Print
The issue you are most likely to encounter at any given point is a corruption of your MBR. This will prevent you from being able to enter your password, and will likely result in errors that would suggest you are dealing with an empty drive. If this proves to be an ongoing problem, the most likely culprit is a recently installed application with an invasive form of DRM, or a root kit. Keep in mind here that all troubleshooting steps require your password. If you forget it, TrueCrypt cannot help you recover it. Any back doors or secret methods of decrypting the drive would defeat the security benefits.
When the Rescue CD boots up (shown above) you will have the option to either:
This restores your system to its original state. You data will once again be in the clear, as it was before. Your password will be required to begin the decryption, and it’s important to note that if you are encrypting several computers, you will need to keep separate CD’s. This restore function, as well as all the tasks listed below are specific to the password you chose before creating the disk. If your password becomes compromised and you decide to change it, you should destroy the old CD as it can be used to decrypt your machine using the old passphrase.
This will repair a TrueCrypt system that refuses to boot. The rescue CD however cannot restore you password. The password is the cipher used to decrypt the information on your hard drive. The TrueCrypt boot loader is simply the means of entering it.
If for any reason your password should fail to enter (and you're sure you typed it in correctly) run this function. It will prompt you to enter the password again, only this time it will be verified using encrypted data on the CD. Assuming that it matches the information encoded on the Rescue Disk, it will repair the entry on your hard drive.
If you used step 1 to decrypt your drive, and you had a multi-boot loader installed prior to TrueCrypt's installation, you will want to run this step. When combined with step 1, your system will be completely restored to it's pre-encryption state.
Comments are closed on this article
Cmsgstockton
August 04, 2010 at 1:13pm
CMS has a full-disk encrypted hard drive upgrade that makes the process very easily. All you need to do is place the encrypted drive in our enclosure, run the transfer software, setting the drive passphrase, and all programs etc. are moved onto the encrypted hard drive. Once you are done it's just a matter of swapping drives. We describe how to do this in a demonstration here.
robotcat
October 22, 2009 at 7:57am
Whole-drive multiboot encryption under Truecrypt (as of 6.2 anyway) has some pretty severe limitations. For me, at least, it insisted that the bootloader OS had to be on a physically separate drive from other OS's. It's cool that it works under any circumstances, but this keeps it from being useful for me (and I assume for many others).
PhoneyVirus
September 04, 2009 at 9:15pm
TrueCrypt I use this before and found it to be good for Passwords and Game Keys
routine
February 04, 2009 at 4:48pm
TrueCrypt vs BitLocker:
So, how do the two compare in performace, security, easy-of-use, etc?
horzo
February 02, 2009 at 2:30pm
I'm not nearly paranoid enough to do full disk encryption, but I've been using Windows & Linux TrueCrypt for a couple of years to protect password files and the like. Great little piece of software. I actually gave them a donation.
savage4naves
February 02, 2009 at 12:25pm
at system start up I get a quick message from acronis stating to press the F11 key to start recovery (acronis is pure awesomeness by the way) By encrypting the hard drive will that mess up the recovery from acronis? should I or can I image my hard drive again while running true crypt?
krj15489
February 02, 2009 at 11:45am
The finger print reader wont protect your data. someone could take out the drive and plug it into another computer and access the data or use a windows password cracked to get in. Drive encryption is the only thing that will really protect you.
nekollx
February 02, 2009 at 10:59am
i have a biometric fingerprint scanner in my laptop, cant acess my user accout without my fingers.
How does that compare to true crypt?
jcollins
February 02, 2009 at 12:00pm
It really depends on the setup, but you have to understand how Windows works. In general, if you can log into a computer, you can access anything on the computer (even if it isn't under your particular login). So if they somehow manage to bypass your login, they can still see your data.
