Home

TrueCrypt User Guide

image

Contents

1. 5 snide 5 Cluster SIZE 5 A t Test Algorithms ans 5 TrueCrypt Volume CD DVD and Other Read Only 5 Additional Notes on Volume 6 PLAUSIBLE DENIABILITY siscscsteseutaseuansosacsensiasebacseutesdubicabinnacbeuneesusdecdsseucaneetasaesnsaseeenssocaebadcancane 6 MAIN PROGRAM WINDOW sicecscastcssticishsscesscagesasisdesclaasasouthivececaancunscagasdocceouscowssbanesoscai epecapineneans 7 Select File menan nn 7 Select Device mennie 7 Te 7 7 DisMouNt sais aga Hoe Ae ee ede De aaa 8 Di s mo nt A ea EE A A E E E 8 NY pe SACHS 8 Chane Password teas ascertained dene 8 Never Save HIStOry a amp ED E Oa 8 PASSWORD ENTRY Zales iy wetted va ec as a asl ahaa ata 8 Cache Password in Driver Memoli y 8
2. stone sei ees eae boast eaaa 19 TRUECRYPT VOLUME FORMAT SPECIFICATION csssessccscccececeesesseaecescceesesesssaeeesesceseeesssseaeeeeeeseneees 20 HEADER KEY DERIVATION ccccccccccccecsssssscecesececeesessaaececesecseeessseaecesecsesesessaaeeeseeeeseneseaseaeeeseceeeeees 20 SECTOR SGRAMBISING E vo Tae ea eT ee 21 RANDOM NUMBER GENERATOR ccscsssessscecesececsesessaaececeeecsensssseaeceseceesenensaaeeeseseeseneesseaeeeseeseeeees 22 COMPLIANCE WITH STANDARDS AND SPECIFICATIONS 22 Copyright 2004 TrueCrypt Foundation 3 PREFACE This document assumes that the reader is generally familiar with using computer hardware and software Describing a feature that is usually easily understood has been avoided wherever possible Introduction TrueCrypt is a software system for establishing and maintaining an on the fly encrypted volume data storage device On the fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved without any user intervention No data stored on an encrypted volume can be read without using the correct password or encryption key Until decrypted encrypted volume appears to be nothing more than a series of random numbers Entire file system is encrypted i e file names folder names contents of every file and free space No unencrypted data are ever stored on any storage device they are only temporarily kept in RAM
3. PROGRAM MENU 9 E i E ES EE E E 9 gt Clear Volume HIStory E ed eae 9 Fools gt Preferences sauna a a a N a a N 9 SUPPORTED OPERATING SYSTEMS eescessessoescessessoesocssessossoossessoseoossessoseoossossssssossosssessossse 10 UNINSTALLING TRUECRYPT sisssssscsseseseisosscccssesssostososcscssosssesdesesososo 10 COMMAND LINE USA wvesossiessscssscseossseavssesesonsecntscvacootvesed sdsnesdeacesutsdssssenssesesssessdssnvecssenedsaisanes 10 BV TNL 11 Sosenndsaven EE RT AR E E ARR 11 ENCRYPTION ALGORITHMS waviscstccsisoosssoasssiassoseansdsdecsbousbcosssesteansdsdebabeuspsessss season ssnbsoiustensboraxene 11 TROUBLESHOOTING 12 INCOMPATIBILITIES 13 DRIVER LIMITATIONS amp KNOWN BUGS esseesoossessoesoossesssesooesossoesoossosssesoossosssessossoessesssssoesse 14 TRUECRYPT SYSTEM FILES wissisccssessvedessencseevasion sedans cvacosuvancdsdasesdeassetsasahsenssessssvcdsassnvedsevesssisneas 14 FREQUENTLY ASKED QUES TIONS ccsiesscssceccssetacssntccssssccebasacscanseoscsenussoucdasscecabnvosseusspoucdebasesace 15 Copyright 2004 TrueCrypt Foundation 2 ENCRYPTION SCHEME
4. derived from a new password The volume is mounted Copyright 2004 TrueCrypt Foundation 19 For more information pertaining the encryption scheme see sections Sector Scrambling and Header Key Derivation TrueCrypt Volume Format Specification TrueCrypt volume has no signature Until decrypted it appears to consist of nothing more than random data Therefore it is impossible to identify a TrueCrypt container or partition TrueCrypt volume format version 1 specification Encryption Status Description Not Encrypted Encrypted ASCII string TRUE Encrypted Volume format version Encrypted Minimum program version required to open the volume Encrypted CRC 32 checksum of the decrypted bytes 256 51 1 Encrypted Volume creation time Encrypted Header creation modification time Encrypted Reserved set to zero Encrypted Unused Encrypted Data used to generate IV and whitening values Encrypted Master encryption key Encrypted Data area actual volume contents Note that salt does not need to be encrypted as it does not have to be kept secret salt is a sequence of random values The bytes 0 63 salt bytes 256 287 data used to generate IV and whitening values and bytes 288 511 master encryption key contain random values that have been generated using the built in random number generator see section Random Number Generator during the volume creation process Header Key Deriv
5. RIPEMD 160 hash algorithm added The user can now select which hash algorithm TrueCrypt will use SHA 1 or RIPEMD 160 Note RIPEMD 160 which was designed by an open academic community represents a valuable alternative to SHA 1 designed by the NSA and NIST In the previous versions there was a risk that the whole program would be practically useless should a major weakness be found in SHA 1 The user selected hash algorithm is used by the random number generator when creating new volumes and by the header key derivation function HMAC based on a hash function as specified in PKCS 5 v2 0 The random number generator generates the master encryption key salt and the values used to create IV and whitening values e When changing a volume password the user can now select the HMAC hash algorithm that will be used in deriving the new volume header key e Itis now possible to create NTFS TrueCrypt volumes and unformatted TrueCrypt volumes This enhancement also removes the 2048 GB volume size limit Only FAT volumes can be created using the previous versions of TrueCrypt Any FAT volume encrypted or not cannot be over 2 048 GB e Header key content is now displayed in the Volume Creation Wizard window instead of salt e Random pool master key and header key contents can be prevented from being displayed in the Volume Creation Wizard window Bug fixes e When there is a mounted TrueCrypt container that is stored in another Tru
