Earlier, we talked about how KeePass would help you keep your passwords in a secure manner. But what should you do if you want to keep your files or disk drives safe ? So safe that no reverse engineering is even possible ? TrueCrypt seems to be the solution.

Let’s take a look at TrueCrypt, the best open source disk encryption software, which has the following features:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
  • Encryption can be hardware-accelerated on modern processors.
  • Provides plausible deniability, in case an adversary forces you to reveal the password.

A word of caution before we get started; if you visit the official website of TrueCrypt, you will notice a very strange warning:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”. Do not mind the warning, the developers quit maintenance of the software a while ago and they are simply saying that they will not update the software if any security issues are found. In fact the most recent security audit reveals that the software still rocks in terms of security. You are pretty safe as of this writing. But do not just take my word for it, for those of you who want to make sure, please read on here.

Since the development of TrueCrypt has come to a halt, VeraCrypt will continue the project further. The following guide is good for both TrueCrypt and VeraCrypt and I have personally moved on to VeraCrypt as it solves many vulnerabilities and security issues found in TrueCrypt and is properly maintained.

Enough mambo-jambo, let’s get started. (Bear with me as the initial setup process is long but daily usage is simple)

Creating a Hidden Volume in TrueCrypt for Plausible Deniability

1. Download Truecrypt 7.1a from this website. (or VeraCrypt from this website)

TrueCrypt - tc-1

2. Run the setup file

TrueCrypt - tc-2

3. Run TrueCrypt and Choose “Volumes > Create New Volume”

TrueCrypt - tc-3

4. From the wizard, choose “Create an encrypted file container” , click “Next”

TrueCrypt - tc-4

5. Choose “Hidden TrueCrypt Volume”, click “Next”

TrueCrypt - tc-5

6. Choose “Normal Mode”, click “Next”

TrueCrypt - tc-6

7. Choose “Select File” , choose a location on your hard disk, give it a name that does not attract attention. Click on “Next”

TrueCrypt - tc-7

8. Click on “Next”

TrueCrypt - tc-8

9. Click on “Next”

TrueCrypt - tc-9

10. Choose a file size for your encrypted file. Try to plan this stage wisely, I choose 10 GB in this example.

TrueCrypt - tc-10

11. Choose Outer Volume Password (This is the easy password you should remember and reveal if you are under duress – plausible deniability, remember ?)

TrueCrypt - tc-11

12. Large Files, choose “No”, click on “Next”

TrueCrypt - tc-12

13. Format your Outer Volume

TrueCrypt - tc-13

14. Open Outer Volume, put some important looking files in your new drive, remember, these are the files that will be revealed if you are under duress.

TrueCrypt - tc-14

15. Click on “Next”

TrueCrypt - tc-15

16. Click on “Next”

TrueCrypt - tc-16

17. Choose 9 GB (remember you set the maximum size to 10 GB earlier, so this hidden volume needs to be smaller), click “Next”

TrueCrypt - tc-17

18. Choose “YES”

TrueCrypt - tc-18

19. Now set up your REAL password, this needs to be complex like the following example.

TrueCrypt - tc-19

20. Large Files, Choose “YES”, click “Next”

TrueCrypt - tc-20

21. Click “Format”.

TrueCrypt - tc-21

22. Once the format is finished, the below warning will appear, click on “OK”.

TrueCrypt - tc-22

23. Click “Exit”, as you have just finished creating your hidden volume.

TrueCrypt - tc-23

How to Use TrueCrypt ?

1. Run TrueCrypt, Choose “Select File”

TrueCrypt - tc-24

2. Choose the file you created earlier.

TrueCrypt - tc-25

3. Choose an empty drive letter (like Z:) and click on Mount.

TrueCrypt - tc-26

4. Enter your complex password. (if you enter your easy password, you will reveal the fake files you set in Step 14.)

TrueCrypt - tc-27

5. Open My Computer, Find Z: Drive, and put your super secret stuff there.

TrueCrypt - tc-28

6. When you are finished, Choose drive Z: and choose “Dismount”, your files are hidden until you “Mount” them again with your password.

TrueCrypt - tc-29

Wow, that was long I know. You are good to go now, have fun and do not forget to comment if you like this article.