Truecrypt had this exact function - one password would decrypt your drive sort of on one end, and start the OS there, another password would decrypt the drive on the other end, and start the OS installed there - so you always had perfectly plausible deniability, since the drive taken as a whole looked like a completely normal encrypted drive(in fact you could accidentally destroy the hidden partition by overwriting "empty" area while booted into the non-secret OS). Always thought that was super cool.
The paranoid dystopian counterpart is that you cannot prove you don't have a second partition either. Might get awkward if someone decided to compel the second password on less solid evidence. If you're not actually using the feature.
There was a case here in Germany where the police report revealed that they apparently spent a lot of time looking for evidence of a hidden partition/encrypted data etc because a PC owned by single man with zero evidence of porn was unusual. (but didn't find anything in the end, and didn't claim anything they didn't have evidence for)
this is why you should actually have "signs of life" and something _slightly_ illegal on your plausible deniability partition. Just enough dirt to get you into trouble, but not too much trouble. If you're squeeky clean, you get the rubber hose cryptography treatment.
If you want those signs of life to be convincing, it should include all kinds of history without long gaps, such as:
- email, including recently received and sent emails
- web browser history
- system logs
- software updates
In practice, I think it’s impossible to do that. If the police discovers, for example, that your system logs show your machine was off for a week, but they also just saw you reset it, what do you tell them?
Yeah, there was a tutorial online. Thought it was a good idea in case my laptop got stolen. Don't need to be an expert to click through an automated wizard, do I?
this is a real problem, yes; i find encrypted volume in swap partition actually provides better plausible deniability. "I was told it should be 2x the size of RAM," - says a guy with 512G of ram and swapoff.
The only problem is this is sort of obvious from a forensics perspective. Person is using truecrypt, they boot it up for you, and the partition is only half the size it should be.
No, like the other reply pointed out too - it's not obvious. The first password unlocks the entire partition, the hidden one is just within the "empty" area of the drive. If you write a sufficiently large file while running the OS you could just overwrite and destroy the hidden partition without knowing that you did so. It's also impossible to tell that the hidden parition is there because encrypted data is indistinguishable from encrypted empty area of the drive.
The question always was what kind of attack are you trying to guard yourself against. I imagine top level agencies have a way to crack truecrypt/veracrypt encrypted volumes, but I also imagine they aren't using that capability against just anyone to not show their hand and risk the issue being fixed.
Your parent seems to point out that's not how it works: you've got access to the ful partition either way, meaning you can accidentally overwrite the other partition.
If I remember right, the hidden partitions are indistinguishable from random data on your disk and it was necessary to provide an offset to the first block (or whatever) so it could be decrypted. You could easily overwrite it accidentally because it just looks like free space.