To refer to a partitionned area within a file container, I will be using the word section
The attacker would be working on a copy, if only to avoid his own mistakes. He would not destroy data.
These are real-life horrors with real torturers. Sadly, not everyone gets away. We should be very clear what we are dealing with !
Isn't it the lower-level drives that need this information about the higher level, more secure drives ?
In fact, you would be opening a low security-level-drive with a high-security-level password, necessary to obtain access to all section limits. Good in theory. However the fact of being habit-formed on using the high-level password could be dangerous in real situations. Just an ordinary visit to the dentist pushes some people near to panic, so think of the confusion of someone under torture.
Maybe the best solution is to have standard section boundaries inside all TrueCrypt containers and warning the user long before a write operation crosses one.
To cross a boundary, all hidden volumes would have to be opened to check availabity.
A developpement team would need a simple algorithm to plan section sizes inside a given size of container. Maybe divide the size into ten then work from the nearest giga-octet boundary.
Whatever the strategy, one thing is that we need to assume the non-cooperation of Microsoft so one can no longer create a specific partition type. On an encrypted partition, we already get that spine-chilling message "do you want to format the partition". We can be expecting technical, psychological and maybe legal or illegal attacks from any large company or institution trying to corner the data market.
There is more and more pressure to store data at remote locations. We should anticipate by planning on the encryptage of small containters being sent to the Cloud.
From there, containers may be sent from peer to peer. The question of transmission of keys would then have to be considered. And so to asymetric encryption (private key / public key). Or what about on-the-fly encryption of a file system stored on a cloud and being accessed by multiple users ? In this case, the container would need internal locking flags to block data strings being updated by a user. And maybe protection from a third party analyzing data changes on a container.
Even if none of this were to be implemented now, the container setup would need to have reserved zones to take account of these future implementations.
All this may need some kind of corporate financement. So how negociate open source when dealing with a multinational or a governement ?
Other questions come to mind but I'll stop here for now !