How To Create A Truly Hidden Partition With TrueCrypt 7

   How To Create A Truly Hidden Partition With TrueCrypt 7TrueCrypt is an open source encryption tool that does a fantastic job at encrypting your files. We’ve covered it many times before with easy tutorials on encrypting your USB drive, and encrypting a folder – but today I’d like to show you how to create a truly hidden encrypted drive, that could remain hidden even if you were forced to reveal the password.

How? read on.

Hidden Volume:

A “hidden” encrypted volume provides you with “plausible deniability” should the need ever arise. For example, if your drives were seized, and you were forced under order of court to reveal the password – then your hidden drive would provide an extra layer of security. How? We will first create an outer volume that is encrypted, and hide some fake files on there. Then within that encrypted outer volume, we will create a further encrypted volume. You end up with two password-protected volumes – and you can safely reveal the outer volume password – without revealing a secondary hidden volume. The TrueCrypt page has a more technical explanation of a Hidden Volume that you might want to read.

hidden volume   How To Create A Truly Hidden Partition With TrueCrypt 7

You will need

Since we’ve covered basic Truecrypt file and folder encryptions before, today I will be using an entire partition. This could be a USB hard drive or a second hard drive in your PC.¬†This drive will be formatted entirely in the process, so make sure there is nothing important on it.

You will also need a copy of the latest TrueCrypt for your system, which you can download here. For this guide, I have used the Mac OSX version, but the interface is similar on Windows or Linux.

Create a Partition

Begin by plugging in your drive and creating a partition that we will encrypt. I showed you how to create a partition on Windows last week, but on my OS X installation I simply opened Disk Utility, find the drive in the left side, and click on the Partition tab on the right. I chose 1 partition, gave it a name, and clicked Apply.

2 partition   How To Create A Truly Hidden Partition With TrueCrypt 7

Create Encrypted Volume

Launch TrueCrypt and click on Create Volume.¬†Choose the second option, which says “Create a volume within a partition / drive“.

2 within partition   How To Create A Truly Hidden Partition With TrueCrypt 7

Next, choose to create a Hidden TrueCrypt Volume.

3 hidden volume   How To Create A Truly Hidden Partition With TrueCrypt 7

Be careful when you select the device on the next screen. If you gave your partition a helpful name, you should have no problem. Go ahead and select the device.

Next are the encryption options. The defaults are those deemed secure enough for top secret government documents, so it’s probably good enough for us.

4 encrypt ptions   How To Create A Truly Hidden Partition With TrueCrypt 7

Next, you will need to choose a password for your outer volume. Remember, this will be a password you rarely ever use, but will be the one you give up if forced to. It is very important that this password be substantially different to the one you will encrypt your hidden drive with.

The next screen is a little difficult to explain, but suffice to say the more you move your mouse around, the more secure your drive will be. Just do it for about 30 seconds or so, then click Format.

5 encrypt   How To Create A Truly Hidden Partition With TrueCrypt 7

For my 160 GB USB drive, it took about an hour and half just to encrypt the outer volume. This is a one-off thing though, when you actually use the drive you need only enter the password.

Next, you need to copy some fake files to the encrypted disk. These can be anything, but ideally they should be private looking files, maybe some home movies – something you wouldn’t mind someone seeing if you were forced to reveal passwords. Warning: You shouldn’t write to this outer volume later, or your actual hidden volume may become corrupted. It is a fake storage container only to act as a diversion. Click on the button labelled Open Outer Volume, and start copying files in. Bear in mind that if you have a 1 TB drive and someone investigating finds only 100 MB of “secret” files, it may look a bit suspicious.

7 write to outer volume   How To Create A Truly Hidden Partition With TrueCrypt 7

When you’re done copying, go back and click next. TrueCrypt will automatically unmount the drive and figure out how much space you have left for your real hidden volume. You can make it as large as you like, but I like to leave a little room on the outer drive in case someone were to accidentally write to it.

8 size   How To Create A Truly Hidden Partition With TrueCrypt 7

Make the outer volume in the same way, but this time make your password long, and really good. Include capital letters, lowercase letters, numbers and punctuation. A good tactic if you don’t like random passwords is to create a sentence around it like: 20MILLIONsecretF1l3$. When asked if you’ll be storing large files, I suggest you choose ‘yes’ as the world of computing moves rapidly, and even today some movies are over 4 GB in size. Best to future-proof the drive now.

9 bigfiles   How To Create A Truly Hidden Partition With TrueCrypt 7

Wait again while the outer volume is encrypted. You can now mount your secure hidden volume via TrueCrypt, as it won’t be mounted by default once the hidden volume is created. Just click Mount All Devices, and type in the correct password. You don’t need to type both your outer volume password and your hidden one – just the hidden one is fine.

