Hi Ferenc, > check out the link in the last mail, seems to be what you are looking after. > http://www.truecrypt.org/docs/?s=hidden-volume > http://www.truecrypt.org/docs/?s=hidden-operating-system
Thanks I did read the first link at least. This doesn't prevent detection of *something else* on that disk though. Once you give an investigator the key to the first partition/layer of encrypted data, they can either see that the partition inside is too small, or if the encrypted volume is within that volume in some way, write a bunch of files and see when allocated space hits a wall. One way or another, TruCrypt has to prevent the hidden partition from being overwritten. This is why I was saying that using compression (plus perhaps random disk access; mixing hidden blocks in with non-hidden ones) could help hide this discrepancy in sizes. However, the investigator can just run the machine under a debugger to see what is really going on to discover how much data should be left and where it should reside. I agree with Thor though, if done carefully there are several ways to argue "that's not mine" or "I forgot the password" or something similar. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
