Plausible Deniability in Cryptography: Building a Duress Password in Rust

Post 3 of 6 on building Anyhide, a Rust steganography tool. This post is about threat models where the adversary isn't a server or a middleman — it's a person with leverage.

Most cryptographic tools are designed against adversaries who intercept things. They sit on the wire and try to decrypt what they see. They mine keys out of RAM. They exploit implementation bugs.

But there's another adversary that most crypto doesn't help you with: the one who has you in a room and wants you to type the passphrase. This is called "rubber-hose cryptanalysis" in the literature, or sometimes "the $5 wrench attack" after an old xkcd. Neither phrase really captures it. The point is simple: if someone can compel you to unlock the ciphertext, the math doesn't save you.

What can save you — partially, imperfectly, but usefully — is plausible deniability. The idea: design the tool so that the passphrase you give under coercion reveals something, but not the real thing. And make sure the revealed thing is indistinguishable from what you'd get with the real passphrase.

In Anyhide this is called the duress password. This post is about how it works and how I implemented it.