Rubberhose (file system)
In computing, rubberhose (also known by its development codename Marutukku) is a deniable encryption archive containing multiple file systems whose existence can only be verified using the appropriate cryptographic key.
Name and history
The project was originally named Rubberhose, as it was designed to be resistant to attacks by people willing to use torture on those who knew the encryption keys. This is a reference to the rubber-hose cryptanalysis euphemism.
It was originally designed for use by human rights groups working in third world dictatorships, but was often proposed for use in other countries such as the United Kingdom where threats of imprisonment can be used to force people to reveal their encryption keys (see Regulation of Investigatory Powers Act 2000), or the United States which routinely practices rendition to nations where torture is not prohibited.
The following paragraphs are extracts from the project's documentation:
- Rubberhose works by initially writing random characters to an entire hard drive or other dynamic storage device. This random noise is indistinguishable from the encrypted data to be stored on that disk. If you have a 1 GB drive and want to have two Rubberhose encrypted portions of 400 MB and 200 MB, it assumes that each aspect (as the encrypted partitions are called) will be 1 GB and fill the entire drive. It will keep doing this until the drive is really filled to capacity with encrypted material. It breaks up the pieces of each aspect into small pieces and scatters them across the entire 1 GB drive in a random manner, with each aspect looking as if it is actually 1 GB in size upon decryption.
- Each aspect has its own passphrase that must be separately decrypted, and if a hard drive is seized neither mathematical analysis nor physical disk testing can reveal how many aspects actually exist. Internal maps are used to locate where the data is stored amongst the random characters, with each aspect having its own map which can only be decrypted via its specific passphrase. Therefore, a Rubberhose disk can only be safely written to after all the passphrases have been entered. Everything works on a "need to know" basis, i.e. each aspect knows nothing about the others other than when to avoid writing over the top of another.
Rubberhose is not actively maintained, although it is currently available for Linux kernel 2.2, NetBSD and FreeBSD. Latest version available, still in alpha stage, is v0.8.3. It was the first product that used deniable encryption, marking its invention.
- Suelette Dreyfus. "The Idiot Savants' Guide to Rubberhose". Retrieved 24 July 2012.
- Ralf Weinmann biography at https://cryptolux.org/Ralf-Philipp_Weinmann
- "Rubberhose cryptographically deniable transparent disk encryption system". Retrieved 21 October 2010., also at http://marutukku.org/