How to: Using TrueCrypt 6 to hide an operating system

How to: Using TrueCrypt 6 to hide an operating system

Summary: When I read about a new release of TrueCrypt (open source, free ...), and found out that using this software you could essentially have a hidden OS and a visible OS both on the same PC, I was intrigued. Intrigued enough to take a look ...

SHARE:

When I read about a new release of TrueCrypt (open source, free ...), and found out that using this software you could essentially have a hidden OS and a visible OS both on the same PC, I was intrigued. Intrigued enough to take a look ...

TrueCrypt 6 Installation/Hidden OS image gallery

truecrypt_6_009_-sm.pngThe idea behind this new TrueCrypt feature is fascinating:

If your system partition or system drive is encrypted using TrueCrypt, you need to enter your pre-boot authentication password in the TrueCrypt Boot Loader screen after you turn on or restart your computer. It may happen that you are forced by somebody to decrypt the operating system or to reveal the pre-boot authentication password. There are many situations where you cannot refuse to do so (for example, due to extortion). TrueCrypt allows you to create a hidden operating system whose existence will be impossible to prove (provided that certain guidelines are followed — see below). Thus, you will not have to decrypt or reveal the password for the hidden operating system.

Sounds cool.

The theory -->

The theory

Before you can have a hidden OS you need to have your system set up a particular way. Specifically you need to have two partitions, the first containing your OS and a second (which must be 5% larger than the primary partition if it is formatted using FAT or 110% larger if formatted using NTFS). The second partition must be the first partition behind the primary one.

truecrypt_6_001_-sm.png

Setting up a hidden OS sounds more complicated than it actually is because the process is entirely wizard driven and it seems well laid out and robust. Once you've gone through the wizard you end up with the following system layout:

  • A boot loader is installed which allows you to boot into two different operating systems.
  • The first OS is called a decoy OS, which is the main OS that you boot into on the system. This OS resides on the primary partition. No sensitive stuff is stored on this OS.
  • The hidden OS, which is the one that contains sensitive material, is stored on the second partition inside a hidden TrueCrypt volume which resides inside an outer TrueCrypt volume wrapper.
  • Which OS you boot into depends on which password you end when starting the system up. However, because the hidden OS is stored on a TrueCrypt volume, its presence is undetectable unless you have the right password.
  • In order to make the outer wrapper that holds the hidden OS seem valid, you will need to add some sensitive-looking files to this volume.

truecrypt_6_012_-sm.png 

Going through this process leaves you with three passwords:

  • A password that allows access to the decoy OS - This is the password that you'll use when you want to access the regular, non-sensitive OS so when someone asks you for the boot-up password, you give them this.
  • A password that allows access the hidden OS - This is the password that you use to access the secret OS containing the secret data.
  • The password that allows access to the outer volume containing the hidden OS and also containing the sensitive-looking (but which are not in fact sensitive) files - This is the password that you hand over to someone should they want to know what's hidden inside the TrueCrypt volume.

In practice -->

In practice

In practice, setting up TrueCrypt to hide an OS isn't hard, but there are a number of things that you need to bear in mind before starting:

  • truecrypt_6_034_-sm.pngConsider carefully before starting whether you need the hassle of a hidden OS - it offers far more security than most people will ever need.
  • Get your partitions figured out in advance - to do this you may need to wipe your system and restart (if you've had secret data on your system then you should wipe your drives securely and reinstall the OS).
  • The process is quite involved and not something that you should attempt during a lunchtime!
  • Follow all the directions given to you by the wizard carefully - you don't want to foul up!
  • truecrypt_6_050_-sm.pngFigure out what your three different passwords are going to be in advance. Also, get yourself some sensitive-looking data ready. The robustness of your security relies on you having data in that outer volume (the one that contains the hidden OS) that looks sensitive enough to warrant having all that encryption loaded onto your system in the first place.
  • There's a LOT of on-screen reading, and it's vital that you understand what you are doing. I'd recommend reading the manual before starting, and also consulting the online documentation.
  • truecrypt_6_054_-sm.pngThe process of copying your operating system to the hidden volume can take a long time. It took me an hour to copy a clean Vista install on a fast PC. This process could take you hours!
  • To get the best security that TrueCrypt can offer you need to make sure that you follow all the best practices outlined in the manual.
  • If you lose a password you are in deep, deep trouble!
  • It might be a good idea to experiment with TrueCrypt on a virtual machine system before trying it out on a physical system. I know I felt much better about it after a dry run.
  • TrueCrypt 6 has some features that certainly seem impressive, but I have no way of knowing if these features are bullet-proof ... so use at your own risk!

TrueCrypt 6 download

<< Home >>

Topics: Operating Systems, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Those who need it

    Unfortunately, those who carry sensitive information about the rest of us (government and corporate types) are unlikely to use something like this, IMHO.
    bryantrv
  • Isn't TrueCrypt vulnerable to the "secret room" problem?

    Wouldn't the presence of the sooper-seekrit inner volume be discoverable because of the space it takes up?

