[kenj0418]

TrueCrypt offers a volume-within-a-volume option. The free space of a volume normally contains random data, and the hidden volume is presumably headerless. The idea is then to put something that you might want to hide in the outer volume (freaky porn, for example), then put your actual secrets (evidence of your criminal enterprise, for example) in the hidden volume. If forced to disclose the password, then only the outer volume is apparent and you can disclose that under duress.

[rprospero]

The bit that's never made sense to me about that is that the attacker is equally aware of this feature of TrueCrypt. Once you've given the password for the outer volume, wouldn't the attacker just keep on with the rubber hose until you've also given the password for the inner volume? Obviously, she can't prove that there is an inner volume and she might just be wasting her time. On the other hand, you can't prove that there is NOT an inner volume, so it's in the attacker's best interest to just keep up the torture until either the attacker has enough keys that the encrypted data size equals that of the entire TrueCrypt volume or you've been killed by the rubber hose.

If we believe that torture would cause me to disclose the password of a file without a hidden volume, wouldn't it be just as effective at getting me to give the password to my hidden volume?

[jessaustin]

This isn't a panacea. Check out what the dm-crypt folks have to say about it (question 5.2):

https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQue...

tl;dr: even if your adversary can't "prove" you have another encrypted volume, when they can see all the random data on your disk or inside the "outer" volume, you can't prove you don't have an "inner" one. In a situation shitty enough that you're compelled to divulge incriminating secrets, you're boned whether you have another secret volume or not. Elsewhere in the FAQ they propose zeroing out unused space on your disk whenever travelling to totalitarian states that could demand decryption keys.

[danudey]

> they propose zeroing out unused space on your disk whenever travelling to totalitarian states that could demand decryption keys.

Like the UK: http://arstechnica.com/tech-policy/2007/10/uk-can-now-demand...

[dzhiurgis]

Wait a minute.

If I zero out drive using traditional method - data is still recoverable.

If I zero out drive using random data - I can be suspect and/or get free rubber hose for life, trying to extract keys for something that doesn't even exist?

[jessaustin]

The authoritarians would like to be able to torture and imprison you based on nothing more than their whim, so that's why they set it up this way.

The authoritarians' apologists will probably note that to address your concerns, you should use random data first, to whatever extent you think will thwart recovery efforts, and then zero out your empty space.

[tlrobinson]

I think on most operating systems the free space usually contains remnants of deleted files, not random data, unless you use some sort of secure deletion mechanism (srm, etc). If the free space of your volume contains truly random looking data then there would be reason to suspect a hidden volume.

Presumably that's not the case with TrueCrypt volume-within-a--volumes, but if you're using TrueCrypt there's already reason to suspect you might have hidden volumes.

It's impossible to prove the existence or nonexistence of hidden volumes, but that could be a good or bad thing depending on your adversary's willingness to jail/torture/kill you on suspicion alone.

I'm not aware of hidden volume software that integrates with "unsuspicious" file systems. Does something like that exist?