39
anyone who would force you to hand over the password. You will reveal only the password for the
outer volume, not for the hidden one. Files that really are sensitive will be
stored on the hidden
volume.
A hidden volume can be mounted the same way as a standard TrueCrypt volume: Click
Select File
or
Select Device
to select the outer/host volume (important: make sure the volume is
not
mounted).
Then click
Mount
, and enter the password for the hidden volume. Whether the hidden or the outer
volume will be mounted is determined by the entered password (i.e., when you enter the password
for the outer volume, then the
outer volume will be mounted; when you enter the password for the
hidden volume, the hidden volume will be mounted).
TrueCrypt first attempts to decrypt the standard volume header using the entered password. If it
fails, it loads the area of the volume where a hidden volume header can be stored (i.e. bytes
65536–131071, which contain solely random data when there is no hidden volume within the
volume) to RAM and attempts to decrypt it using the entered password. Note that hidden volume
headers cannot be identified, as they appear to consist entirely of random data.
If the header is
successfully decrypted (for information on how TrueCrypt determines that it was successfully
decrypted, see the section
Encryption Scheme
), the information about the size of the hidden
volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden
volume is mounted (its size also determines its offset).
A hidden volume can be created within any type of TrueCrypt volume, i.e., within a file-hosted
volume or partition/device-hosted volume (requires administrator privileges).
To create a hidden
TrueCrypt volume, click on
Create Volume
in the main program window and select
Create a hidden
TrueCrypt volume
. The Wizard will provide help and all information necessary to successfully
create a hidden TrueCrypt volume.
When creating a hidden volume, it may be very difficult or even impossible for an inexperienced
user to set the size of the hidden volume such that the hidden volume does not overwrite data on
the outer volume. Therefore, the Volume Creation Wizard automatically scans the
cluster bitmap of
the outer volume (before the hidden volume is created within it) and determines the maximum
possible size of the hidden volume.
*
If there are any problems when creating a hidden volume, refer to
the chapter
Troubleshooting
for
possible solutions.
Note that it is also possible to create and boot an operating system residing in a hidden volume
(see the section
Hidden Operating System
in the chapter
Plausible Deniability
).
* The wizard scans the cluster bitmap to determine the size of the uninterrupted area of free space (if there is any) whose
end is aligned with the end of the outer volume. This area accommodates the hidden volume and therefore the size of
this area limits the maximum possible size of the hidden volume. On Linux and Mac OS X, the wizard actually does not
scan the cluster bitmap, but the driver detects any data written to the outer volume and uses their position as previously
described.