Let's Talk TrueCrypt - Part 2

In our last session about TrueCrypt, we discussed what it was, as a product, and some of the features offered by the software. In today's topic, we're going to go a little more practical and do some work with encrypted files.

Our overall goal is to create a file container which has not one, but two encrypted volumes residing within it.  Remember last session, how we talked about "plausible deniability"?  Well, this article is where we'll put it into practice.

So, we want to create a file on a some sort of disk volume.  It doesn't matter what type of media we use.  This could be your local hard drive, a USB key drive, a drive on your local network, or a drive out on the cloud.  All that matters is that your operating system is capable of "seeing" the file itself.

The process is simple - we're going to create a container "file" for the encrypted volumes.  This file defines the size of the disk space available for storing encrypted files.  In other words, if you need to store a 200Mb file, creating a container volume of 100Mb will be insufficient.  (You can't put something that's larger than the object you're trying to put it into to.  Not yet, anyway....)

For my example, I've chosen a volume on my Dropbox account so that my data is available to me on any machine where I have both the Dropbox and TrueCrypt clients installed.  Accounts are free and they offer 2Gb of storage.  Getcha summadat.

While you're doing that we're going to talk about files and how TrueCrypt organizes files and how data is stored on physically on the platter.

At the physical layer on a traditional hard-disk drive platter, data is referred to as "magnetic media".  This is because, at the microscopic level, you have a slab of iron that's aligned a particular way.  If this slab of microscopic iron is aligned one way, you have a "1", the other way, a "0".  Read-in enough of these 1's and 0's and you have a data stream.  How the data is tracked on the physical partition is not in the scope of this article (and should already know something about this anyway), but suffice to say that if you organized your 1's and 0's into, say, header blocks and data blocks, then it'd be possible to associate the data stream into something meaningful.

However, data by itself, without organization just looks random.  Without knowing how data is organized physically, there's nothing to distinguish meaningful data from random-appearing data.  And this is the concept I want you to keep in-mind when we get to the part about plausible deniability, ok?

Using TrueCrypt, what we're going to do is create a file by reserving a certain amount of disk space assigned to the file.  You'll use TrueCrypt to mount the file, as if you were mounting a filesystem - a volume - where you can store files, images, etc.  Then, again using TrueCyrpt, you're going to contain a second filesystem within the first one.  Depending on which password you provide determines which filesystem gets mounted.

In other words, let's say you have a USB drive that you carry with you.  On it, you have source-code files for your latest project.  You do not want to lose your source code because it's worth millions (!) and you're nearly code-complete on the project you've been working on.

However, the Elbonians wants your source code and will stop at nothing to get it!  So, they kidnap you.  And they take your USB drive and plug it into their computer.  But, wait!  Your drive is encrypted with TrueCrypt!  The entire drive is meaningless without the password!  They ask politely for the password and you, of course, refuse.

It's not until you come under the extreme duress of having a loaded sling-shot placed against your knees that you relent.  You sob convincingly as you blurt the password to the outer filesystem.  The Elbonian hacker types in your password, and, success!  The filesystem mounts, and they see your source code files!  They quickly transfer them to their computer, chucking in a sinister fashion amid much elbow nudging.

However, the Elbonian spymaster is not so easily fooled!    He asks the hacker how large were your files and the hacker pockety-pocks out the answer of 100MB.  The spymaster looks at your USB drive and blinks.  A 2GB USB drive and you only have 100MB used?  Sure, you reply.  Blink.  Blink.

Scan the rest of his drive, he orders the hacker....whir...whir...whir... and.... nothing.  All meaningless random data, reports the hacker.  The spymaster chucks your stick back at you, laughs once, and forces out of the rolling minivan...

See, there really is no difference in appearance between random data, and encrypted data (given a proficient encryption schema).  If, for some reason, someone, against all odds, was able to crack the second (hidden) filesystem and actually access your files, you could always claim plausible deniability because you weren't aware of the presence of those files.  For all you know, some sophisticated worm on your Windows box (they won't believe you if you're using a Mac or a Linux machine) was writing out to the hidden filesystem.

Anyway, I hope you get the points made in that massive rathole we just traveled down.

Let's get back to the how-to...

