T
T
R
R
U
U
E
E
C
C
R
R
Y
Y
P
P
T
T
F R E E O P E N - S O U R C E O N - T H E - F L Y E N C R Y P T I O N
USER’S GUIDE
www.truecrypt.org
Version Information
TrueCrypt User’s Guide, version 7.1a
Released by TrueCrypt Foundation on February 7, 2012
Legal Notices
THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY.
THE ENTIRE RISK AS TO THE QUALITY, CORRECTNESS, ACCURACY, OR COMPLETENESS OF THE CONTENT OF THIS
DOCUMENT IS WITH YOU. THE CONTENT OF THIS DOCUMENT MAY BE INACCURATE, INCORRECT, INVALID, INCOMPLETE
AND/OR MISLEADING. IN NO EVENT WILL ANY AUTHOR OF THE SOFTWARE OR DOCUMENTATION, OR ANY APPLICABLE
COPYRIGHT OWNER, OR ANY OTHER PARTY WHO MAY COPY AND/OR (RE)DISTRIBUTE THIS SOFTWARE OR
DOCUMENTATION, BE LIABLE TO YOU OR TO ANY OTHER PARTY FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO,
ANY DIRECT, INDIRECT, GENERAL, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, CORRUPTION OR LOSS OF DATA, ANY LOSSES SUSTAINED BY YOU OR THIRD PARTIES,
A FAILURE OF THIS SOFTWARE TO OPERATE WITH ANY OTHER PRODUCT, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES, OR BUSINESS INTERRUPTION), WHETHER IN CONTRACT, STRICT LIABILITY, TORT (INCLUDING, BUT NOT
LIMITED TO, NEGLIGENCE) OR OTHERWISE, ARISING OUT OF THE USE, COPYING, MODIFICATION, OR (RE)DISTRIBUTION
OF THIS SOFTWARE OR DOCUMENTATION (OR A PORTION THEREOF), OR INABILITY TO USE THIS SOFTWARE OR
DOCUMENTATION, EVEN IF SUCH DAMAGES (OR THE POSSIBILITY OF SUCH DAMAGES) ARE/WERE PREDICTABLE OR
KNOWN TO ANY (CO)AUTHOR, INTELLECTUAL-PROPERTY OWNER, OR ANY OTHER PARTY.
BY INSTALLING, RUNNING, USING, COPYING, (RE)DISTRIBUTING, AND/OR MODIFYING THIS SOFTWARE, INCLUDING, BUT
NOT LIMITED TO, ITS DOCUMENTATION, OR A PORTION THEREOF, YOU ACCEPT AND AGREE TO BE BOUND BY ALL TERMS
AND CONDITIONS OF THE TRUECRYPT LICENSE THE FULL TEXT OF WHICH IS CONTAINED IN THE FILE License.txt
INCLUDED IN TRUECRYPT BINARY AND SOURCE CODE DISTRIBUTION PACKAGES.
