- How-To Booklet
- 1. How to protect your computer from malware and hackers
- 2. How to protect your information from physical threats
- 3. How to create and maintain secure passwords
- 4. How to protect the sensitive files on your computer
- 5. How to recover from information loss
- 6. How to destroy sensitive information
- 7. How to keep your Internet communication private
- 8. How to remain anonymous and bypass censorship on the Internet
- Glossary
- Hands-On Guides
- Avast - anti-virus
- Spybot - anti-spyware
- Comodo - firewall
- KeePass - secure password storage
- TrueCrypt - secure file storage
- Cobian - backup
- Undelete Plus - file recovery
- Eraser - secure file removal
- CCleaner - temporary file removal
- Riseup - secure email service
- Pidgin + OTR - secure instant messaging
- VaultletSuite - secure mail client
- Thunderbird + Enigmail - secure mail client
- Firefox - Web browser
- Tor - anonymity and circumvention
- portable security
Hidden Volumes
Submitted by genner on Fri, 11/21/2008 - 18:59.
In TrueCrypt, a Hidden Volume is stored within your encrypted Standard Volume, but its existence is concealed. Even when you mount or open your Standard Volume it is not possible either to find or to prove the existence of the hidden volume. If you are forced to give up your password and the location of your Standard Volume, then its content may be revealed, but not the existence of the Hidden Volume within.
Imagine a briefcase with a false bottom. You keep files that you do not mind losing or having confiscated in the normal section of your briefcase, and you keep the important and private files in the false compartment. The point of the secret compartment (especially a well-designed one) is to hide its own existence and therefore, the documents within it. This concept defines the TrueCrypt Hidden Volumes.
5.1 How to a Create a Hidden Volume
The creation of a TrueCrypt Hidden Volume is similar to creating a TrueCrypt Standard Volume: Some panes, screens and windows even appear to be the same.
Step 1. Start the TrueCrypt program
Step 2. Click: 
Step 3. Click: 
in the Volume Creation Wizard to select the 'Create an encrypted file container' option
Step 4. Check the Create a hidden TrueCrypt volume option as follows:
Figure 19: The Create a hidden TrueCrypt volume option
Step 5. Click: 
You will then be prompted to choose either Direct Mode: of creating the Hidden Volume within an existing Standard Volume, or Normal Mode: that will create a completely new Standard Volume in which to store the Hidden Volume. For this example, we will use the Direct Mode.
Note: If you would rather start a new Standard Volume, please repeat the process from Section 2.1 How to Create a Standard Volume.
Figure 20: The Wizard Mode pane
Step 6. Check the Create a hidden volume within an existing TrueCrypt volume option.
Step 7. Click:
Step 8. Select the My Volume file located within the My Documents folder, that you created during the Standard Volume tutorial.
Note: Make sure the Standard Volume is unmounted before selecting it.
Step 9. Click: 
Figure 21: The Specify Path and File Name window
Step 10. Locate the volume file using the Specify Path and File Name window.
Step 11. Click: 
The Specify Path and File Name screen closes, returning you to the TrueCrypt screen.
Step 12. Click: 
In the next screen, you are prompted for the password you used when creating the Standard Volume.
Step 13. Type your password into the Password and text field.
A message screen appears after you have correctly entered your passwords saying that the TrueCrypt program will now examine the Standard Volume and determine how much space there is (if any) to create a Hidden Volume.
Step 14. Click:
The following screen confirms the last few steps taken, and lets you know what the next steps will be.
Step 15. Click:
Figure 22: The Hidden Volume Encryptions options pane
This screen looks familiar because it appeared when creating a Standard Volume in section 2. We must now choose an encryption method for our Hidden Volume.
Step 16. Select an Encryption Algorithm and Hash Algorithm for your Hidden Volume
Tip: Select a different algorithm for the Hidden Volume from the one you chose for the Standard Volume.
Step 17. Click:
Figure 23: The Hidden Volume Size pane
You will be prompted to specify the size of the Hidden Volume.
Note: Consider the kind of documents, their quantity and size that need to be stored. Remember to leave some space for the Standard Volume. If you select the maximum size available for the Hidden Volume, you will not be able to put any more new files into the original Standard Volume.
If your Standard Volume is 10 Megabytes(MB) in size and you specify a Hidden Volume size of 5MB, you will end up with two volumes (one Hidden and one Standard) of 5MB each.
You must make sure that the information you store in the Standard Volume does not exceed the 5MB you have chosen. This is because the TrueCrypt program itself does not automatically detect the existence of the Hidden Volume, and it could accidentally overwrite it. You will risk losing all files stored in the Hidden Volume if you exceed your previously established size.
Step 18. Type the hidden volume size you want into the text box as above (we choose 5MB for our example).
Step 19. Click:
Now you have to create a password for the Hidden Volume. Again, remember to choose a strong password. Please refer to the KeePass chapter to learn more about creating strong passwords. In addition, the password must be different from the one you created for the Standard Volume.
