What is volume “padding”, and why would I want it?
A number of tools are available to “detect” encrypted volumes. These typically operate by detecting large files with a high amount of entropy and a file size that is a multiple of 512 bytes, or which is a certain “signature size” greater than the last 1MB boundary. “Padding” is additional (random) data added to the end of the volume, and is used to prevent detection of FreeOTFE volumes by automated volume-finding tools which only carry out a cursory search for volumes, and rely on the size of files found. Furthermore, padding also reduces the amount of information an attacker has about a volume, by preventing reliable detection of the size of the mounted volume (subject to the mounted volume being overwritten as described in the Plausible Deniability section). Padding will not prevent a reasonably knowledgeable IT person from being able to reasonably identify an encrypted volume as such – like any security mechanism, padding is simply another tool which would be employed from a larger
