Encrypt Your USB Drive with TrueCrypt
Last week, on the new MacHaxor site, I explained how to create an encrypted disk image on a mac, but there are similar tools available for Linux. TrueCrypt allows you to make all kinds of encrypted containers, but one of the most interesting is a hidden partition. The trick here is to convert all of the space on a USB stick into an TrueCrypt container with a handful of interesting looking, but ultimately fake sensitive documents on it. This container is a genuine encrypted container secured by a strong passphrase. Under normal circumstances, the rest of the space on a TrueCrypt volume is always filled with random data, but when you create a hidden partition in that same space instead, it is not really random, but actually another encrypted volume with a different passphrase, inside which you can safely store your real sensitive documents.
Why bother with all that? Whenever you need access to the hidden partition, you can mount it by supplying the main passphrase. But, let’s say that someone discovers that you have all your bank account details on here, and holds a gun to your head to make you reveal the password, so that they can steal your life savings… if you give them the passphrase for the decoy partition, then only the fake sensitive documents will be decrypted and mounted.
Once you have downloaded TrueCrypt, and plugged in your USB stick, creating the fake encrypted volume with a hidden partition is very straight forward:
- Start the Volume Creation Wizard, and select Create a volume within a partition/device option, then click Next.
- Choose the location of your unmounted USB device. I’m using a micro-SD card in a USB adaptor, which shows up on Linux as
/dev/mmcblk0for me. - Choose an encryption and hashing algorithm - the default AES and RIPEMD-60 make good choices.
- Select a password for the fake outer volume.
- Wiggle the mouse to generate some random data to seed the encryption process, and press the Format button when you’re done.
- TrueCrypt will now mount the outer volume. You should copy the decoy documents you created earlier now, since changing the contents of this volume later will likely corrupt the other partition.
- After analyzing the files you’ve added, TrueCrypt will tell you how much free space there is left over to use for your hidden partition. And then go through the same creation steps all over again to create it.
TrueCrypt is available for Windows and Mac OS X as well as Linux, which is invaluable if you want to move your encrypted memory stick between machines with different operating systems.
Loading ...
I don’t get it: Wouldn’t the decoy partition be substantially smaller than the actual size of the flash drive, which is printed on the side in most cases? I can’t imagine anyone who wants the data so badly they’re holding you hostage would miss something as obvious as that.
Or does TrueCrypt somehow account for this with trickery?
Yes, which is why it’s possible to corrupt the hidden partition if you write data to the decoy partition.
From the TrueCrypt site.
As of TrueCrypt 4.0, it is possible to write data to an outer volume without risking that a hidden volume within it will get damaged (overwritten).
When mounting an outer volume, the user can enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected (until the outer volume is dismounted).
unless you provide password for the hidden partition, it seems that the decoy one occupies whole available space
Yes. When the ‘outer’ volume is mounted, the space that is used by the hidden partition looks like unused free space on the drive (full of random bits to make usage analysis more difficult than if it was full of zeros).
Of course, when you mount the hidden volume, than it is somewhat smaller than the full size available on the drive otherwise, since that is taken up by the decoy files and double the overhead for the filesystem and the partition headers…
It asks for admin rights and prompts for a password, but out of security concerns, my day-to-day account is not an admin. It should provide the standard, user/password challenge and not assume the user is an admin. A bit surprising a security app like Truecrypt does not take this into consideration.
I’ve never understood the desire to encrypt a usb drive or something similar, why not just use a traditional lock and don’t risk losing your data.
“I’ve never understood the desire to encrypt a usb drive or something similar, why not just use a traditional lock and don’t risk losing your data.”
Because if someone steals your things the data will still be useless to them
if it’s encrypted. DUH!
yeah, i always have trouble with usb