a limitation of how hidden volumes are implemented in TrueCrypt.
The way to deal with this is not to mount the outer volume after
a hidden volume has been created in it.
-This, in turn, causes the problem that after a while all time-stamps
-in the outer volume become old and it becomes obvious that
-it is unused. This may cause suspicion in itself.
+This, in turn, causes the problem that after a while all
+time-stamps in the outer volume become old and it becomes obvious
+that it is unused. This may cause suspicion in itself.
+An alternative is to protect the area of the hidden volume
+from write access using the Device Mapper, e.g. by mapping it
+to the zero or error target. This corresponds to the protection
+mechanism present in TrueCrypt, but can cause filesystem
+annomalies and error messages in the system logs that reveal
+the presence of the hidden volume. For that reason, TrueCrypt
+sets both outer and hidden volume to read-only once a write
+that would have damaged the hidden volume is intercepted.
+They claim this preserves plausible deniability, but that
+claim seems doubtful, because it also limits possible
+changes to the outer volume and may result in truncated
+and damaged files.
.PP
\fIopen\fR \-\-type tcrypt <device> <name>
projects / platform / upstream / cryptsetup.git / commitdiff