2
CONTENTS
INTRODUCTION .............................................................................................................................. 6
BEGINNER’S TUTORIAL .............................................................................................................. 7
How to Create and Use a TrueCrypt Container ....................................................................... 7
How to Create and Use a TrueCrypt-Encrypted Partition/Device ......................................... 25
TRUECRYPT VOLUME ................................................................................................................ 26
CREATING A NEW TRUECRYPT VOLUME ........................................................................................ 26
Hash Algorithm ...................................................................................................................... 26
Encryption Algorithm ............................................................................................................ 26
Quick Format ......................................................................................................................... 27
Dynamic ................................................................................................................................. 27
Cluster Size ............................................................................................................................ 27
TrueCrypt Volumes on CDs and DVDs ................................................................................ 27
Hardware/Software RAID, Windows Dynamic Volumes ..................................................... 28
Additional Notes on Volume Creation .................................................................................. 28
FAVORITE VOLUMES ....................................................................................................................... 29
SYSTEM FAVORITE VOLUMES ......................................................................................................... 31
SYSTEM ENCRYPTION ............................................................................................................... 33
Hidden Operating System ...................................................................................................... 33
Operating Systems Supported for System Encryption ........................................................... 34
TrueCrypt Rescue Disk .......................................................................................................... 34
PLAUSIBLE DENIABILITY ......................................................................................................... 37
HIDDEN VOLUME ............................................................................................................................ 38
Protection of Hidden Volumes Against Damage ................................................................... 40
Security Requirements and Precautions Pertaining to Hidden Volumes ............................... 43
HIDDEN OPERATING SYSTEM .......................................................................................................... 47
Process of Creation of Hidden Operating System ................................................................. 49
Plausible Deniability and Data Leak Protection .................................................................... 50
Possible Explanations for Existence of Two TrueCrypt Partitions on Single Drive ............. 50
Safety/Security Precautions and Requirements Pertaining to Hidden Operating Systems ... 52
MAIN PROGRAM WINDOW ....................................................................................................... 54
Select File .............................................................................................................................. 54
Select Device ......................................................................................................................... 54
Mount ..................................................................................................................................... 54
Auto-Mount Devices .............................................................................................................. 54
Dismount ................................................................................................................................ 54
Dismount All .......................................................................................................................... 55
Wipe Cache ............................................................................................................................ 55
Never Save History ................................................................................................................ 55
Exit ......................................................................................................................................... 55
Volume Tools ........................................................................................................................ 56
3
PROGRAM MENU ............................................................................................................................. 57
Volumes -> Auto-Mount All Device-Hosted Volumes ......................................................... 57
Volumes -> Dismount All Mounted Volumes ....................................................................... 57
Volumes -> Change Volume Password ................................................................................. 57
Volumes -> Set Header Key Derivation Algorithm .............................................................. 57
Volumes -> Add/Remove Keyfiles to/from Volume ............................................................. 58
Volumes -> Remove All Keyfiles from Volume ................................................................... 58
Favorites -> Add Mounted Volume to Favorites ................................................................... 58
Favorites -> Organize Favorite Volumes ............................................................................... 58
Favorites -> Mount Favorites Volumes ................................................................................. 58
Favorites -> Add Mounted Volume to System Favorites ...................................................... 58
Favorites -> Organize System Favorite Volumes .................................................................. 58
System -> Change Password .................................................................................................. 58
System -> Mount Without Pre-Boot Authentication ............................................................. 58
Tools -> Clear Volume History ............................................................................................. 59
Tools -> Traveler Disk Setup ................................................................................................. 59
Tools -> Keyfile Generator .................................................................................................... 59
Tools -> Backup Volume Header .......................................................................................... 59
Tools -> Restore Volume Header .......................................................................................... 59
Settings -> Preferences .......................................................................................................... 60
MOUNTING TRUECRYPT VOLUMES ................................................................................................. 62
Cache Password in Driver Memory ....................................................................................... 62
Mount Options ....................................................................................................................... 62
PARALLELIZATION .................................................................................................................... 63
PIPELINING .................................................................................................................................... 63
HARDWARE ACCELERATION .................................................................................................. 64
HOT KEYS ....................................................................................................................................... 65
KEYFILES ....................................................................................................................................... 66
Keyfiles Dialog Window ....................................................................................................... 66
Security Tokens and Smart Cards .......................................................................................... 67
Keyfile Search Path ................................................................................................................ 68
Empty Password & Keyfile.................................................................................................... 68
Quick Selection ...................................................................................................................... 68
Volumes -> Add/Remove Keyfiles to/from Volume ............................................................. 69
Volumes -> Remove All Keyfiles from Volume ................................................................... 69
Tools -> Keyfile Generator .................................................................................................... 69
Settings -> Default Keyfiles ................................................................................................... 69
SECURITY TOKENS & SMART CARDS ................................................................................... 71
PORTABLE MODE ........................................................................................................................ 72