6. from my TrueCrypt volume A TrueCrypt does not contain any mechanism or facility that would allow partial or complete recovery of your encrypted data without knowing the correct password or the key used to encrypt the data The only way to recover your files is to try to crack the password or the key but it could take thousands or millions of years depending on the length and quality of the password or on the key size on the software hardware efficiency and on other factors Q Is my password stored somewhere A No Q Is some hash of my password stored somewhere A No Q Is the key size limited to 160 bits when use HMAC SHA 1 or HMAC RIPEMD 160 A No TrueCrypt never uses an output of a hash function directly as an encryption key See the section Header Key Derivation for more information Q What is the maximum possible size of a TrueCrypt volume A TrueCrypt volumes can be up to 9 223 372 036 GB However you need to take into account the following the limitations of the file system that the container will be stored on the limitations of the file system of the container itself the hardware connection standard and your operating system limitations Remember that file hosted containers stored on the FAT32 file system cannot be larger than 4 GB if you need a larger volume store it on the NTFS file system or instead of creating a file hosted volume encrypt a partition Also note that any FAT32 volume encrypted o
7. more than random data it does not contain any signature Therefore it is impossible to prove that a file a partition or a device is a TrueCrypt volume and or that it has been encrypted To achieve plausible deniability the format of the volume and the encryption process had to be significantly changed The salt is 64 bytes long now E4M uses 20 bytes The iteration count of the key derivation function increased to 2 000 E4M uses 1 000 Free space is filled with random data during volume creation instead of filling it with zeroes This reduces the amount of predictable plaintext and in future will increase the level of plausible deniability of hidden volumes Up to 32 partitions per physical disk drive can be encrypted now Windows XP 2000 The minimum volume password length has been increased to 12 characters The maximum volume password length has been decreased from 100 to 64 characters This was necessary to avoid the following When a password longer than 64 characters was passed to HMAC SHA 1 the whole password was first hashed using SHA 1 and the resultant 160 bit value was then used instead of the original password which complies with HMAC SHA 1 specification thus the password length was in fact reduced The Blowfish key length size has been increased to 448 bits Remark Even though our increasing the key size to 448 bits might appear to be a significant overkill there was no reason for us not to do so note that there
8. volume is entirely encrypted Q Does TrueCrypt support something like traveller mode A If you need to use TrueCrypt a computer on which you cannot or do not want to install TrueCrypt we recommend using BartPE for this purpose BartPE stands for Bart s Preinstalled Environment which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD DVD The freeware Bart s PE Builder can transform any Windows installation CD into BartPE In order to include certain applications on a BartPE disk to make it available to the BartPE system you need a plug in for the application There are several free TrueCrypt plug ins for BartPE available on the Internet Copyright 2004 TrueCrypt Foundation 17 Q How is TrueCrypt related to E4M A TrueCrypt 1 0 was derived from E4M 2 02a For information on differences between E4M and TrueCrypt please see Version History Q Will TrueCrypt be open source and free forever A Yes it will No commercial version is planned and never will be We believe in open source and free security software Remark We know that there are certain individuals trying to distribute TrueCrypt as paid and closed source software We are not affiliated with these individuals Copyright 2004 TrueCrypt Foundation 18 Technical Details Encryption Scheme When mounting a TrueCrypt volume assume there are no cached passwords the following
9. with 6 If the values do not match or the first 4 bytes of the data decrypted in 4 do not contain the text string TRUE then the encryption algorithm is assumed to be incorrect If there is an encryption algorithm that decrypting has not yet been attempted with the process continues from 3 choosing such encryption algorithm If there are no encryption algorithms remaining if there is a HMAC hash algorithm that header key derivation has not yet been attempted with the process continues from 2 choosing such HMAC hash algorithm If there are no HMAC hash algorithms and no encryption algorithms remaining to be tested the password is assumed to be incorrect and mounting is terminated Now we know that we have the correct password and the correct encryption and hash algorithms The minimum program version required to open the volume stored in data decrypted in 4 is checked If it is not equal or less than the version of the program that we are using to mount the volume mounting is terminated The encryption routine is reinitialized with the master key and IV retrieved from the data decrypted in 4 This key can be used to decrypt any sector of the volume except the first one the volume header which has been encrypted using the header key Note The master key was generated during the volume creation and cannot be changed later Volume password change is accomplished by re encrypting the volume header using a new header key
10. your TrueCrypt volumes do not have the tc file extension this file extension is officially associated with TrueCrypt When formatting a hard disk partition as a TrueCrypt volume the partition table including the partition type is never modified If you intend to use a TrueCrypt partition and you need plausible deniability follow these steps Windows XP Make sure you have administrator privileges Right click My Computer icon on your desktop and select Manage In the list on the left click Disk Management the Storage sub tree Ifthe partition that you want to format as a TrueCrypt has already been created right click it and select Delete Partition the partition has not yet been created continue with step 4 Right click the free space should be labeled as Unallocated and select New Partition New Partition Wizard should appear now Follow its instructions On the Wizard page called Assign Drive Letter or Path select Do not assign a drive letter or drive path Click Next 7 Select Do not format this partition and click Next 8 Click Finish RON Copyright 2004 TrueCrypt Foundation 6 9 The partition now appears to be reserved for future use and future reformatting As it is unformatted it can contain any random data which might for example have resided on the hard drive since the last time you repartitioned the hard disk Therefore there is no difference