10 mount   How To Create A Truly Hidden Partition With TrueCrypt 7

If you leave your computer on a lot of the time, don’t forget to unmount the drive. After a restart or shutdown the computer, the volume will be automatically dismounted.

Conclusion

If you read through this far, then obviously you have something worth hiding, and by utilising a hidden encrypted volume, you give yourself a way out should things go awry. Why bother encrypting a drive if the big-brother police state you are living in has the power to legally demand the decryption keys, or send you to jail? Don’t be a sucker, just give them the wrong keys!

Download TrueCrypt and try it out.

Image credit: ShutterStock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

14 Comments -

0 votes

Daves Raves

Not a bad article..but don’t think this will fool anyone but the most naive investigator; most analysts will instantly identify that the outer partition is nowhere near the size of the raw partition–and this has given Big Brother the evidence needed to ask a judge to jail the owner until they release the inner key–”obviously they have something REALLY important to hide if they’ve gone to this trouble.”

Further,TrueCypt has been broken–Google it.

0 votes

James Bruce

Sure, it’s been broken IF the computer was never turned off and they performed forensic analysis in-situ. The technique relies on recovering the password from memory, which fails as soon as the computer is powered down and transported. So no, sorry, it has not been broken to the point that should worry anyone who wishes to hide anything.

Unless you’re talking about brute force, in which case it will take a few thousand million years to break my password, unless quantum computing happens fast.

Furthermore, your point about being able to identify the size is simply incorrect. I quote:

Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data. If the header is successfully decrypted (for information on how TrueCrypt determines that it was successfully decrypted, see the section Encryption Scheme in the documentation), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset).

****

Perhaps the official diagram is a little misleading. The size of the outer volume, to any “experienced analyst” will appear to be the entire drive. Hence why is it important you never write to the outer volume, as it may overwrite the inner one.

0 votes

Daves Raves

Not a bad article..but don’t think this will fool anyone but the most naive investigator; most analysts will instantly identify that the outer partition is nowhere near the size of the raw partition–and this has given Big Brother the evidence needed to ask a judge to jail the owner until they release the inner key–”obviously they have something REALLY important to hide if they’ve gone to this trouble.”

Further,TrueCypt has been broken–Google it.

0 votes

James Bruce

Sure, it’s been broken IF the computer was never turned off and they performed forensic analysis in-situ. The technique relies on recovering the password from memory, which fails as soon as the computer is powered down and transported. So no, sorry, it has not been broken to the point that should worry anyone who wishes to hide anything.

Unless you’re talking about brute force, in which case it will take a few thousand million years to break my password, unless quantum computing happens fast.

Furthermore, your point about being able to identify the size is simply incorrect. I quote:

Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data. If the header is successfully decrypted (for information on how TrueCrypt determines that it was successfully decrypted, see the section Encryption Scheme in the documentation), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset).

****

Perhaps the official diagram is a little misleading. The size of the outer volume, to any “experienced analyst” will appear to be the entire drive. Hence why is it important you never write to the outer volume, as it may overwrite the inner one.

0 votes

Dan

Uh, no. Please RTFM before you spread FUD. Truecrypt is so good not even the FBI could crack it. Google it. :)

0 votes

JBB

I believe you are incorrect — the partitions both look like they’re the entire drive. All empty space on a truecrypt drive are filled with random data, and the encrypted data looks like random data. If you have a 1T disk and you’re in the outer partition, it looks like you’ve used some space and the rest of it is empty. If you are in the “inner” partition it *still* looks like you have a 1T disk and some of it is empty. This makes it impossible to tell if there’s a second, hidden partition or not.

0 votes

JBB

Warning about usb drives — don’t use a solid-state disk or a thumbdrive! Quoting from truecrypt.org:

“A TrueCrypt volume resides on a device/filesystem that utilizes a wear-leveling mechanism (e.g. a flash-memory SSD or USB flash drive). A copy of (a fragment of) the TrueCrypt volume may remain on the device. Therefore, do not store hidden volumes on such devices/filesystems. For more information on wear-leveling, see the section Wear-Leveling in the chapter Security Requirements and Precautions.”

0 votes

JBB

Warning about usb drives — don’t use a solid-state disk or a thumbdrive! Quoting from truecrypt.org:

“A TrueCrypt volume resides on a device/filesystem that utilizes a wear-leveling mechanism (e.g. a flash-memory SSD or USB flash drive). A copy of (a fragment of) the TrueCrypt volume may remain on the device. Therefore, do not store hidden volumes on such devices/filesystems. For more information on wear-leveling, see the section Wear-Leveling in the chapter Security Requirements and Precautions.”

0 votes

Mario D

thanks for pointing it out

0 votes

Pattaya Girls

I boughtdrivecrypt years ago but switched to fee truecrypt for the pastthree much better to have something free i can install at internet cafes etc