Tip: If you foresee a situation where you may be forced to reveal the contents of your TrueCrypt Volume, then create a password that you can remember for the Standard Volume and a secure password, to store in KeePass, for the Hidden Volume. This will help to conceal the existence of the Hidden Volume.
Step 20. Create your password and type it in twice.
Step 21.Click:
Figure 24: The Hidden Volume Format pane
Leave the default File System and Cluster options as they are.
Step 22. Move the mouse cursor around the screen to generate random data.
Step 23. Click: 
When the Hidden Volume has been formatted, this warning screen will appear as follows:
Figure 25: The Volume Creation Wizard message screen
Warning: You are being advised of the danger of overwriting files in the Hidden Volume when storing files in the Standard Volume.
A message screen appears notifying you that the The Hidden Volume has been successfully created.
Step 24. Click: 
The Hidden Volume has now been created inside your Standard Volume. This now allows you to store documents, hidden within your Standard Volume, that are invisible even to someone who has the password for that particular Standard Volume.
5.2 How to Mount the Hidden Volume
Now that we have created the Hidden Volume, how do we access it? The answer is easy: Exactly the same way you would access the Standard Volume! However, we will use the password for the Hidden Volume rather than the password for the Standard Volume. This is how TrueCrypt determines whether to open the Hidden Volume, or the Standard Volume.
To 'mount' or open the Hidden Volume, follow these steps:
Figure 26: A mount drive selected in the TrueCrypt Volume screen
Step 1. Select: A drive letter, for example 'K:'
Step 2. Click:
The Select a TrueCrypt Volume screen will appear shortly.
Step 3. Locate then select the file that is your TrueCrypt volume.
Step 4. Click:
The Select a TrueCrypt Volume screen closes, returning you to the TrueCrypt main screen.
Step 5. Click: 
, activating the Enter Password for prompt screen as follows:
Figure 27: The Enter Password screen
Step 6. Type the password you used to create the Hidden Volume.
The Hidden Volume is now mounted (or opened).
Your will see an entry like this on your TrueCrypt screen:
Figure 28: The TrueCrypt main screen displaying the newly mounted Standard Volume
This displays the following information:
- The Location - C:\My Documents\My Volume
- The Size - 5.0MB
- The Encryption Algorithm: - AES-TwoFish-Serpent
- The Volume Type - Hidden
To access the Hidden Volume, either:
Step 1. Double-click on this entry or access through the My Computer window.
Step 2. Double-click the corresponding drive letter (in this example, it is the letter K).
5.3 Tips on How to Use the Hidden Disk Feature Securely
The purpose of the hidden disk feature is to escape a potentially dangerous situation by appearing to hand over your encrypted files, when someone in a position of power demands to see them, without actually being forced to reveal your most sensitive information. In addition to protecting your data, this may allow you to avoid further jeopardising your own safety or exposing your colleagues and partners. For this technique to be effecitve, you must create a situation where the person demanding to see your files will be satisfied by what you show them and let you go.
In order to do this, you may want to implement some of the following suggestions:
- Put some confidential documents that you do not mind exposing in the Standard Volume. This information must be sensitive enough that it makes sense for you to keep it in an encrypted volume.
- Be aware that someone who is demanding to see your files may know of TrueCrypt's ability to create Hidden Volumes. If you are using TrueCrypt correctly, however, this person will not be able to prove that your Hidden Volume exists, which will make your denial more believable.
- Update the files in the Standard Volume on a weekly basis. This will createe the impression that you really are using those files
Whenever you mount a TrueCrypt volume, you can choose to enable the Protect hidden volume against damage caused by writing to outer volume feature. This is a very important option that allows you to add new 'decoy' files to your Standard Volume without worrying that you might accidentally delete and replace the encrypted contents of your Hidden Volume. As mentioned earlier, exceeding the storage limit on your Standard Volume may otherwise destroy your hidden files. You should never enable the Protect hidden volume option when forced by someone else to mount a TrueCrypt volume, because doing so requires you to enter the secret password to your Hidden Volume and will clearly reveal that volume's existence. When you are updating your 'decoy' files in private, however, you should always enable this option.
To use the Protect hidden volume feature, perform the following steps.
Step 1. Click the Mount Options button on the Enter Password prompt shown in Figure 27, above. This will reveal the Mount Options Window, as follows:
Figure 29: The Mount Options window
Step 2. Check the Protect hidden volume against damage caused by writing to outer volume option.
Step 3. Type the password you chose for your Hidden Volume
Step 4. Click OK
Step 5. Continue with the process of mounting your Standard Volume. When it is successfully mounted , you will be able to add 'decoy' files without damaging your Hidden Volume
Step 6. Remember to dismount your Standard Volume when you are done modifying its contents.
Remember, you only need to do this when you are updating the files in your Standard Volume. When revealing your Standard Volume to someone else, you should not use the Protect hidden volume feature.