber Hose Technique

From the people I've spoken to - the majority of people who visit this site are kind of similar to me. Many are concerned about the privacy issues from either governments or online criminals monitoring and stealing our data - many times both. I know there are also lots of people who just want to protect their internet connection when travelling or using Hotel Wifi (a prime target for Identity Thieves).

There are of course more who actually don't give a fig about security or anonymous surfing and just want to bypass the many blocks, filters that restrict access to various websites. There are thousands of people who just want to watch BBC Iplayer from the US or catch up with their favorite shows on Hulu, ABC or any of the other media sites that block access outside their own country. All these are of course blocked unless you happen to be in the right country or have a subscription to Identity Cloaker.
Accessing BBC Iplayer

However there are a certain amount of people who have a genuine need for such anonymity techniques and software, people who's actual well being is at risk. There are so many countries now where if you actually use technology to communicate freely you are putting your liberty or even life at risk.

Which takes us neatly to the subject of this post and one of the core technologies we have to allow us to communicate freely - encryption. The ability to encrypt everything you do online is of course great for protecting yourself on the net. However there is a fundamental problem with it and that's encryption only keeps your data secure while you keep the password to yourself.

For instance you may routinely use disk encryption to keep your data secure on your laptop - you may be a free speech activist living in somewhere like Iran or Libya, a journalist reporting from similar oppressive regimes or even a cyber criminal who just wants to block access to incriminating files on the hard disk. There are loads of excellent file or whole disk encryption solutions available - in fact most security aware organisations will encrypt their laptops hard disks as a matter of course. The problem again is that your data is secure as long as no-one knows the pass phrase to decrypt it.

That's the problem an activist in Iran would face, his laptop may be protected by extremely powerful encryption but if the authorities know the password then it's essentially worthless. This is in fact the stark reality, cracking powerful encryption may be well nigh impossible but beating the password out of a suspect might not seem so hard if you aren't bothered about the moral aspects. The issue is known as rubber-hose cryptanalysis and refers to using violence to extract the password to an encrypted file or disk (the euphemism is beating someone with a rubber hose until they co-operate).

'Julian Assange - (New Media Days / Peter Erichsen)'

So what options do people have?  Well there is one file encryption system that offers a possible solution.  It was conceived and co-authored by a rather famous Australian called Julian Assange - it's name is Rubberhose.  It's quite old now but a very clever concept of how to encrypt a disk, instead of encrypting and securing the whole disk and protected by a single password, Rubberhose creates individual partitions or layers each requiring a separate password to decrypt.

It is impossible to detect how many layers exist on a single disk, either by mathematical or physical analysis of the disk.  It is theoretically possible to save hundreds of layers to a single disk although in reality trying to remember too many complex passwords is not really practical.

There is an important practical aspect to this multi-layered technique as it provides some options for anyone stuck in a dangerous situation.  

How Rubberhose Encryption Could Save the Day

So lets take a topical example of how this software could possibly save your skin.  Perhaps you are a Libyan protester picked up by Gadaffi's secret police.  They have you and they have your laptop encrypted using Rubberhose.

Now normally in this situation you'd be faced with the unpleasant choices of either giving up the password to your disk (and possibly endangering fellow protesters, friends, colleagues etc) or refusing to hand it over to a regime with little qualms in using violence and torture to obtain the information they need.  But although Rubberhose doesn't get you out of this situation it does at least give you some options.

Imagine our protester has set up three separate layers on his hard disk, each one giving access to specific data.  Without all three passwords you are unable to view all the data on the disk and no-one can determine how many layers there are.  When the Libyan security heavies start to interrogate you, perhaps you can resist slightly before divulging the first password - perhaps this gives access to some ordinary, completely innocent information.  The heavies are not convinced and push further until you give up the second password which gives access to some more information - perhaps something slightly more sensitive but not dangerous.  Will this be enough to save them suspecting or torturing our hero to achieve the third password?   Who know's but of course it would at least give him a chance.

The psychology of this situation and how to handle it of course is open to debate.  To reveal too many levels and passwords quickly would probably be a mistake and I suspect the best tactic may be to just reveal a single password with access to the majority of 'safe data' on the disk.  There is no doubt that the activist with Rubberhose protecting his disk, at the very least has more options than those with a single password protecting the whole hard disk.

It's a simple but very clever concept - was authored by Julian Assange and Ralph-P Weinman and is freeware. You can read more about and download Rubberhose from this link -