Hacker News new | past | comments | ask | show | jobs | submit login

VeraCrypt has a hidden volume mode where an inner encrypted volume is stored within the contents of an outer hidden volume, and the inner volume is indistinguishable from random data when the outer volume is decrypted for plausible deniability.



IIRC the configuration that allows hidden volumes is distinguishable from the basic configuration, so they could tell if there's the potential for a hidden drive to exist. If so, they could assume the hidden container exists and throw you in jail if you don't produce a password that unlocks one.

If the format schemes are indistinguishable that's good news.


If it is distinguishable, then it has no point.

If it is indistinguishable then you run the risk of losing data in the nested container if you copy enough data (accidentally) on the outer container.

Not sure which is the case with veracrypt though.


It's indistinguishable but there's a way to put in both passwords while using the outer container so it prevents overwriting the inner one.


IIRC free space on the outer volume has to be continuous―normally at the end of the fs. I.e. the volume will look like it's not used too extensively. Which I guess may or may not look suspicious depending on your claimed use-case.


The recommended practice is multiple hidden volumes. "Oh no, you made me decrypt this volume that contains inappropriate photos!"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: