Hidden volume not in a VC volume
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Please excuse me if it is a well known topic, I'm a new user and I'm trying to understand VC's working...
My usage case is: I want to be able to bring around my (large, I bought a 1TB Patriot) USB key, with all my digital life inside. I dont want to risk anything if I lose it, and I'm philosophically against any potential intrusion by governments (say if I wanted to cross a border...)
So I'm trying to understand the hidden volume feature and I tested on a 28GB key.
I dont know if I did anything wrong, but basically what I have now is a USB key which cannot be read by the OS. If I launch VC instead, I can mount the outer or the inner volume, depending on the password. Is it right?
What I think is a bit suspect is: the fact that the USB key being apparently not even formatted is suspicious by itself.
Is it possible to skip the outer volume creation, just have some plain files in the partition, and when/if one uses VC to mount the device, I can see the hidden partition?
I hope I made myself clear, I'm not an expert at all on this topics...
Alessandro
First things first: when you insert a new drive eg a USB key into a Windows system, Windows allocates it a drive letter (usually the first available one) based on a hardware ID for the device which is hard-coded into a chip on the device. It will normally always retain that drive letter unless you change it eg in Windows Disk Management.
If you encrypt an entire drive eg a USB key with Veracrypt, Windows can no longer access its contents directly via a Windows system driver, only via the VC system driver. But the drive letter persists, because that's based on a hardware ID.
So the key shows up in eg Windows Disk Management as 'RAW' (ie unformatted), and if you do not remove the drive letter assigned to it in Windows (via Disk Management), you will be pestered by Windows to format it. If you remove the Windows drive letter assignment, it also then becomes free for VC to use ie in the VC GUI.
So, Windows thinks a VC-ed USB key isn't formatted, but that's because Windows no longer has direct access to its content.
This is an entirely separate issue from hidden volume creation. If that has been carried out successfully, yes, you can access either the outer or hidden volumes, depending on the password.
I applaud your sensible approach, to test how things work using a small device first (which saves a lot of time, apart from anything else) before entrusting your serious data to a big device, and possibly by some misunderstanding, losing it.
If we can help further with the hidden volume process, post back.
Thank you Adrian, I see what you mean...
What I was hoping to obtain was a more perfect plausible deniability:
if I'm carefully carrying around an apparently unformatted USB key, this fact marks me as somebody knowing about VeraCrypt, with a potentially crypted device. Of course I could provide the outer volume pwd to the Evil Guys (EG), but at this point I guess the EGs would imagine I also know about the hidden volume tech, and they would use on me the Brick on the Head cracking device, to open the hidden volume too.
I would have liked to have the possibility to have with me a device that was not advertising the fact that I even know what VeraCrypt is, and that what I have is an apparently plain, FAT formatted device with some boring files on it...
The only way I can see you acheiving what you want is to create a number of (not-too-large) encrypted file containers on your drive, where you can store your sensitive data, giving them bogus file extensions, and hiding them in amongst a. either other genuine files with those extensions eg (innocent) video files or b. deep down in a directory tree.
Note that the wise use of even the hidden volume feature requires that your hidden volume be not too large a percentage of the outer volume, and that the outer volume contains a lot of 'sensitive-looking' but 'harmless' files if revealed.
Both of these approaches rely on 'security through obscurity'! It's a sensible precaution, and one possible link in a chain of actions that can help protect your data.
I'm lucky, I live in the UK, I don't (particularly) have to fear my government, or organised crime. I'm just trying to protect eg my everyday personal data (address book, account credentials, financial accounts etc) from accidentally falling into the wrong hands if I lose the USB stick on which it is stored, and which I carry around with me. (Thought even in the UK, there appears to be a view emerging that use of encryption is prima facie evidence that you are up to something nefarious!)
I have nothing but sympathy for those who live under oppressive regimes, where those in power fear their people, and are suspicious of, and try to control, everything they do or say, or even think. Covert encryption can clearly be a matter of life or death. But ultimately, it is impossible to ensure you cannot be coerced to divulge your secrets.