11. 1 are XORed with the 64 bit sector number each sector is 512 bytes long sectors are numbered starting at 0 In case of AES the upper and lower 64 bit words are XORed with an identical value The resultant 64 bit value or 128 bit for AES is the IV for each 64 bit block of the disk sector 128 bit for AES Note Step 1 is only performed once right after the volume is mounted The retrieved value remains in RAM then To make obtaining a plaintext ciphertext pair more difficult every 8 bytes of each sector after the sector is encrypted are XORed with a 64 bit value which is unique to each sector and volume The value is generated as follows 1 Bytes 264 271 or 272 279 for AES of the decrypted volume header are retrieved see sections TrueCrypt Volume Format Specification and Encryption Scheme Bytes 272 279 or 280 287 for AES of the decrypted volume header are retrieved Data retrieved in 1 are XORed with the 64 bit sector number each sector is 512 bytes long sectors are numbered starting at 0 Data retrieved in 2 are XORed with the 64 bit sector number A 32 bit CRC 32 value of the first 8 bytes of the resultant value in 3 is calculated A 32 bit CRC 32 value of the second 8 bytes of the resultant value in 3 is calculated A 32 bit CRC 32 value of the first 8 bytes of the resultant value in 4 is calculated A 32 bit CRC 32 value of the second 8 bytes of the resultant value in 4 is calculated The value ca
12. AntiVirus preferences e Nero InCD Note that even though this incompatibility has been reported by several users we cannot confirm it repeated tests under Windows XP Professional SP1 and Windows 2000 SP4 yielded negative results However we believe that the issue might really exist so we have added this piece of software to this list Copyright 2004 TrueCrypt Foundation 13 Driver Limitations amp Known Bugs e Network volumes are not supported A mounted TrueCrypt volume cannot be shared over a network LAN etc e Raw floppy disk volumes when a floppy disk is ejected and another one is inserted garbage will be read written to the disk which could lead to data corruption This affects only raw floppy disk volumes not file hosted containers stored on floppy disks TrueCrypt System Files WindowsPath TrueCryptSetup exe uninstaller WindowsPath SYSTEM32 DRIVERS truecrypt sys driver WindowsPath SYSTEM32 TrueCryptService exe service The service is necessary to register each newly mounted volume with the operating system Mount Manager which then assigns a drive letter to it The service also allows users without administrator privileges to dismount TrueCrypt volumes Note Replace WindowsPath with your Windows installation path e g WINDOWS Copyright 2004 TrueCrypt Foundation 14 Frequently Asked Questions forgot the password is there any way to recover the files
13. Copyright 2004 TrueCrypt Foundation 10 Syntax truecrypt v volume d letter l letter e b p password h q w a The order of the parameters is not important Whitespaces between parameters and parameter values do not matter Examples Mounting a volume called myvolume tc using the password MyPassword drive letter X TrueCrypt will open an explorer window and beep mounting will be automatic truecrypt v myvolume tc 1 a p MyPassword e b Mounting a volume called myvolume tc using the password prompt the main program window will not be displayed truecrypt v myvolume tc 1 a q Encryption Algorithms TrueCrypt volumes can be encrypted using one of the following algorithms Algorithm Designer s AES J Daemen V Rijmen CBC Blowfish B Schneier CBC CAST5 C Adams S Tavares CBC Triple DES IBM NSA Outer CBC A random value unique to each sector and volume is used as the IV for more information please see Sector Scrambling Copyright 2004 TrueCrypt Foundation 11 Troubleshooting This section presents possible solutions to common problems that you may run into when using TrueCrypt If your problem is not listed here it might be listed in one of the following sections Incompatibilities Driver Limitations amp Known Bugs Frequently Asked Questions PROBLEM cannot encrypt a partition because it is not displayed in the Select Devic
14. Roux for making his E4M source code available TrueCrypt is based on E4M Eric Young for writing his excellent libdes libcast etc which were the sources of some of the cryptography code used in TrueCrypt Brian Gladman who wrote the excellent AES routines Peter Gutmann for his paper on random numbers and for creating his cryptlib which was the source of parts of the random number generator source code used in TrueCrypt Andy Neville for providing some of the code and inspiration useful in the implementation of the file hosted volumes E4M David Kelvin who added the privacy password command line argument and the quiet mode 4 Copyright 2004 TrueCrypt Foundation 23 Version History 2 1 October 1 2004 Removed Features IDEA encryption algorithm removed This allows non profit and profit organizations to use TrueCrypt without having to obtain a separate license for IDEA according to the IDEA license any use of software containing the IDEA algorithm by a non profit or profit organization is considered as use for commercial purposes and is subject to a license from MediaCrypt AG Important TrueCrypt volumes encrypted using the IDEA encryption algorithm cannot be mounted using TrueCrypt 2 1 If you have such a volume before upgrading to TrueCrypt 2 1a please create a new TrueCrypt volume using a cipher other than IDEA and move your files to this new volume 2 1 June 21 2004 New features
15. TRUECRYPT FREE OPEN SOURCE ON THE FLY ENCRYPTION USER S GUIDE Version Information TrueCrypt User s Guide version 2 1a Released October 1 2004 Licensing Information Before installing this product TrueCrypt you must agree to the license displayed in the TrueCrypt Setup window the text of the license is also contained in the file License txt Copyright Information Portions of this software are Copyright 2004 TrueCrypt Foundation All Rights Reserved Copyright 1998 2000 Paul Le Roux All Rights Reserved Copyright 2004 TrueCrypt Team All Rights Reserved Copyright 1995 1997 Eric Young All Rights Reserved Copyright 2003 Dr Brian Gladman Worcester UK All Rights Reserved Copyright 2001 Markus Friedl All Rights Reserved For more information please see the legal notices attached to parts of the source code A TrueCrypt Foundation Release Limitations The TrueCrypt Foundation does not warrant that the information contained in this document meets your requirements or that the information is free of errors The information may include technical inaccuracies or typographical errors CONTENTS ENT RO DUC 4 4 CREATING NEW TRUECRYPT VOLUME 4 ATS OPAC
