If you refuse to decrypt your files for a government official at a border crossing, they'll make you change your mind about it very quickly.
Do you use TrueCrypt?
- Thread starter papajohn56
- Start date
If you refuse to decrypt your files for a government official at a border crossing, they'll make you change your mind about it very quickly.
Thats why there's the "Hidden Volume" option of TrueCrypt, one password opens the outer volume, the other opens the hidden volume. So if you only divulge your normal volume password then they'll only see that stuff and not what you wanted to hide within.
I'd like to meet the computer nerd that could lie to a gov't official without breaking a sweat. Cuz it sure ain't me!
So is this "hidden volume" truly 100% hidden? Wouldn't any red-flags go up to someone snooping around if there was a section of a hard drive they could not write to? Or does it act like a blank section of the hard drive you're just not supposed to add data too? Now that would be slick...
TrueCrypt - Free Open-Source Disk Encryption - Documentation - Hidden Volume
basically if they mount it the normal way, it would be possible to accidentally overwrite files on the hidden volume since it lies within the outer volume. But we would assume those trying to obtain information from you is not likely to be writing stuff back to the drive. To mount the outer layer properly for writing you'd have to check the box to protect the hidden volume (which you supply the password to) that way you can open up the outer volume for regular usage without worrying bout overwriting it.
Course if your outer volume is nearly full (minus the space used by the hidden volume) and you have protection turned on, it will lock the entire volume into read-only safer measure until it has been dismounted (which makes putting a hidden volume on a boot/operating system volume rather hazardous to both volume)
I came here to say just that.
Here's a little theoretical bullshit for this argument...
If you have a 20 character, lower case, alpha-numeric passphrase...
A botnet of 100,000 computers, each processing 1 million passwords per second (VERY high numbers here; my 64bit Dual Core @ 3.2ghz with 4Gb Ram ran like 40 per second), would take 4297676999372 years to complete.
Say they get the password in 20% of the tries, it would still be 859535399875 years.
Sooo don't think that the Government can just plug your computer in and crack it in 20 minutes like in a movie.
Not at all. I have a 500gb drive in my laptop, 250gb external USB, and 8gb pen drive, all full-disk encryption, and I haven't noticed a single slow-down or anything like that.
I should have read this entire thread over again before replying to so many posts separately, but oh well.
As stated, plausible deniability is the key to this.
Basically, as far as a file goes, here's how it works...
Say you have "Rachael_gets_ass_rammed_vol3.avi" as your source file.
In TC, you will make a new PD-based encrypted "partition". You can make it any size you want (within the means of your drive of course), but let's say you make it 10 GB.
Then, for the main encryption partition, you choose "Rachel_gets_ass_rammed_vol3.avi". TC will now over-write this file (or create it if it isn't there). The file will keep the same file name, but now be 10gb in size.
Now, within that file, is your hidden volume. Let's say this is 8GB.
Your password for the outer, main volume is: myeasypass
But, your password for the 8gb hidden volume is: mysuperfuckinghard2guesspasswordthatonlyIknow!
Now, when you use TC you go to mount your shit, you find "Rachel_gets_ass_rammed_vol3.avi" on the drive, and select it. It will ask you for your password.
You unlock it with "myeasypass" and it will mount a 10gb drive. You open it, and throw in some files that look sensitive, but really aren't. Bank account info, some cock pictures, a few legit porn videos, etc.
Then you dismount it, and never put anymore files on there.
Now, you go back to mount a volume again, and once again select "Rachel_gets_ass_rammed_vol3.avi".
This time, when it asks for the pass, you use "mysuperfuckinghard2guesspasswordthatonlyIknow" and viola! It mounts the hidden 8gb drive.
Now you store your REAL sensitive/private shit within that.
Now, when all is said and done, you have 1 encrypted file that is hard to find.
When found (by the Customs Agents in this case), they could beat you and threaten you until you open it. You give in. You open it with "myeasypass" and they see your cock pics and bank info and a little porn and let you go.
