Deniable encryption with Hidden Volume

[x64l]

Hello there everyone! This isn't a particularly Gentoo question and if such questions aren't tolerated here then I apologize.

First of all, I'm not asking this to break the law, encryption has lots of legal protection where I live, I'm just intrigued by the concept and want to experiment.

I read online that VeraCrypt, a disk/file encryption utility made primarily for Windows, has a neat feature called hidden volumes. Essentially you get one big "decoy" partition that you encrypt but one that has no important data on it, and inside of this decoy partition you create another hidden partition, that nobody can even tell it's there without its decryption key. The hidden volume has a footer at the end of the partition, rather than a header, containing some metadata, and from what I gather there's some mechanism in place to make sure that the decoy partition overwrites the hidden partition's data only as a last resort.

I am aware that VeraCrypt supports Linux too, but I'd prefer to use the "minimal standard" Linux utilities, i.e. cryptsetup and lvm. Is there any way to achieve this or something similar with them? The idea is that the hidden partition should be completely and utterly invisible, indistinguishable, that there truly wouldn't be any way to distinguish it from some random data on the hard drive.

Of course Cryptsetup with its "plain" encryption mode would have to be employed, but how would the partitions be arranged?

Obviously having a small Windows partition and the rest of the disk unallocated and filled with "random" data will be called out by anyone with an itty bit of computer knowledge and common sense.

Having a big massive file to hide the hidden OS in isn't very bright either.

I thought about installing Windows 10 on a FAT32 partition, to try and delay the overwriting of the hidden partition, and using cryptsetup's plain mode with the offset flag, but having Windows 10 set up in a FAT32 partition would certainly raise some eyebrows (and having an NTFS installation would probably overwrite the hidden partition right away).

Another way I can think of is to get the decoy OS to only use a part of its root partition, i.e. set some flag in an Ubuntu installation that'd force the OS to only use the first half of its root partition, and nothing more, so that, say, a full 1TB partition would be displayed but only half of it could ever be used. This could also be noticed by someone knowledgeable, but I think it could be swept under the rug far more easily. Sadly, though, I read that Windows doesn't have anything even remotely close to that with its NTFS, and being a veteran Linux/BSD user I've never heard about anything like that either.

Might anyone else have any other idea?

[szatox]

A separate HDD, fully encrypted, without header. It would look like it was shredded.
Hiding an encrypted container within empty space might be more tricky. Haven't tried that, but I suppose if I were to find a hidden volume snuk into empty space of an encrypted partition I can decrypt, I think I could do that by looking at the entropy variation within encrypted partition and running a data recovery tool against it and its decrypted image.
Basically, I'd expect a partially used disk without anything hidden to have identifiable bits of previously deleted files all over the place, or a lot of consecutive 1s or 0s at _some_ layer. If this turns into pure chaos at some point, it's probably the hidden container.

This said, someone determined enough to analyze your disk like that would probably just hit you with the wrench attack instead.
_________________
Make Computing Fun Again

[x64l]

[zen_desu]

It seems it can only be used with the "plain" and "loopaes" types, but maybe you could use --offset with cryptsetup?
_________________
µgRD dev
Wiki writer