I'm not too convinced about the plausible deniability here, could someone that has reviewed their tech comment on the following:
- Encryption works by blocks and do not generally hide the size of the plaintext.
- Once I get the encrypted material, I thus approximatively know the size of the original file within a few bytes (uncertainty is due to padding to block size).
- I collect a few candidates files with size in the right range (There might be only one but it's still deniable).
Knowing your login information and the algorithm used to "derive the key from the login information", can't I encrypt the candidate and test against the encrypted material ?
I'm not sure how much more clear I can be. Turtl doesn't know your login information, and doesn't know any of the keys derived from your login information. That's the point of the login...it's a familiar way people use to authenticate themselves with a service, but with the added benefit that it's actually generating a master key for them.
Also, not sure how many files there are floating around the internet (and off of it) but it's quite a bit, so comparing file sizes isn't going to give any real information (at least in regards to copyright protection).
No. Since asymmetric encryption is slow the standard strategy is to generate a random symmetric key to encrypt your file. Then you just encrypt the symmetric key with your asymmetric key. This has the added benefit of each new encryption attempt leading to a unique result.
- Encryption works by blocks and do not generally hide the size of the plaintext.
- Once I get the encrypted material, I thus approximatively know the size of the original file within a few bytes (uncertainty is due to padding to block size).
- I collect a few candidates files with size in the right range (There might be only one but it's still deniable).
Knowing your login information and the algorithm used to "derive the key from the login information", can't I encrypt the candidate and test against the encrypted material ?