David Eather <eather@tpg.com.au> wrote in
news:45b18f89@dnews.tpgi.com.au:

> The adversary is not the NSA. You saw how quickly SG was onto the
> faults in this idea. It will only take one person who knows what he
> is doing, to show one script-kiddie what to do, who will show everyone
> else and security becomes zero or even worse; the user still thinks
> they have some security and may well be indiscreet.


Once again, with feeling:

The method I outlined is entirely appropriate to the threat model specified
by the OP: casual office snoopers. It is significantly superior to the
grossly oversized, non-functional, muslabelled file ruse. Moreover, it is
exceedingly straightforward and easy to implement since Truecrypt natively
supports it with nary a tweak required (an important aspect given the
obvious non-geekiness of the OP).

And here's a flash for you: There is NO satisfactory method of hiding
Truecrypt from a skilled adversary, especially on a workplace machine. As
just one example, Truecrypt leaves awkward-to-erase tracks in the registry.
An adversary of only modest skills using regedit would detect that
Truecrypt was being used in seconds rather than having to do a full HD scan
looking for ADS with special programs.

Regards,