16. assword input field is wiped after a correct volume password has been entered e New graphics icons user interface e New documentation Removed features 4 and SFS volumes are no longer supported DES cipher removed e HMAC MD5 removed to be replaced HMAC RIPEMD 160 Copyright 2004 TrueCrypt Foundation 28
17. ation Header key is used to decrypt the encrypted area of the TrueCrypt volume header see sections Encryption Scheme and TrueCrypt Volume Format Specification The technique that TrueCrypt uses to generate header keys conforms to PKCS 5 v2 0 see ftp ftp rsasecurity com pub pkcs pkcs 5v2 pkcs5v2 0 pdf 64 byte 512 bit salt is used which means there are 2 to the power of 512 keys for each password This significantly decreases vulnerability to off line dictionary attacks pre computing all the keys for a dictionary of passwords is very difficult when a salt is used 2 000 iterations of the key derivation function have to be performed to derive a header key which significantly increases the time necessary to perform an exhaustive search for passwords brute force The header key derivation function is based on Copyright 2004 TrueCrypt Foundation 20 HMAC SHA 1 or HMAC RIPEMD 160 the user selects which For more information please see RFC 2104 available at http www cis ohio state edu htbin rfc rfc2104 html Sector Scrambling Each cipher implemented in TrueCrypt operates in CBC mode Triple DES in outer CBC The IV initialization vector is a random value which is unique to each sector and volume This value is generated as follows 1 Bytes 256 263 or 256 271 for AES of the decrypted volume header are retrieved see sections TrueCrypt Volume Format Specification and Encryption Scheme Data retrieved in
18. between such an unformatted partition and a TrueCrypt volume Now you can format the partition as TrueCrypt to do that click Create Volume in the main program window follow the Volume Creation Wizard s instructions Note if instead of an unformatted partition you format NTFS FAT16 FAT32 partition as TrueCrypt the partition will then appear to be a corrupted NTFS FAT16 FAT22 partition Main Program Window Select File Allows you to select a file hosted TrueCrypt volume After you select it you can mount it by clicking Mount see below It is also possible to select a volume by dragging its icon to the TrueCrypt exe icon TrueCrypt will be automatically launched then Select Device Allows you to select a TrueCrypt partition or a storage device such as floppy disk or ZIP disk After it is selected it can be mounted by clicking Mount see below Note There is a more comfortable way of mounting TrueCrypt partitions see Auto Mount Partitions for more information Mount To mount a TrueCrypt volume select a free drive letter from the list in the main window Then select a file or device that hosts the TrueCrypt volume and click Mount TrueCrypt will try to mount the volume using cached passwords if there are any and if none of them works it asks you to enter a password If you enter the correct password the volume will be mounted Note that switching users on Windows XP 2000 does
19. dismounted Password Entry Cache Password in Driver Memory When checked the volume password you enter will be cached in driver memory if the password is correct Then later volumes can be mounted using the cached password without having to type it Copyright 2004 TrueCrypt Foundation 8 again Up to four passwords can be cached The passwords are never saved on any disk They are only temporarily stored in RAM Driver memory is never swapped to disk Note that turning the password cache off will not clear it click Wipe Cache to do so Program Menu Note Only the menu items that are not self explanatory are described in this documentation File gt Exit Terminates the TrueCrypt application The driver continues working and no TrueCrypt volumes are dismounted Tools gt Clear Volume History Clears the list containing file names and paths of the last eight successfully mounted TrueCrypt volumes Tools gt Preferences Wipe cached passwords on exit If enabled passwords cached in driver memory will be cleared when exiting TrueCrypt Cache passwords in driver memory When checked up to last four successfully mounted TrueCrypt volume passwords will be cached in driver memory Then later volumes can be mounted using a cached password without having to type it again The passwords are never saved on any disk They are only temporarily stored in RAM Driver memory is never swapped to disk Open Explorer window fo
20. during the encryption decryption process TrueCrypt Volume There are two basic types of TrueCrypt volumes e Container Partition device A TrueCrypt container is a normal file which can reside on any type of storage device It contains hosts a completely independent encrypted virtual disk device Container is a file hosted volume A TrueCrypt partition is a hard disk partition encrypted using TrueCrypt You can also encrypt floppy disks ZIP disks USB hard disks USB memory sticks and other types of storage devices Creating a New TrueCrypt Volume To create a new TrueCrypt file hosted container or to encrypt a partition device requires administrator privileges click on Create Volume in the main program window TrueCrypt Volume Creation Wizard should appear As soon as the Wizard appears it starts collecting data that will be used in generating the master key the salt and the values used to create the IV and whitening values for the new volume The collected data which should be as random as possible include your mouse movements mouse clicks key presses and other values obtained from the system for more information please see Random Number Generator The Wizard provides help and information necessary to successfully create a new TrueCrypt volume However several items deserve further explanation Copyright 2004 TrueCrypt Foundation 4 Hash Algorithm By setting this option you select which hash algor