Fire up TrueCrypt and let's create a volume - for demonstrative purposes, we're going to create a volume on our local hard drive, but you could use TrueCrypt to create a volume anywhere - a USB stick, a network device, even a cloud-mounted device like DropBox.

When you select "Create Volume" the first dialog box that opens asks if you'd like to create either an encrypted file container, or a volume within a partition or drive.  The first option is for inexperienced users, so we're going to select the that option and click the [Next] button.  (Unless you'd like to reformat one of your existing disk partitions which is the rocky road you'll head down should you choose that option.)

This dialog asks if you wish to create a standard TrueCrypt volume (eg.: a single volume) or a Hidden TrueCrypt volume - like what we talked about before.  Click on the Hidden TrueCrypt volume option and click the [Next] button.

The next dialog asks us to select a device -- this is where the volume will be located physically.  Again, for demonstrative purposes, I'm going to create my volume on my local drive.  Feel free to create yours where ever you like and click the [Next] button to continue.  (Note that you may be asked for your administrator's password.  Just because you're using the software doesn't mean can run amok on another system sucking down their available hard drive space for your nefarious schemes...)

Oh, and it's a good idea to leave the box "Never save history" checked....

Ok - here's where we select both the encryption and hashing algorithms.  TrueCrypt offers three types of encryption, in varying combinations.  AES, Serpent and Twofish.  I've thoughtfully provided links to the Wikipedia links explaining what each encryption algorithms entail.  What's interesting is that TrueCrypt allows you to use combinations of the three singly, in pairs, or in triplets.  So, for example, you choose AES-Twofish -- this means that this is two ciphers operate in a cascading faction: blocks are first encrypted with Twofish, and then with AES.  Each cipher uses it's own 256-bit key and all keys are mutually independent on one another.

The hashing algorithm you select at the bottom of the dialog box can be either RIPEMD-160, SHA-512, or Whirlpool.  The hashing algorithm is used by the TrueCrypt random-number-generator as a 'pseudorandom "mixing" function, and by the header key derivation function (HMAC based on a hash function, as specified in PKCS #5 v2.0) as a pseudorandom function.'

Select whichever hashing algorithm you prefer, along with any encryption algorithm and click the [Next] button.

In the next dialog box, choose the size of the outer partition keeping in-mind that the inner partition you're planning on installing cannot be larger than the outer partition.  Enter in the appropriate number, select the units from the drop-down dialog, and press the [Next] button.

The next dialog asks you for your outer-volume password.  This is the password that you will reveal if coerced into doing so.  You should choose a password that is significantly different from the inner-volume password.  Type the password in twice, leave both option boxes unchecked, and click the [Next] button.

The next dialog asks you to move your mouse randomly within the dialog box to generate a seed for your encryption keys.  When you get tired of watching numbers rip across the dialog, click [Format] to create the outer volume.

Once formatted, you will see an informational screen which (wisely) advises you to place files into the outer volume.  These should probably be files that you don't mind being discovered, but you would still want to encrypt.  Old tax records, emails, work financials, that sort of thing.  Click [Next] when you're done with all that.

In this section, we're going to deal with the Hidden volume.  In my test case, the size of the outer volume was predetermined so it's asking me to click [Next] to move on.

Doesn't this dialog look familiar?  This is the same encryption/hashing dialog that you saw to format the outer volume.  This time, we're going to do the same thing, except we're going to format the inner volume.  I'd strongly suggest that you choose different encryption and hashing algorithms for the outer volume than what you selected for the inner volume.  Make your selections and click [Next].

In this dialog, choose the size of the inner partition.  I'd recommend about 50% of the entire file size.  If you go larger, it may appear obvious that there's something else hidden within your file.  Click [Next].

Choose a very strong password.  I'd strongly recommend using 1Password to generate a hideously-long nonsensical string that you'd need 1Password to provide as there's no way in Hell that you're going to remember it.  (I'll talk about 1Password in a follow-up article.)  As before, leave the check boxes alone and click [Next].

Select the filesystem format.  This may vary from OS to OS.  I'm going with FAT.  Click [Next] and then do the mouse-move-random-number thing.  Click [Format] when that bit's over.

You should see a pop-up that says that the TrueCrypt volume has been successfully created and is now ready for use.  Yay!

In part-3, I'll wrap all this up and explain the bits and pieces I glazed over.  For now, you know enough to start banging away on your filesystem...