Understanding TrueCrypt Hidden Partition and Data Loss

Based on what you say, I believe that you formatted your outer partition when creating the inner “hidden” partition. If I recall how Truecrypt works correctly, there is no metadata that allows it to look at a container and say “Oh, this has a hidden partition” in it. If that metadata existed, then others could tell a hidden partition was there, and it wouldn’t be hidden.

As a result, when you enter the password to mount a partition, it applies that password. Bad passwords unlock nothing. The “outer” password unlocks the outer partition, and the info for that partition is all that Truecrypt sees. The “inner” password unlocks the hidden partition, and the info for that partition is all that Truecrypt sees.

I think that what happened is that Truecrypt created the inner partition, then went to open it for formatting, but because of the way hidden partitions work, it just tried the password which happened to unlock the outer partition instead, since they both used the same password. And it then proceeded to format that outer partition, thinking it was the hidden partition and not knowing any better.

Condolences.

Also, you should know: the last time I checked, you could not modify contents of an outer partition without possibly corrupting the inner partition (again, obviously, if the outer partition knew which blocks were “hidden”, they wouldn’t be hidden, would they?) So you shouldn’t store things you actually use (add files, edit files, etc) in the outer half of a hidden partition pair.

[edit] It’s also possible you’re mounting the “hidden” partition when you’re trying to mount the outer, and that’s why it appears empty. Check the filesystem size and see if it matches the outer or inner size that you set. If this is the case, your data probably still exists, but you have to get to it, better to ask at truecrypt forums for that.

Leave a Reply

Your email address will not be published. Required fields are marked *