21. e window PROBABLE CAUSE The partition is probably in use by the system or a program POSSIBLE SOLUTION First close or disable all programs that might be using the partition in any way If it does not help right click the My Computer icon on your desktop and select Manage gt Storage gt Disk Management Then right click the partition that you want to encrypt and click Change Drive Letter and Paths then click Remove and OK Restart your system PROBLEM cannot encrypt a partition because the TrueCrypt Volume Creation Wizard says it is in use POSSIBLE SOLUTION First make sure that you are not trying to encrypt the operating system boot partition TrueCrypt does not support this Then close or disable all programs that might be using the partition in any way If it does not help right click the My Computer icon on your desktop and select Manage gt Storage gt Disk Management Then right click the partition that you want to encrypt and click Change Drive Letter and Paths then click Remove and OK Restart your system PROBLEM My system crashes when dismount a TrueCrypt volume PROBABLE CAUSE This is probably caused by an anti virus program running in the background POSSIBLE SOLUTION It usually helps to turn off real time on access scanning in the preferences of the anti virus program you use If it does not help try disabling or uninstalling the anti virus program completely Copyright 2004 TrueCrypt Fou
22. eCrypt container it will be possible to dismount both of them using the Dismount All function and blue screen errors will not occur upon system shutdown e Minor bug fixes to command line handling Copyright 2004 TrueCrypt Foundation 24 Improvements Several minor improvements to the driver Miscellaneous 2 0 Released under the original E4M license to avoid potential problems relating to the GPL license added the IDEA patent information and specific legal notices June 7 2004 Bug fixes Data corruption will no longer occur when a TrueCrypt partition is subjected to heavy parallel usage usually when copying files to or from a TrueCrypt partition This also fixes the problem with temporarily inaccessible files stored in TrueCrypt partitions Note File hosted volumes were not affected by this bug After dismounting and remounting a volume its file system will be correctly recognized by the operating system and it will be possible to reuse the same drive letter Windows 2000 issue The main program window will not be displayed when run in quiet mode command line usage Two password entry attempts are no longer necessary to be able to mount a volume command line usage All partitions will be visible to TrueCrypt even if one of them is inaccessible to the operating system an inaccessible partition made all successive partitions on the hard disk unavailable to TrueCrypt Relative path can be s
23. hashed using a hash function 1 or RIPEMD 160 the user selects which The described random number generation technique is based on the following Software Generation of Practically Strong Random Numbers by Peter Gutmann http www cs auckland ac nz pqut001 pubs random pdf Cryptographic Random Numbers by Carl Ellison http www clark net pub cme P1363 ranno html Compliance with Standards and Specifications TrueCrypt complies with the following standards and specifications 5 v2 0 ftp fto rsasecurity com pub pkcs pkcs 5v2 pkcs5v2 0 pdf FIPS 180 2 SHA 1 http csrc nist gov publications fips fips180 2 FIPS180 2_changenotice padf RFC 2104 HMAC http www cis ohio state edu htbin rfc rfc2104 html RFC 2202 HMAC SHA 1 http Awww cis ohio state edu htbin rfc ric2202 html FIPS 46 3 Triple DES http csrc nist gov publications fips fips46 3 fips46 3 pdf FIPS 197 AES http csrc nist gov publications fips fips197 fips 197 pdf Copyright 2004 TrueCrypt Foundation 22 Future Development The following features are planned for a future release e Hidden volume e Twofish e Serpent e Linux version e Hash algorithms conceptually distinct from SHA 1 and RIPEMD 160 e Header key derivation PRF algorithms conceptually distinct from HMAC SHA 1 and HMAC RIPEMD 160 e Keyfiles Anti key logger facilities e Hotkeys and more Acknowledgements Thanks to Paul Le
24. is no decrease in speed of Copyright 2004 TrueCrypt Foundation 26 encryption decryption Bug fixes e Sector scrambling algorithm flaw fixed Two or more disk sectors to be encrypted consisting of the same values e g filled with zeroes after being encrypted by E4M start with the same 8 byte sequence of values i e the first eight bytes of any of these encrypted sectors contain the same values as the first eight bytes of any other of these encrypted sectors If this had not been fixed the plausible deniability would not have been possible e TrueCrypt volumes can be dismounted Windows issue e Blue screen errors no longer occur during Windows shutdown when there is one or more mounted TrueCrypt volumes e Drive geometry is calculated correctly now chkdsk exe and format exe do not fail anymore e A TrueCrypt volume can be reformatted as FAT32 or NTFS using the Windows built in format tool Windows XP 2000 issue e Windows Check Disk can now be used on TrueCrypt volumes Windows XP 2000 issue e Windows Disk Defragmenter can now be used on encrypted volumes Windows XP 2000 issue New features IV initialization vector generation algorithm see the documentation for more information e Every 8 bytes of each sector after the sector is encrypted are XORed with a random 64 bit value which is unique to each sector and volume sector is 512 bytes long This makes obtaining a plaintext cipherte
25. itation Copyright 2004 TrueCrypt Foundation 16 TrueCrypt with another on the fly disk encryption tool one system A We are not aware of any on the fly encryption tool that would cause problems when run with TrueCrypt or vice versa Can resize a TrueCrypt partition A Unfortunately TrueCrypt does not support this Resizing a TrueCrypt partition using a program such as PartitionMagic will in most cases corrupt its contents Will always be able to mount a TrueCrypt container no matter how fragmented it is A Yes Q Is it necessary to restart the computer before copying a TrueCrypt container A No it is not necessary Q Is it secure to create a new container by cloning an existing container A You should always use the Volume Creation Wizard to create a new TrueCrypt volume If you copy a container and then start using both this container and its clone in a way that both eventually contain different data then you could aid cryptanalysis The reason is that both volumes would share the same key IVs whitening values etc Q Do I have to wipe free space and or files a TrueCrypt volume Wiping secure deletion overwriting sensitive data to render them unrecoverable A If you believe that an adversary will be able to decrypt the volume for example that he will make you reveal the password then the answer is yes Otherwise it is not necessary because the