They won't know the hidden volume is there because it's invisible, it isn't a "file" and the outer volume shows that it has 8gb of free space.
See how it works now?
I know this is a shitty explanation, but fuck it, hopefully it makes sense.
Also, you can do the same thing with Windows.
You can create a "main" windows and a "hidden" windows. You would use the "main" copy when you boot, use it, store some files on it, make it look used.
Then, you would use your "hidden" copy for your daily activities.
If you are ever forced to boot your computer, you enter the pass that unlocks the "main" windows, and you are good to go.
That was a great explanation! I get it totally now, and thanks for the link kblessinggr.
Really? With truecrypt? Now that sounds interesting.. But probably less practical/safe than simply keeping all encrypted files in one neat little folder.
Really? With truecrypt? Now that sounds interesting.. But probably less practical/safe than simply keeping all encrypted files in one neat little folder.
If you're using the hidden OS within the decoy OS, you need to mount the decoy and use it often enough, save files there, etc., that it will look like it's something you'd want to protect. If someone gets access to the outer OS, it's not gonna look legit if it looks like a clean install you did 8 months ago.
Also, you should wait until they pull at least 2 of your fingernails before giving up the easy password.
Also, you should wait until they pull at least 2 of your fingernails before giving up the easy password.
Agreed.
I didn't opt for the hidden OS.
Instead, I have the bootloader display an error telling me to reboot. I can input my pass there, but there is no prompt or blinky cursor or anything.
I then put a hidden volume of 7gig outer/6gig inner on my 8gb USB stick. The other 1gig is unencrypted and holds a Live copy of XP that doesn't save any data.
This way if I ever need to, I can say I don't use my laptop's drive. I keep everything in a live environment, and boot from this USB key.
They then insert it, boot, and there is Windows, untouched because it's a Live install, so files are never modified.
Yea I don't do the protected OS bit either (would seem kind of difficult on a mac) instead I do keep a vmware fusion virtual machine encrypted in a volume if need be. But otherwise I just like the ability to have a file-based volume that can be moved if I have to without complicating the usual OS.
What you guys think bout using keyfiles in combination with passwords like selecting a number of documents, images etc as keyfiles on the same external drive in order to mount a file-based volume?
Be careful about the default settings- if you designate a new keyfile each time you create a volume, it will require all the keyfiles to mount the volume, so if one of your keyfiles is in one of the encrypted volumes you will find this out the hard way.
I usually have a couple keyfiles on my LAN, so that outside this environment, certain volumes would be unreadable. If you do something like this, make sure you are prepared to deal with a hardware failure on any of the relevant machines where you keep the keyfiles.
Well kinda figured using a keyfile inside of an encrypted volume to be a silly thing to do 
Or have a virtual machine on an encrypted volume, and the virtual machine itself is own it's own encrypted boot volume, with an encrypted file based volume within containing your other virtual machine to be booted off virtualbox within the virtual machien, within the container.
Imagine spending 10 mins booting off that just so you can open up your secret porn stash and fap for 2 mins before having to shut it all back down again.
I use Chrome in Incognito mode as default, spoof my MAC, and leave my Wifi open unless I need absolute peak bandwidth for something (then I lock it, and unlock it when done), which just kinda helps give me deniability if ever needed.
It isn't much though. Spoofing the mac, having NO cookies/flash objects, and not logging into anything (ANYTHING) while using another open Wifi network seems to work just fine as well.
Tor is more for being anonymous more so than it is for security. Especially since your connection from the end node to the destination is still unencrypted (unless course you're doing https but even then your connection goes thru a number of people on top of your usual internet infrastructure).
For security it works better to use an SSH Tunnel to a server you own then https from there. That way from your machine to your box it's encrypted in the eyes of your own ISP, you just gota take care of the rest from the box onward (also a good idea to SSH tunnel or secure VPN when you're on a public hot spot).