Last week, on the new MacHaxor site, I explained how to create an encrypted disk image on a mac, but there are similar tools available for Linux. TrueCrypt allows you to make all kinds of encrypted containers, but one of the most interesting is a hidden partition. The trick here is to convert all of the space on a USB stick into an TrueCrypt container with a handful of interesting looking, but ultimately fake sensitive documents on it. This container is a genuine encrypted container secured by a strong passphrase. Under normal circumstances, the rest of the space on a TrueCrypt volume is always filled with random data, but when you create a hidden partition in that same space instead, it is not really random, but actually another encrypted volume with a different passphrase, inside which you can safely store your real sensitive documents.
Why bother with all that? Whenever you need access to the hidden partition, you can mount it by supplying the main passphrase. But, let’s say that someone discovers that you have all your bank account details on here, and holds a gun to your head to make you reveal the password, so that they can steal your life savings… if you give them the passphrase for the decoy partition, then only the fake sensitive documents will be decrypted and mounted.
Once you have downloaded TrueCrypt, and plugged in your USB stick, creating the fake encrypted volume with a hidden partition is very straight forward:
- Start the Volume Creation Wizard, and select Create a volume within a partition/device option, then click Next.
- Choose the location of your unmounted USB device. I’m using a micro-SD card in a USB adaptor, which shows up on Linux as
- Choose an encryption and hashing algorithm – the default AES and RIPEMD-60 make good choices.
- Select a password for the fake outer volume.
- Wiggle the mouse to generate some random data to seed the encryption process, and press the Format button when you’re done.
- TrueCrypt will now mount the outer volume. You should copy the decoy documents you created earlier now, since changing the contents of this volume later will likely corrupt the other partition.
- After analyzing the files you’ve added, TrueCrypt will tell you how much free space there is left over to use for your hidden partition. And then go through the same creation steps all over again to create it.
TrueCrypt is available for Windows and Mac OS X as well as Linux, which is invaluable if you want to move your encrypted memory stick between machines with different operating systems.