From d8fbf4302218f93eb0a918949611ee43db1a94c5 Mon Sep 17 00:00:00 2001 From: wagner Date: Tue, 2 Jul 2013 03:00:02 +0200 Subject: [PATCH] Added comment that a hidden volume is unprotected against changes in its outer volume and hence the outer volume should not be mounted. --- man/cryptsetup.8 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 0779093..688d169 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -417,6 +417,19 @@ device not the system partition as the device parameter. To use hidden header (and map hidden device, if available), use \fB\-\-tcrypt-hidden\fR option. + +\fBNote:\fR There is no protection for a hidden volume if +the outer volume is mounted. The reason is that if there +were any protection, it would require some metadata describing +what to protect in the outer volume and the hidden volume would +become detectable. This is not a cryptsetup limitation, it is +a limitation of how hidden volumes are implemented in TrueCrypt. +The way to deal with this is not to mount the outer volume after +a hidden volume has been created in it. +This, in turn, causes the problem that after a while all time-stamps +in the outer volume become old and it becomes obvious that +it is unused. This may cause suspicion in itself. + .PP \fIopen\fR \-\-type tcrypt .br -- 2.7.4