26. ithm TrueCrypt will use The selected hash algorithm is used by the random number generator which generates the master key salt and the values used to create IV and whitening values It is also used in deriving the new volume header key TrueCrypt currently supports two hash algorithms RIPEMD 160 which was designed by an open academic community and SHA 1 designed by the NSA and NIST Note that the output of a hash function is never used directly as an encryption key For more information please see the section Technical Details Quick Format If unchecked each sector of the new volume will be formatted Basically this means that the new volume will be entirely filled with random data Quick format is much faster but may be less secure because until the whole volume has been filled with files it may be possible to tell how much data it contains if the space was not filled with random data beforehand If you are not sure whether to enable or disable Quick Format we recommend that you leave this option unchecked Note that Quick Format can only be enabled when encrypting partitions Cluster Size Cluster is an allocation unit For example for a one byte file at least one cluster should be allocated on FAT file system When the file grows beyond the cluster boundary another cluster is allocated Theoretically this means that the bigger the cluster size the more disk space is wasted however the performance is better If you d
27. lculated in 5 is XORed with the value calculated in 8 The value calculated in 6 is XORed with the value calculated in 7 The 32 bit value calculated in 9 is written to the upper 32 bit word and the value calculated in 10 is written to the lower 32 bit word of the 64 bit whitening value Copyright 2004 TrueCrypt Foundation 21 Random Number Generator The random number generator implemented in TrueCrypt is used to generate the master encryption key salt and the values used to create IV and whitening values see section Sector Scrambling The random number generator creates a pool of random values in RAM The pool which is 256 bytes long is periodically filled byte by byte with values derived from the following sources Mouse movements CRC32 hashed coordinates and event delta times Mouse clicks CRC32 hashed event delta times Key presses CRC32 hashed key codes and event delta times Network interface statistics NETAPI32 collected only once in the beginning Performance statistics of disk devices collected only once in the beginning Various Win32 handles time variables and counters collected at 250 ms interval Random values are written to the pool by adding not by replacing the old values in the pool This means that from the moment that a value is written to the pool it never stops affecting the state of it Additionally after a value byte is added to the pool the pool is entirely
28. n the volume will be destroyed and the partition will not be encrypted anymore it will be empty Q How do decrypt a TrueCrypt partition permanently A If you format a TrueCrypt encrypted partition when the TrueCrypt volume hosted by the partition is not mounted then the volume will be destroyed and the partition will not be encrypted anymore it will be empty Note that the contents of the TrueCrypt volume will be lost Q How do burn a TrueCrypt container larger than 2 GB onto a DVD A The DVD burning software you use should allow you to select the format of the DVD If it does select the UDF format ISO format does not support files over 2 GB Can use tools like chkdsk Defrag etc on the contents of a TrueCrypt volume A Yes TrueCrypt volumes behave like real physical disk devices so it is possible to use any filesystem checking repairing defragmenting tools on the contents of a mounted TrueCrypt volume Q Is it possible to encrypt my operating system boot partition A No TrueCrypt does not allow this However there are ways to ensure that the volume where operating system resides is read only which should prevent information leakage registry temporary files etc are stored in RAM For more information see the question Does TrueCrypt support something like traveller mode mount a TrueCrypt volume stored on another TrueCrypt volume A Yes TrueCrypt volumes can be nested without any lim
29. ndation 12 PROBLEM One of the following problems occurs 1 TrueCrypt volume cannot be mounted 2 NTFS TrueCrypt volumes cannot be created In addition the following error may be reported The process cannot access the file because it is being used by another process PROBABLE CAUSE This is probably caused by an interfering virus protection software application POSSIBLE SOLUTION It usually helps to turn off real time on access scanning in the preferences of the virus protection software you use If it does not help try temporarily disabling the virus protection software this does not help either try uninstalling it completely Incompatibilities There are a few pieces of software that we know about that might under certain circumstances cause problems if run with TrueCrypt e McAfee Antivirus Windows 2000 SP4 If system crashes occur when dismounting a TrueCrypt volume try disabling the on access scanner in the McAfee Antivirus preferences before mounting a TrueCrypt volume and leave it disabled while it is mounted e Symantec Norton AntiVirus Windows 2000 SP4 There have been contradicting reports Most users reported that they had no problems running Symantec Norton AntiVirus with TrueCrypt and our tests revealed no problems either If you have Norton AntiVirus installed and system crashes occur when dismounting TrueCrypt volumes try disabling File System Real Time Protection in the Norton
30. not dismount a successfully mounted TrueCrypt volume Also note that when you exit the TrueCrypt application the TrueCrypt driver still continues working and no TrueCrypt volumes are dismounted Auto Mount Partitions This function allows you to mount TrueCrypt partitions without having to select them manually by clicking Select Device TrueCrypt goes through all available partitions on all hard drives one by one and tries to mount each of them as a TrueCrypt volume Note that TrueCrypt partition cannot be identified nor the cipher it has been encrypted with Therefore the program cannot directly find TrueCrypt partitions Instead it has to try mounting each even unencrypted partition using all encryption algorithms and all cached passwords if there are any Therefore be prepared that this process may take a long time on slow computers Drive letters will be assigned starting from the one that is selected in the drive list in the main window If the password you enter is not correct mounting is tried using cached passwords if there are any If you enter empty password only the cached passwords will be used when attempting to mount partitions Copyright 2004 TrueCrypt Foundation T Dismount To dismount a TrueCrypt volume basically means to make any access to the data it contains impossible do so select a TrueCrypt volume and click on Dismount Dismouni Dismounts all currently mounted TrueCrypt
31. o not know which value to use leave the setting at default Auto Test All Algorithms The built in self test facility accessible from the Volume Creation Wizard Step 2 window automatically tests all the encryption algorithms and all the hash algorithms HMAC s implemented in TrueCrypt and reports the results To run these tests click on the Auto Test All Algorithms button in the test tool window We recommend that you test the algorithms each time right before creating a new TrueCrypt volume TrueCrypt Volume on CD DVD and Other Read Only Media If you want a TrueCrypt volume to be stored on a CD DVD or other read only media first create a file hosted TrueCrypt container on a hard drive and then burn it onto a CD DVD etc with any CD burning software or under Windows with the built in system tool Remember that if you need to mount a TrueCrypt volume that is stored on a read only medium such as a CD or DVD under Windows 2000 you must format the volume as FAT Windows 2000 cannot mount NTFS file system on read only media Copyright 2004 TrueCrypt Foundation 5 Additional Notes on Volume Creation After you click the Format button the Volume Creation Wizard window the last step there will be a short delay while your system is being polled for additional random data Afterwards the master key header key salt and the values used to create the IV and whitening values for the new volume will be gene
32. pecified when mounting a file hosted volume command line usage Incorrect passwords are reported when auto mounting command line usage New features AES 256 Rijndael encryption algorithm The command line option dismountall was renamed to dismount which can now be also used to dismount a single volume by specifying its drive letter Improvements Memory pages containing sensitive data are now locked to prevent them from being swapped to the Windows page file The state of the random pool will never be exported directly so the pool contents will not be leaked Copyright 2004 TrueCrypt Foundation 25 Miscellaneous 1 0a Released under GNU General Public License GPL by TrueCrypt Team February 3 2004 Removed features 1 0 TrueCrypt no longer supports Windows 98 ME by TrueCrypt Team February 2 2004 Note TrueCrypt is based on E4M Encryption for the Masses Therefore the following list contains differences between E4M 2 02a and TrueCrypt 1 0 minor differences have been omitted Improvements Windows XP 2000 support The maximum volume size is 18 446 744 073 GB E4M only allows 2 GB Note File system hardware connection standard and operating system limitations have to be taken into account when determining maximum volume size Plausible deniability It is impossible to identify a TrueCrypt container or partition Until decrypted a TrueCrypt volume appears to consist of nothing
33. r d cache or c history or h wipecache or w password or p quiet or q Displays command line help File and path name of a TrueCrypt volume To mount a hard disk partition use for example v Device Harddisk1 Partition3 to determine the path to a partition run TrueCrypt and click Select Device Driver letter to mount the volume as Opens an Explorer window after a volume has been mounted Beeps after a volume has been mounted Automatically mounts the volume Dismounts the given volume specified by its drive letter or when no volume is specified dismounts all currently mounted TrueCrypt volumes Enables Y or disables N the password cache Note that turning the password cache off will not clear it Enables Y or disables N the history Wipes any passwords cached in the driver memory The volume password If the password contains spaces it must be enclosed in quotation marks e g p My Password Warning This method of entering a volume password is not secure particularly when you save the password in an unecrypted batch file or when an unencrypted command prompt history log is being saved to disk Consider using q a instead Quiet mode When used along with auto and if no cached password is correct the password prompt appears the main TrueCrypt window is not displayed This could increase the level of privacy in multi user environments Program settings are not saved when in quiet mode
34. r not cannot be larger than 2048 GB if you need larger volumes format them as NTFS Q Which cipher is the most secure A Unfortunately it is impossible to answer this question However all ciphers implemented in TrueCrypt are well known and trusted No weak cipher has been implemented in TrueCrypt Q How does TrueCrypt verify that the correct password was entered See section Technical Details Encryption Scheme Copyright 2004 TrueCrypt Foundation 15 Q Is it possible to mount a TrueCrypt container that is stored on a CD or DVD A Yes it is However if you need to mount a TrueCrypt volume that is stored on a read only medium such as a CD or DVD under Windows 2000 the file system of the TrueCrypt volume must be FAT Windows 2000 cannot mount NTFS file system on read only media Q What will happen if format a TrueCrypt partition See the question s it possible to change the file system of an encrypted volume Q Is it possible to change the file system of an encrypted volume A Yes when mounted TrueCrypt volumes can be formatted as FAT12 FAT16 FAT32 or NTFS The volumes behave as standard disk devices so you can right click the device icon for example in My Computer list and select Format The actual volume contents will be lost the whole volume will remain encrypted though If you format a TrueCrypt encrypted partition when the TrueCrypt volume that the partition hosts is not mounted the
35. r successfully mounted volume If this option is checked then after a TrueCrypt volume has been successfully mounted an Explorer window showing the root directory of the volume e g will be automatically open Close all Explorer windows of volume being dismounted Sometimes dismounting a TrueCrypt volume is not possible due to the fact that some files or folders located on the volume are in use or locked This also applies to Explorer windows displaying directories located on TrueCrypt volumes When this option is checked all such windows will be automatically closed before dismounting so that the user does not have to close them manually Copyright 2004 TrueCrypt Foundation 9 Supported Operating Systems TrueCrypt runs on the following operating systems e Windows 2003 e Windows XP e Windows 2000 We recommend Windows XP at least Service Pack 1 or later as the optimum environment for running TrueCrypt Uninstalling TrueCrypt To uninstall TrueCrypt open the Windows control panel and select Add Remove Programs locate TrueCrypt and click the Add Remove button Normally all TrueCrypt files including the device driver should be removed and most of the changes made to the registry should be undone The uninstall will never remove any TrueCrypt volume you may have created Command Line Usage help or volume or v letter or explore or e beep or b auto or a dismount o
