Hacker Newsnew | comments | show | ask | jobs | submit login

Well, TrueCrypt containers are always meant to be directories -- i.e. they always hold file systems -- and so you'd best decrypt this container into a file system! But that severely restricts your defense.

TrueCrypt is not meant to hold file systems any more than a hard drive is. There is nothing stopping you from not creating a file system on your truecrypt volume and just storing garbage in it - or use another encryption software on top of it.

TrueCrypts hidden-volume feature is quite meaningless in most cases (my opinion) due to the way it is likely used. If you present a decryption key that gives access to a filesystem that does not match what was expected then you are in trouble.

Especially the hidden OS feature... So you have been using this laptop on multiple occasions the last week (of which we have proof) but according to the filesystem you presented to us this system haven't been used for over a month.

The same goes for a hidden volume. Unless you actively use it as often as you use your device (which is really cumbersome to do right) you might just be better of without it since exposing it will tell them way more than you want to tell them (for starters it will tell them that you are actively lying and having made precautions in order to try and get away with lying).




Your last paragraph is actually the "mixed reactions" that I was having. It seems like for hidden volumes to work right, you need to constantly be using the outer volume. That's fine, there are plenty of applications you might want to encrypt but might not need to hide from the police -- passwords and emails, perhaps, or legally-downloaded-and-possessed pornography, or a journal, or something like those.

The problem is, due to what I guess is something of a flaw in the central idea, you ultimately have to provide the password for your inner volume when you do all of these things which don't involve it. So now your private data is split up over two drives, which is at least somewhat questionable, and also the "mundane" drive requires the "important" password.

This may be acceptable if you're collecting a small cache of text documents which you believe could harm a corporation -- then you say "no, I don't have those articles, see, this really is just my porn stash, please don't hurt me. But a criminal or a government -- no, they're willing to be patient and they're perhaps willing to peek at your password input prompts with webcams or audio-recordings. They would know that there's an extra password being entered every time you decrypt that file.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: