TrueCrypt Hidden Volumes: Can the outer volume be actively updated safely?

Question

I have encrypted my hard drive using the TrueCrypt hidden volume option. Therefore, I have two volumes:

• An outer volume where I place some sensitive-looking data.

• A hidden volume where I place the really sensitive data.

I would like to continually update the data in the outer volume, both in order to use the hard drive space and to increase my plausible deniability. I am aware of the existence of the 'hidden volume protection' option of TrueCrypt, which prevents the space allocated to the hidden volume from being overwritten.

However, from my limited knowledge, I'm not sure if using this option is safe. If I continually update the data in the outer volume, I expect that it will become fragmented, and the OS will prefer placing the blocks in further sectors of the disk, which is where my hidden volume is. This will prevent me from storing data in the hidden volume, and may damage the filesystem in ways that hint at the existence of a hidden volume.

What I would like to know is:

• Is what I wrote correct? Can fragmentation cause the OS to write over my hidden volume, even when there's, say, 100GB of free space in addition to the "free space" used by the hidden volume?

• Is there anything I can do to prevent this without hurting my plausible deniability, short of periodically reformatting the whole drive?

Thank you.

Answer 1

If the outer volume is mounted without knowing the key for the hidden one, it is unsafe. When it is mounted aware of the hidden volume, it is safe.

The OS won't place things where at your hidden volume location. The truecrypt driver won't allow that (there are a few ways it could be done, but the actual implementation is irrelevant).

The place the fragmented files are located, shouldn't matter for usage. Both the hidden and normal volume should be able to use the free space on the full disk.

OTOH, regarding hidden volume existance, if someone reverse-engineered where TrueCrypt stored each file in the volume, they might get suspicious on why a big file is stored in that way (assuming TrueCrypt isn't randomizing locations precisely to avoid that), and suspect that you do have a hidden volume. Although it's equally possible that you had some big files there (some movies?) that were later deleted.