Truecrypt,encrypt whole hard drive or not?

So here is my problem, i don't find info on which option is best. Let's say theorically i have sensitive content that the best hacker,extortor in the world wants. (yes im paranoid

Now i put that content on an external drive so i never connect to the internet with it turned on.

Now i have 2 otpions

a)put the files inside hidden folders of 4Gb each, Each folder is hidden and encrypted under a big .mov file. So if the extortor finds my hard drive, he will maybe not notice those .mov files that aren't real and he will move on. but if he have time i will easily finds them...

b)encrypt my whole drive but then the extortor knows i am hiding something and can brute force...

So what is the best option i have, also tell me if you think of an other option

thanks

 

Well, as TrueCrypt cannot encrypt an external drive in whole (that is, encrypt without creating a container file), it sure can be suspicious having a file for the size of a drive, that serves no apparent reason. But you can claim that it is some temporary file or something, and name the file accordingly, for example "tmp-fg4446.bak" or something like that.

You can also try encrypting your external drive with DiskCryptor, which can encrypt a drive in whole (no container file), and version 0.4 of the program is even compatible with TrueCrypt, so you would be able mount your fully encrypted external drive in TrueCrypt.

 

Are you sure about that estra? I TC Encrypted 3 external drives, at the partition level (not device, but that was to prevent Disk Initialization prompts and possible header corruption every time I plugged it in).

And I would suggest encrypting the partition personally. You can always claim that it was recently wiped as you no longer needed it and were going to store/sell it OR admit that its encrypted and tell them good luck on brute forcing it. (Don't use 'password' as the password in this case.)

As long as you don't use a stupid password, TrueCrypt effectively can't be brute forced. (Nothing prevents trying, but the keyspace is so enormous all of the processing power in the world working on it would still take years.)

 

You better not do that if you are talking to a law officer or judge. The TC developers stamp "TrueCrypt Boot Loader" in the first sector of your hard drive and if you tell someone that and they have half a brain, you may be accused of lying to a police officer or purjury. Which begs the question, if you lied about that, then what else are you lying about?


ê^^|^@^@ TrueCrypt Boot Loader^M
^@ú3À~NØ~Nм^@|ûö^F¶}^Au^G~M6^E|èÜ^@¸^@~P~A>^S^D[^B}^N¸^@~H~A>^S^D;^B}^C¸^@ ~NÀ2À¿^@^A¹ÿjüóª~LÀ-^@^H~NÀ±^B°^D»^@^Aè´^@f3Û¾^@^A¹^@^Hèº^@fS»^@^M±^F°9ö

 

I was, and still am, under the impression that should only appear on System Encrypted drives. Containers, even partition and device, should not have anything that obvious. That contradicts the concept of plausible deniability.

Actually, just (Against documentation only) verified that is the case. If you read the documentation here they do state that containers be it file, partition, or device encryption do not have any telltale signs. They do make exception that System Encrypted partitions, meaning if you encrypt your Windows drive DO have the TC bootloader on the disk, but it is required to actually make use of the disk. (Also, if I recall, you may be able to overwrite the bootloader and boot from the Rescue CD directly, but I could be wrong on that.)

From our conversation above however, that won't come into play with an external drive.

 

The "best hacker/extorter in the world" would simply plant a keylogger on your system and harvest your password/keyfiles/master key/whatever the next time you accessed the container, to be quietly delivered to him the next time you accessed the internet. Or numerous variations on that theme.

If your data requires that much protection then you should be using a separate computer that is never connected to the internet or to any other high-risk resources. You also need to provide airtight physical security in order to prevent hidden cameras, hardware keyloggers etc. from being installed.

Keep in mind that if you are being specifically targeted then you will never be able to defend against the so-called best hackers in the world. So don't kid yourself into thinking that it's possible.

Also, be aware that hiding encrypted data is considerably harder than encrypting it in the first place. You might want to look into the hidden volume feature of TrueCrypt to see if this off-the-shelf approach meets your needs. But please tone down your expectations a bit. Like many other things in life, security is relative.

 

Huh... It seems that I haven't looked at TrueCrypt in depth for a while then. My bad.

Though I could not do that now on my WinXP box, as TrueCrypt said that: "In-place encryption of non-system volumes is not supported on the version of the operating system you are currently using (it is supported only on Windows Vista and later versions of Windows)." But I have used my external 2.5" HDD encrypted with DiskCryptor 0.4 (but which I mostly mount with TrueCrypt, so to use one program when I need to mount container files as well) without any issues on WinXP for quite a while.