Rusty's Advanced Encryption Tutorial

Intro

*Note:* If you are outside the United States of America, live in a country currently embargoed by the US, or live in a country where you face oppression and a crazy scary government (like North Korea) it's most likely illegal to use the software below. But then who am I to stop you :D

This tutorial will walk you through the necessary steps for creating a HIDDEN encrypted volume where you can store your personal information and things you don't want others to have access to. In addition the setup will give you the benefit of plausible deniability so that if you are forced to divulge your password they other party will only have access to the Outer Volume and the dummy files located there. They will have absolutely NO WAY of telling that there is a hidden Inner Volume that contains your absolutely most top secret files. The way it works is that we create an Outer Volume in TrueCrypt and inside that is located a HIDDEN Inner Volume. The way you mount the Hidden Volume is just the same as the Outer Volume only that you simply type in the password for the Hidden Volume instead. If you have tips or comments feel free to reach me by email via email

Things you'll need:
A Working Internet connection
TrueCrypt

*Note:* There are two ways of creating a Hidden Volume. It can either be located inside a TrueCrypt file, which will allow you to easily move the file about (say from PC to PC via DVD/CD or flash drive) or it can be located inside a Partition of your Hard Drive or Flash Drive. However the most common is to use either a Hidden Volume in a TrueCrypt file or to use a Partition on a Hard Drive. Of special note is that unless you have already partitioned up your Hard Drive into smaller partitions the option you should follow is using a Hidden Volume in a TrueCrypt file. Partitioning a drive requires either specialized software such as Partition Magic, and or advanced knowledge of resizing partitions that were created BEFORE installation of your current operating system. The advantages of setting up a Hidden TrueCrypt Volume in a partition is that if you have a dual boot system you will be able to view the Hidden Volume from either operating system, the increased available size of the Hidden Volume as well as the increase in speed since you are reading and writing directly to the hard drive and not a flash drive.

If you are completely lost at this point I suggest taking a read of my Basic Encryption Tutorial. It will help familiarize you with the fundamentals of encryption and getting a standard TrueCrypt Volume setup and working.

Option One - A Hidden Volume in a TrueCrypt File

This option will give you increased security and plausible deniability. The upside is portability in that you can store and move the Outer Volume TrueCrypt file around from PC to PC as needed, whether by CD, DVD, Flash Drive, Hard Drive or even uploading it to a secure online storage center. The downside is that you will have a little bit of decreased speed because the PC is writing and reading to an external storage device.

Step 1 - Creating a New Volume

*Note:* When you create a Hidden Volume it will be stored and spread out at random all across your Outer Volume (what the Hidden Volume goes inside). Therefore you should go ahead and put some bogus decoy files in the Outer Volume. You could put things like a printout of your free credit report, receipts from online purchases etc or other things that you wouldn't necessarily mind giving up to someone else under duress. So go ahead and put some bogus files in there now. If you can't come up with anything, just save a few dozen porno pix and put them in the Outer Volume.

enc_30
From TrueCrypt's main window select Volumes >> Create New Volume.

enc_31
Next we obviously want to make a hidden TrueCrypt Volume.

enc_32
Here we are going to ASSUME that you have ALREADY CREATED a TrueCrypt volume from my other thread - Rusty's Encryption Tutorial. If not go there now and follow those steps and then come back here. Select the bottom option Create a hidden volume within an existing TrueCrypt Volume.

*Note:* When you create the hidden TrueCrypt volume you will obviously be limited by the size of the Outer/Unhidden TrueCrypt volume and therefore the hidden volume can't be larger than the Outer Volume.

enc_33
Here is where we select the file that our TrueCrypt volume is located within. In my case it's the one I used before secure.tc

enc_34
Once you have the TrueCrypt file selected click on the Next button.

enc_35
Enter in your password that you created previously for your TrueCrypt volume. This volume will henceforth be referred to as the Outer Volume. Click Next when you're ready.

enc_36
Read what it says and then click Next.

enc_37
Here you can select your encryption options. I selected Serpent for my encryption and SHA-1 for my hash algorithm. You can pick whatever you want.

enc_38
Here you see I'm setting the size for the Hidden Volume to 200MB (which is smaller than, and will fit inside my 500MB Outer Volume I created earlier in the other Tutorial).

enc_39
Here is where you enter in your Hidden Volume password. I want to stress how ABSOLUTELY VITAL it is to create a good strong password. Use letters & numbers, upper-case & lower-case and special characters. An easy way to come up with passwords is to use the first letter of things that are important to you and mix them up with numbers from important dates. But remember to mix it all up. Longer passwords are better as well. If you're password is too short it will be susceptible to brute-force attacks. This is where every single combination of letters & numbers is tried. Pretty much any password less than 6 digits is worthless. All of my passwords have at least 13 characters or more. This is your Hidden Volume obviously it's worth a lot to you since you're going to all this trouble to hide it. Don't ruin the whole thing by having a bullshit password.

enc_40
Here they are warning you to NOT USE the Outer Volume because you can potentially over-write data that's stored in the Hidden Volume. Because the data is stored at different locations at random in the Outer Volume there's no way to Mount the Outer Volume and know for sure you aren't writing data on top of and damaging the Hidden Volume.

enc_41
Here we are done with the Hidden Volume creation you can simply click Exit.

enc_19
Here we want to click Select File.

enc_42
The Outer Volume is selected. Yes the OUTER VOLUME, remember the Hidden Volume is just that Hidden, so we'll always select the Outer Volume to get to the Hidden Volume.

enc_43
Now that we have the TrueCrypt file selected we need to Mount it, click on Mount.

enc_44
And enter the password that you entered for the HIDDEN VOLUME, not the Outer Volume. If you are forced to give your password give them the password for the OUTER VOLUME and your secure files will stay safely hidden in the Hidden Volume.

enc_45
Here we can see that the 200MB Serpent encrypted Hidden Volume has been successfully mounted. Once you are done working with your files you'll again want to click Dismount and then Exit the program.

