Earlier, we talked about how KeePass would help you keep your passwords in a secure manner. But what should you do if you want to keep your files or disk drives safe ? So safe that no reverse engineering is even possible ? TrueCrypt seems to be the solution.

Let’s take a look at TrueCrypt, the best open source disk encryption software, which has the following features:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
  • Encryption can be hardware-accelerated on modern processors.
  • Provides plausible deniability, in case an adversary forces you to reveal the password.

A word of caution before we get started; if you visit the official website of TrueCrypt, you will notice a very strange warning:

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues”. Do not mind the warning, the developers quit maintenance of the software a while ago and they are simply saying that they will not update the software if any security issues are found. In fact the most recent security audit reveals that the software still rocks in terms of security. You are pretty safe as of this writing. But do not just take my word for it, for those of you who want to make sure, please read on here.

Since the development of TrueCrypt has come to a halt, VeraCrypt will continue the project further. The following guide is good for both TrueCrypt and VeraCrypt and I have personally moved on to VeraCrypt as it solves many vulnerabilities and security issues found in TrueCrypt and is properly maintained.

Enough mambo-jambo, let’s get started. (Bear with me as the initial setup process is long but daily usage is simple)

Creating a Hidden Volume in TrueCrypt for Plausible Deniability

1. Download Truecrypt 7.1a from this website. (or VeraCrypt from this website)

TrueCrypt - tc-1

2. Run the setup file

TrueCrypt - tc-2

3. Run TrueCrypt and Choose “Volumes > Create New Volume”

TrueCrypt - tc-3

4. From the wizard, choose “Create an encrypted file container” , click “Next”

TrueCrypt - tc-4

5. Choose “Hidden TrueCrypt Volume”, click “Next”

TrueCrypt - tc-5

6. Choose “Normal Mode”, click “Next”

TrueCrypt - tc-6

7. Choose “Select File” , choose a location on your hard disk, give it a name that does not attract attention. Click on “Next”

TrueCrypt - tc-7

8. Click on “Next”

TrueCrypt - tc-8

9. Click on “Next”

TrueCrypt - tc-9

10. Choose a file size for your encrypted file. Try to plan this stage wisely, I choose 10 GB in this example.

TrueCrypt - tc-10

11. Choose Outer Volume Password (This is the easy password you should remember and reveal if you are under duress – plausible deniability, remember ?)

TrueCrypt - tc-11

12. Large Files, choose “No”, click on “Next”

TrueCrypt - tc-12

13. Format your Outer Volume

TrueCrypt - tc-13

14. Open Outer Volume, put some important looking files in your new drive, remember, these are the files that will be revealed if you are under duress.

TrueCrypt - tc-14