The Fingerprint Scanner takes the place of your login for the most part. So if they can bypass that (through breaking the hardware, using gummi bears, taking the hard drive out, etc.), they have access to all your data. TruCrypt and the like protect against those situations. You have to actually have the password in order to see the data.
nekollx
February 02, 2009 at 12:04pm
as the sole administrator of the laptop though isn't is the same thing. if the biometric scanner wont let them log into the admin how can the acess the data short of takingthe drive apart (and id think id notice somoen removing the drive while im working on it :P)
jcollins
February 02, 2009 at 3:04pm
In re. the laptop, the assumption in these things are that the crook's not going to do anything while you are there. Let's say you leave the laptop in your apartment and go off to the grocery store. Bam, someone breaks in and grabs everything visible, including your laptop. Or let's say you took it with you to the store in your car and leave it in the trunk. You get out and your car is gone. Both situations, they have your physical laptop.
Once they have the laptop:
Example 1: They take the hard drive out and plug it into another computer running WinXP (not sure on the Vista end, but it is probably something similar). They tell it to take ownership of all the files on the drive and boom, they've got access to all the files. There are some things you can do to prevent this (encrypting folders for example). However, there are various softwares out there that may be able to get past this.
Example 2: A lot of the fingerprint scanners have "issues" where they'll accept scanned images or even totally fake things (gummi bears).
krj15489
February 02, 2009 at 2:08pm
The easiest way to get to the data without taking out the hard drive would be too run a program callled oph crack. it is a windows password cracker and can be booted from a cd. I have tried it out and it does work. But it can be slow depending on how fast the computer is.
http://ophcrack.sourceforge.net/
Block_Dude
February 02, 2009 at 5:38am
Just a few words of warning when using Truecrypt:
1. Encrypting the entire system drive will SIGNIFICANTLY decrease hard drive performance, especially if you choose cascade encryption. Think about it, every byte a data written and read needs to be on-the-fly encrypted or decrypted before it can be handled. You may want to consider making a standard container first before choosing full system encryption - otherwise expect to wait 2.5x longer (or more) if you're unraring something.
2.TrueCrypt disables the pagefile by default. This can mean serious havok/memory errors when running popular steam games like CS:S, TF2, and L4D. The reason why it is disbaled is because sensitive data can be written to the pagefile if the entire system is not encrypted. But I think it will disable it even before you chose to encrypt anything - when you first install the TruCrypt app - so make sure you leave "disbale pagefile" unchecked when installing - if you don't have 4GB of RAM or more, expect to see "direct3d device" errors if the pagefile is disabled and trying to join a server. A good rule of thumb is to keep the pagefile at 1.5x your current RAM - so if you have 2GB, then set the pagfile max file size at 3GB. Sometimes the errors can be cached as well, so use CCleaner to remove old temp files.
3. TrueCrypt modifies the MBR in ways that might cause alarms with some monitoring/security apps. Rootkit detectors like GMER will only be able to see "root-kit like behavior in sector 63" - and this is actually TrueCrypt's bootloader.
Tagge
February 02, 2009 at 11:16am
Hey just a note Block, TrueCrypt has actually been proven to have 0 performance hit on any PC it's installed on. I can also speak from experience in this matter. Every HDD I own has full disk system encryption installed on it. It doesn't slow down Vista, Windows XP, or Ubuntu Linux. Or on any media drives I have it installed on.
"Two things are infinite the universe and human stupidity; and I'm not sure about the the universe."
-Albert Einstein
Justin.Kerr
February 02, 2009 at 6:19am
Thanks for your observations, to be honest though on my side, I didn't notice much of a hit. In my unoffical benchmarks write performance took about a 5% hit, but read rates remained the same. CPU utalization went up a touch as well during reads/writes, but most of us have several cycles (and cores) to spare these days.
I was actually very impressed how lightweight the package was. As for point 3, that was noted in the several places throughout the article but is definatly important to call out. Thats just poor coding style in my opinion on behalf of the software manufacturers who tie into the MBR.
