As he mentions in the February 7, 2006 update, when he wrote this he hadn't yet found the "Traveller Mode" section in the manual, which explains how TrueCrypt can do all of this for you.

I'm using TrueCrypt 4.1 (current is 4.2a), and for what it's worth I spent a bit of time a while ago figuring out how to pack as much info as possible onto a Traveller Disk. The winning formula (again, for version 4.1) is:

(disk capacity in bytes) / 1024 - 1032

I.e. that's the size, in KB, of the volume you should create on the drive before running "Traveller Disk Setup". (And for nitpickers, the above formula assumes your disk capacity is evenly divisible by 1024, which is a pretty good assumption.)
posted by forblaga at 2:19 PM on January 31, 2007

Oh, and that's if you don't include the TrueCrypt Volume Creation Wizard on the Traveller Disk.
posted by forblaga at 2:21 PM on January 31, 2007

Also encrypt your entire Windows profile and encrypt your swap file.
posted by aye at 2:58 PM on January 31, 2007

I'm just saying that it seems the decay, rot and kuro5hin have really started to set in around here.

The next thing you know people are going to start posting links to slash fiction. Dotty, I know.
posted by dmd at 3:17 PM on January 31, 2007

I don't know. I feel that the conversation has gained a sort of plasticity. But then, I've never met a chat I didn't like.
posted by cortex at 3:32 PM on January 31, 2007

dmd writes "The next thing you know people are going to start posting links to slash fiction."

I promise, no slash fiction ever from me.
posted by Mitheral at 5:46 PM on January 31, 2007

What the hell is the point of doing that?

That said, truecrypt is totally sweet. But it doesn't let you nest encrypted volumes like Russian dolls.
posted by delmoi at 6:31 PM on January 31, 2007

Honestly, I was happy to see a bit of tech here presented in a simple "Here's a way to do something both reasonable and practical." Metafilter is where I come to get away from the impracticality of slashdot and the breathless uselessness of digg.

Also, I use a disk in traveler mode pretty regularly -- Truecrypt is the only technology of its kind I put much stock in since it doesn't have a vendor lock-in dark side. I do wish they would hurry up with the other platforms, though.
posted by abulafa at 6:33 PM on January 31, 2007

delmoi - not sure what you're looking for.

TrueCrypt supports a "plausible deniability" feature (two encrypted segments in the same volume with different keys -- one to reveal under duress, the other not to -- the hidden volume ostensibly hard to discover in the entropy of the first).

You can also just create a new tc volume in a mounted tc volume -- I use that strategy for storing dangerous malware in the equivalent of blisterpack.

Or do you want multiple volumes in different encryption envelopes with the same key?
posted by abulafa at 6:37 PM on January 31, 2007

TrueCrypt supports a "plausible deniability" feature (two encrypted segments in the same volume with different keys -- one to reveal under duress, the other not to -- the hidden volume ostensibly hard to discover in the entropy of the first).

Right, but I'd like to have the ability to create a third hidden volume inside the second, and a fourth inside of that, and so on, ad infinitum. People pressuring you might assume you have a hidden volume, but how many levels deep can they keep making that assumption? A turtles all the way down approach takes the deniablilty from plausible to near certain.
posted by delmoi at 7:27 PM on January 31, 2007

"Plausible Deniability" mode isn't nested at all, and I think people have a mis-understanding of what it means. You're not creating one crypted volume within another, you're creating two crypted volumes side-by-side but as part of the same *.tc file. Each one can then have a separate password, but when the volume is mounted you only get asked for one. That way if somebody puts a gun to your head you could type in the password to the dummy one (hopefully pre-filled by you with official-looking junk) and they won't even know that there was another password you could have typed at the same prompt that gave access to another volume in which you keep the genuinely secure content. It's a form of steganography in that according to theory you shouldn't be able to find out that there were two actual volumes through any method except insider knowledge. The alternative that delmoi seems to be suggesting is more cryptographic layer upon cryptographic layer like a matryoshka (russian nesting) doll, which can be done by inserting the *.tc into the mounted volume of another *.tc with a different passcode. All you have to do is put it at 3 (or more) layers and occasionally name layers with some other extension to increase the likelihood they'll be thrown off.
posted by mystyk at 8:45 PM on January 31, 2007