This project has moved. For the latest updates, please go here.

Multiple Hidden Containers

Topics: Feature Requests
Nov 2, 2014 at 4:39 AM
I will admit I haven't gotten around to putting VeraCrypt to work on my computer quite yet. I will very soon. Nevertheless, I feel that this program should have the option to create any number of hidden volumes like BestCrypt.

It's semi-meaningless to have hidden containers when not having one is highly suspicious and you'll feel compelled to make one just to prove you don't have one. But when you can make any number of them that will fit in a container, creating a hidden container to prove you don't use them becomes meaningless and deniability becomes much stronger. What do you think?
Coordinator
Nov 3, 2014 at 12:12 PM
Edited Nov 3, 2014 at 12:13 PM
I understand your point but you can't support an unlimited number of hidden containers if your volume should appear as random: you are obliged either to add some kind of clear information to tell the program how many hidden containers and where are there respective headers, or you have a fix the number of possible hidden containers along with a fixed positioning of their headers and in this case it is not unlimited.

If a program advertize that it supports an unlimited number of hidden containers, then there is something wrong in their way of handling the encrypted volume. A possibility is that they don't care about the random appearance of the encrypted containers and so they add extra data (in clear or obfuscated) in order to give information about the layout of the container.

Do you see any secure way to implement an unlimited number of hidden containers? Personally, I don't see any.

If the program supports a fixed number of hidden containers, then your reasoning concerting the one hidden container can be extended to this fixed number (same logic as a recurrence relation in mathematics).

The company behind the program you are citing doesn't appear to have published their security model nor the specification about their format. So, I'll be very cautious before starting to use such feature and before having a strong security study about their implications.
Nov 4, 2014 at 11:24 PM
I wandering if this would be possible if veracrypt created a keyfile that stored where all the headers were to all the hidden volumes so basically if you want to do more than 2 volumes you have to create a keyfile that can tell veracrypt where to look. Also maybe instead of calling a keyfile maybe call it a header map file. I do not know if this idea would work or not but I would like your input on it israssi.
Coordinator
Nov 15, 2014 at 7:08 PM
This idea would work but it is technically complex.
Actually, it can be generalized in order to permit the usage of an external volume header for any encrypted volume/partition. This can be seen as a format of two-factor authentication (2FA): you need the password and you need to posses the volume header which must be stored separately from the encrypted volume.