Whether they'd look around for more after being provided the false key is debatable, but if they do you're just screwed anyway. Again, the crypto isn't the weak link in the chain, ever. You
are the weak link, and to a lesser extent your hardware (i.e. those drives in that linked article...the crypto wasn't 'broken' the chip was short-circuited, they did a recall and nothing heard about it since). Making the hidden volume work, like most cloak and dagger stuff, is largely dependent on your ability to sell it in the interrogation room.
The key is just to get something that makes it reasonably difficult, and covers you tracks as much as possible. Crypto nerds have written long mega-essays about encryption as it relates to game theory and computer science but they all assume that the adversary is a crypto nerd like them who thinks in terms of cracking your algorithm with their algorithm and generally 'plays by the rules' per polite academic discourse. But the adversary is never a crypto nerd, the adversary is a cop (or black hat wearing equivalent) and sound real-world security comes from thinking like a cop, not a crypto nerd. A crypto nerd would never say "I have your wife
, now give me the #$%^ing code!" but that's exactly what would happen in the real world with anyone who cared enough to break anything more than very simple encryption to get at your stuff. The beauty of setting up a hidden volume per the rules set up on TC is that if you're compromised you at least have a chance to convincingly sell the cops on your freaky gerbil fetish, they'll have a good laugh and send you on your way. I personally don't bother with it since I don't live in a police state and don't traffic in genuinely sensitive data, though I do use the basic TC encrypted volume files for a few things out of convenience and basic security protocol.
What we're saying saying is that this is not the guy you need to worry about.
He's too busy looking at pr0n to really care about anything that can't be broken open with a simple shell script.
It's not even these guys, unless your first name is Bank and your last name is Of America.
The one you need to worry about is this guy.
He bench-presses four crypto nerds at a time, thinks AES is part of his government-issued steroid regimen, and is just aching to spill some spinal fluid this afternoon. He does not give one damn about what electronic tomfoolery the silly peasant thinks will keep him from his mission, and if he shows up on your doorstep it does not matter what you're using. Period. The best you can hope for is to destroy the data or feed him a convincing narrative to make him go away, otherwise he will
get what he came for. And if the adversary wants your data badly enough to hit it with their computer for more than a few minutes they're gonna dispense with the foreplay and send this guy.
Again, we're not trying to come down hard or scare you or anything, just to reinforce the disconnect between security whitepapers and what goes down in the real world becuase it's a pretty wide gulf and 95% of the stuff written about it on the internet is BS. Not directly related, but discussions like this remind me of a great Defcon talk by a pen-tester in which he shows how easily he can get into some of the most secure facilities in the world by thinking like a bad guy and not playing by the rules. It's a bit long, but glorious.http://www.youtube.com/watch?v=4-qnYaw7VGo