Option Two - A Hidden Volume in a Partition

This option will again give you increased security and plausible deniability. The upside is the increased read & write speeds as the Hidden Volume is writing directly to and from the hard drive. The downside is that it is NOT portable you cannot take the partition with you because it's stored on the drive that the partition is located on. However you could potentially partition out an external hard drive and this method would be portable, however again you would take a hit in the speed performance area. Another benefit of using a partition is the large amounts of space available. If you were to use a file instead of a partition the size of the file would be limited to whatever the file was stored on as well as operating system file size limits. However none of those restrains are in place for partitions, what this means for you is that you can have a 20GB hidden volume on a partition; i.e. lots of room to grow.

enc_30
Again we'll select Volumes >> Create New Volume from the main TrueCrypt window.

enc_46
In this case we are going to click on Select Device.

enc_47
Here you can see that I have a small 3.4GB partition set aside out of my hard drive, I select it and click OK.

enc_48
Here TrueCrypt is warning you that this is a slightly more advanced configuration and that if you are an idiot and select the wrong partition have have the chance of erasing large numbers of files and nuking your entire computer. Check and double check that you've got the right partition selected. If you're the least bit uncomfortable stop here and just work with Option One list above.

enc_49
Now that we have the device selected click Next.

enc_50
Click Next to get past this window.

enc_51
Here we select the encryption options for the Outer Volume. Click Next when you're ready.

enc_52
Here you are notified that the size of the partition cannot be modified and notified of the size of the Outer Volume.

enc_53
Enter in a secure Outer Volume password.

enc_54
Here you are warned that any and all files currently on the partition are going to be erased and lost. Again if you're not sure STOP NOW! Click yes if you are confident you know what you're doing.

enc_55
Here we can see the progress of the Outer Volume formatting process.

enc_56
Once the Outer Volume has been created the next step will be the creation of the Hidden Volume.

enc_57
Just click Next.

enc_58
I decided to do a benchmark that was relatively realistic. I selected the 500MB buffer size and clicked on Benchmark. If you pick this option be prepared for TrueCrypt to "Not Respond" for about 90 seconds as it benchmarks the different speeds for each one of the encryption options. I decided that a compound of AES-Twofish was secure enough and fast enough for my needs.

enc_59
Click Next to continue.

enc_60
Here I am specifying the total size of my Hidden Volume size, 3000MB which will end up being right around 2.9GB.

enc_61
Here is a stupid warning. It's saying that you should pick a smaller size to be able to add files to the Outer Volume in the future. However if you use the Hidden Volume and leave files in it, then at a later date add more files to the Outer Volume you run a risk of ruining and damaging all the data in the Hidden Volume. Just lick Yes, and continue.

enc_62
Here is where you enter in your Hidden Volume password. I want to stress how ABSOLUTELY VITAL it is to create a good strong password. Use letters & numbers, upper-case & lower-case and special characters. An easy way to come up with passwords is to use the first letter of things that are important to you and mix them up with numbers from important dates. But remember to mix it all up. Longer passwords are better as well. If you're password is too short it will be susceptible to brute-force attacks. This is where every single combination of letters & numbers is tried. Pretty much any password less than 6 digits is worthless. All of my passwords have at least 13 characters or more. This is your Hidden Volume obviously it's worth a lot to you since you're going to all this trouble to hide it. Don't ruin the whole thing by having a bullshit password.

enc_63
Even TrueCrypt considers an 11 digit password as weak.

enc_64
Here you are warned NOT to use the Drive letter where the Hidden Volume is stored, in this case drive D. And also warned that if you no longer need the encrypted volume that you can format it. Click OK.

enc_65
Here is another warning. It's saying that you should protect the Hidden Volume else if you write data to the Outer Volume at a later date you run a risk of ruining and damaging all the data in the Hidden Volume. To be safe just don't put anything in the Outer Volume once you've put files in the Hidden Volume.

enc_66
And now we're going to Select the Device that we need to Mount.

enc_67
Here you can see again that I've selected drive D which is 3.4GB.


This is just like before. If you still have not added some bogus or decoy files to the Outer Volume then enter the Outer Volume password at this time and do that. If you already have your decoy files in place then from here on out always enter the Hidden Volume password.

enc_69
And here you can see that my hard drive partition has been successfully mounted as a Hidden Volume with AES-Twofish encryption and is 2.9GB in size.

enc_70
At this point you can go ahead and click exit and TrueCrypt will still be running in the System Tray. You can access and use your Hidden Volume from the drive letter that you selected prior to Mounting the drive, in my case Drive T.

enc_71
When you're all finished Right Click on the TrueCrypt icon in the lower right corner and select Dismount All Mounted Volumes.

enc_26
And lastly click Exit to close out the TrueCrypt program itself.

If you've followed these directions carefully you've set yourself up with some extremely strong encryption that even the FBI/NSA will have a little bit of trouble getting through (if they can at all). However remember that security is only as good as the user. Make sure that your system is clean by running weekly if not daily virus scans to check for the presence of virii or trojans that can capture your keystrokes.

Enjoy and be safe. Till next time.