Self Destruct Password for VeraCrypt container/ drives
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Hi,
what do you think about to implement in VeraCrypt an additional self destruct password so if you type in this password the file will be deleted and VeraCrypt overwrites the file so that no one is able to reconstruct your data.
Maybe it is enough that the header will be destroyed.
In case that a person is forced to hand out the password this could be an amazing opportunity to protect your data.
I am looking for a mechanism which scramble the volume header or the file. So you have 3 different passwords. One for the container, one for the hidden container and one if someone forces you to hand out the password. If you type in this special password there will be no way to break the code because the file is scrambled. There are a lot of situations where the attackers don't have the time or the technical ressources to copy your VeraCrypt file before so that after the scrambling the file is lost forever.
Another feature which is missing is that VeraCrypt have the ability to scramble the header or file if someone enters the wrong password. There should be a possibility to choose the number of wrong attempts before encrypting.
Furthermore if you don't use a container and your entire drive is encrypted the self destruct password could act as a panic button before booting.
+1 to you mate, very important spec
Thx :) These are features which could VeraCrypt really pushes forward. I hope that the developers will implement these ideas.
This is not a security feature, and thus rather useless. Please don't waste time with implementing such functionality. Reason: a determined attacker could always copy the file before and/or work on a read-only medium. So an attempt to irretrievably "destroy" the container/file is not possible in the digital world.
The "lot of situations where the attackers don't have the time or the technical ressources to copy your VeraCrypt file" statement is not valid here - you always have to assume the worst case and consider a knowledgeable attacker. The only protection in all kind of scenarios is choosing a strong password, and of course using the "hidden volume" feature.
To the post above...
You have misunderstood the threat model.
There is a discussion about this in the VeraCrypt forum on Codeplex: https://veracrypt.codeplex.com/discussions/570172
At this stage, the best approach is to implement this feature through the use of hot-keys and/or button click coupled with warning dialog because validating a password would take a long time and this will defeat the purpose of such "panic button" feature.
Don't hesitate to participate to the discussion.
In a worst case scenario the adversary could gather proof that hidden data really exist by comparing some hashes before and after such an operation. Of course he still would have to clone the data before. So this functionality itself could compromise plausible deniability.
With that in mind as a user, I still would find this useful - to have a choice.
And with a copy protection system? I use the ironkey for example...