Tools -> Traveler Disk Setup ................................................................................................. 72
LANGUAGE PACKS ...................................................................................................................... 74
Installation ............................................................................................................................. 74
ENCRYPTION ALGORITHMS .................................................................................................... 75
4
AES ........................................................................................................................................ 75
Serpent ................................................................................................................................... 76
Twofish .................................................................................................................................. 76
AES-Twofish ......................................................................................................................... 76
AES-Twofish-Serpent ............................................................................................................ 76
Serpent-AES .......................................................................................................................... 77
Serpent-Twofish-AES ............................................................................................................ 77
Twofish-Serpent ..................................................................................................................... 77
HASH ALGORITHMS ................................................................................................................... 78
RIPEMD-160 ......................................................................................................................... 78
SHA-512 ................................................................................................................................ 78
Whirlpool ............................................................................................................................... 78
SUPPORTED OPERATING SYSTEMS....................................................................................... 79
COMMAND LINE USAGE ............................................................................................................ 80
Syntax .................................................................................................................................... 82
Examples ................................................................................................................................ 82
SECURITY MODEL ....................................................................................................................... 83
SECURITY REQUIREMENTS AND PRECAUTIONS ............................................................. 86
Data Leaks.............................................................................................................................. 86
Paging File ............................................................................................................................. 87
Memory Dump Files .............................................................................................................. 87
Hibernation File ..................................................................................................................... 88
Unencrypted Data in RAM .................................................................................................... 89
Physical Security .................................................................................................................... 89
Malware ................................................................................................................................. 90
Multi-User Environment ........................................................................................................ 90
Authenticity and Integrity ...................................................................................................... 91
Choosing Passwords and Keyfiles ......................................................................................... 91
Changing Passwords and Keyfiles ......................................................................................... 92
Trim Operation ....................................................................................................................... 92
Wear-Leveling ....................................................................................................................... 93
Reallocated Sectors ................................................................................................................ 93
Defragmenting ....................................................................................................................... 94
Journaling File Systems ......................................................................................................... 94
Volume Clones ....................................................................................................................... 95
Additional Security Requirements and Precautions ............................................................... 95
HOW TO BACK UP SECURELY ................................................................................................. 96
Non-System Volumes ............................................................................................................ 96
System Partitions ................................................................................................................... 96
General Notes ......................................................................................................................... 98
MISCELLANEOUS......................................................................................................................... 99
Using TrueCrypt Without Administrator Privileges .............................................................. 99
Sharing over Network .......................................................................................................... 100
TrueCrypt Background Task ................................................................................................ 101
5
Volume Mounted as Removable Medium ........................................................................... 102
TrueCrypt System Files & Application Data ....................................................................... 103
How to Remove Encryption ................................................................................................. 105
Uninstalling TrueCrypt ........................................................................................................ 106
Digital Signatures ................................................................................................................. 107
TROUBLESHOOTING ................................................................................................................ 109
INCOMPATIBILITIES ................................................................................................................ 118
KNOWN ISSUES & LIMITATIONS .......................................................................................... 119
Known Issues ....................................................................................................................... 119
Limitations ........................................................................................................................... 119
FREQUENTLY ASKED QUESTIONS ....................................................................................... 122
TECHNICAL DETAILS ............................................................................................................... 134
NOTATION ..................................................................................................................................... 134
ENCRYPTION SCHEME ................................................................................................................... 135
MODES OF OPERATION .................................................................................................................. 137
HEADER KEY DERIVATION, SALT, AND ITERATION COUNT .......................................................... 138
RANDOM NUMBER GENERATOR ................................................................................................... 139
KEYFILES ...................................................................................................................................... 141
TRUECRYPT VOLUME FORMAT SPECIFICATION ............................................................................ 143
COMPLIANCE WITH STANDARDS AND SPECIFICATIONS ................................................................. 145
SOURCE CODE ............................................................................................................................... 145
FUTURE DEVELOPMENT ......................................................................................................... 146
CONTACT ...................................................................................................................................... 146
LEGAL INFORMATION ............................................................................................................. 146
VERSION HISTORY .................................................................................................................... 147
ACKNOWLEDGEMENTS........................................................................................................... 148
REFERENCES ............................................................................................................................... 149