    Say you have a 500GB drive. The BIOS will tell the bad guys the size of the drive, when you give them the outermost password they find a 100GB space, so they know something's up.

    So you give them the fake false space password and they find 200GB. So even if they don't know about TrueCrypt they'll know there's still a hidden room in your computer.

    Of course if they know about TrueCrypt they'll just demand all 3 passwords...

    Doesn't seem like this would be all that effective!
    wolf_z
    • Not really

      A truecrypt partition is automatically initialized to random bits, so it's impossible to tell by inspecting the bits.

      When logged in to the outer OS, the full disk size appears available, it just gives a generic disk error when you try to exceed the actual available space. I guess in theory, but it isn't as simple as counting the disk sizes.
      Eapache
    • I would agree. Marginally useful.

      Someone with even a moderate knowledge of computers and OSes would be able to figure out something was up. And really, if someone has a knife to your throat saying give me the passwords, are you going to say no? Or, imagine a corp VP on the road calling into the Help Desk..."I can't remember my secret partition password, and need the presentation in an hour!" Many VPs are demanding babies and need their hand held when it comes to IT stuff. Ha! Good luck with that...
      jpr75_z
    • That's not how it works...

      In the decoy os, which is a fully functional securely encrypted OS in it's own right. You will obviously see the empty space on the drive occupied (in part) by the hidden OS. However, it is presented as an encrypted volume. The fact that it is an outer volume to an other hidden volume is undetectable. If your hidden volume is smaller than the outer volume, you can even put some files here so you just have a half empty disk partition. Nothing unusual in that. As for the demand for all 3 passwords, they don't necessarily exist. So you can deny the existence of the hidden volume and just persist that u simple have an encrypted OS with a second encrypted volume. (Which is another option of Trucrypt not discussed in this article). I would suggest to use the "decoy" OS from time to time, because it would be easy to verify that the OS is hardly ever used which would indicate a hidden OS to the tech savvy extortionist. Make sure the patches are up to date and you have some internet history or recent email activity on the decoy system if you want it to stand up to scrutiny.
      TechrepLath
  • Useful

    Besides hiding OSes, it may be useful for protecting personal data stored on easy to lose USB keys. No U3 or other special software or hardware required.

    And you can rest assured that it is truly encrypted, unlike this: http://www.heise-online.co.uk/security/Enclosed-but-not-encrypted--/features/110136.

    Perhaps some credit is due to these posts:

    http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=49383&messageID=924127&start=0

    http://talkback.zdnet.com/5208-12691-0.html?forumID=1&threadID=49383&messageID=924188&start=-9983

    Thanks.
    Earthling2
  • RE: How to: Using TrueCrypt 6 to hide an operating system

    Sounds a bit more involved to set up than the hidden and encrypted partitions on a Linux system I use. For example, all laptops I have contain a hidden and encrypted partition which is used for hiding sensitive materials.

    All that is required for me, is changing the FSTAB so as to show the system the partition exists. Then mount the partition and enter the password.

    But the truecrypt method seems a bit more efficient, once it's set up. I'll have to check it out. ]:)
    Linux User 147560
  • how about hiding a virtualized operating system

    one could create a virtualized disk in a true crypt file directory with vmware or virtual pc...you then install the operating system on the virtualized disk which is encrypted by truecrypt...

    A couple problems i see with this...first would be that any vituralized memory of the host os maybe non encrypted when the virtual drive is in use...this could leave trace information if some of guest operating system is installed in the virtual memory of the host; but you could turn off virtual memory so as to eliminate this issue.

    Another issue is that when ever you used vmware or virtual pc to access your disk, there could be log or history information that says there is sometype of hidden drive somewhere...but still think its interesting concept.
    bicard
    • The words "performance hit" spring to mind...

      The virtualization itself will give you a performance hit already. Then imagine the already slow Virtual file system writing its pagefile to a disk that encrypts on a host with then allows less CPU to the virtual client. I didn't complete the test/calculation on this, but for me this spells trouble... And for what if the option in this article is available?
      TechrepLath
  • TrueCrypt is fantastic.

    It can't be beat. I wish banks and companies would start using it to format the complete volume of a high-capacity removable HDD for security. Then, maybe, no more Boeing or Bank of NY stories. They can't say it cost's too much!
    Joe.Smetona
    • Especially for removable media...

      Flash drives and USB harddrives carrying corporate information should definitely be encrypted. Truecrypt does a great job with this...
      TechrepLath
  • RE: How to: Using TrueCrypt 6 to hide an operating system

    I disagree with those who find fault with the original blog. let's be real. If you have a knife to your throat, you better reach for the Colt in your wasteband. Seriously, most data cloaking is done to avoid corporate theft, misuse by miscreants or courtroom discovery. The hidden OS effectively counters all these threats by making data theft and recovery extremely difficult, and providing plausible deniability when looking down the barrel of a subpoena wielded by a legal terrorist (lawyer). Bob Macmaster
    bobmac@...