36. rated and the master key and header key contents will be displayed For increased security the random pool master key and header key contents can be prevented from being displayed by unchecking the checkbox in the upper right corner of the corresponding field Random Poot DSAC33EF4BFCC7DC811F3FD3201F M Header Key 07 92C90DECE639FD 7A40F729E95D Master Key JBA4SO0AS2A9EASBAFFCSOEG6G1EDS4 Note that only the first 112 bits of the pool keys are displayed not the entire contents TrueCrypt volumes can be reformatted as FAT12 FAT16 FAT32 or NTFS anytime They behave as standard disk devices so you can right click the device icon and select Format Warning When encrypting entire hard drive partition or entire device floppy disk ZIP disk etc all data stored on the device partition will be lost Plausible Deniability It is impossible to identify a TrueCrypt container or partition Until decrypted a TrueCrypt volume appears to consist of nothing more than random data it does not contain any signature Therefore it is impossible to prove that a file a partition or a device is a TrueCrypt volume and or that it has been encrypted TrueCrypt container files do not have to have a standard file extension They can have any file extension you like for example raw dat iso img rnd tc or they can have no file extension at all TrueCrypt ignores file extensions If you need plausible deniability make sure
37. steps are performed 1 8 The first 512 bytes of the volume are read into RAM out of which the first 64 bytes are the salt A password entered by the user and the salt read in 1 are passed to the header key derivation function A HMAC hash algorithm is chosen and the header key derivation function produces a sequence of values see section Header Key Derivation from which the header encryption key and IV used to decrypt the volume header are derived Note that it is impossible to directly determine the correct HMAC hash algorithm that has to be used in deriving the correct header key it has to be determined through the process of trial and error An encryption algorithm is chosen and initialized with the key and IV obtained in 2 Note that it is impossible to directly determine the encryption algorithm that has been used to encrypt the volume it has to be determined through the process of trial and error The data read in 1 except the first 64 bytes are decrypted with the chosen encryption algorithm Note that now it is still unknown whether the chosen encryption and hash algorithms are correct or not If the first 4 bytes of the data decrypted in 4 contain the text string TRUE then a CRC 32 checksum of the last 256 bytes of the data read in 1 is calculated If this value matches the value stored at the 8 byte see section TrueCrypt Volume Format Specification of the data decrypted in 4 the process continues
38. volumes Wipe Cache Clears any passwords cached in driver memory When there are no passwords in the cache this button is disabled Up to last four successfully mounted TrueCrypt volume passwords can be cached This allows mounting volumes without having to type their passwords repeatedly Passwords are never saved on any disk they are only temporarily stored in RAM Driver memory is never swapped to disk Password caching can be enabled disabled in the Preferences Tools menu Change Password Allows changing the password of the currently selected TrueCrypt volume The main encryption key remains unchanged Therefore reformatting is not necessary and is not performed i e no data will be lost after changing the password and the password change will only take a few seconds To change the password of a TrueCrypt volume click on Select File or Select Device then select the volume and click on Change Password PKCS 5 PRF Algorithm When changing a volume password you can also select the HMAC hash algorithm that will be used in deriving the new volume header key for more information see Header Key Derivation and in generating the new salt for more information see Random Number Generator Never Save History If checked the file names and paths of the last eight mounted volumes will not be saved in the history Exit Terminates the TrueCrypt application The driver continues working and no TrueCrypt volumes are
39. xt pair a bit more difficult e New function to clear the volume history When selecting a partition device the sizes and file system types of available partitions devices are displayed Windows XP 2000 List of mounted TrueCrypt volumes now contains their sizes and encryption algorithms used Windows XP 2000 e Free volume space is reported Computer list etc e Windows XP format facilities do not support formatting volumes larger than 32 GB as FAT32 However with TrueCrypt Volume Creation Wizard it is now possible to create FAT32 volumes larger than 32 GB e New function that allows multiple TrueCrypt partitions to be mounted provided that their correct password s has have been entered this includes the cached passwords if there are any e Quick format partitions devices only e Cluster size selection when creating new volumes e Volume properties can now be examined encryption algorithm volume creation time last password change time etc New function to dismount all mounted TrueCrypt volumes Copyright 2004 TrueCrypt Foundation 27 e New command line options to dismount all mounted TrueCrypt volumes d and dismountall HMAC SHA1 CRC 32 algorithm tests are now included the self test facility e Program menu and Preferences window added e Custom user interface fonts supported e Optionally the TrueCrypt installer can now create System Restore points Windows XP ME P

Download Pdf Manuals

image

Related Search

Related Contents

Sencor SRC 180 GN  Juega, Aprende y Emprende    Q-View User Manual  ZPLUS HV USER MANUAL IA779-04-01A.indd  Linear LC075 Garage Door Opener User Manual  Montage- und Bedienungsanleitung für Gelenkarm  取扱説明書ダウンロード(PDF)  Les Malles pédagogiques  

Copyright © All rights reserved.
Failed to retrieve file