TCTEMP USER'S GUIDE
Contents
1. 3 If TCTEMP is already installed Enter 7 to re install TCTEMP 4 Enter 1 to 8to change the TCTEMP settings Please mind the following restrictions Iteration count It is usually the best choice for most users to set the iteration count multiplier to 1 If this value is set too high the computer might appear to be not bootable because it is busy with deriving the new keys and password You can check how long it takes for TCTEMP to create the new keys and password by installing the TCTEMP DEBUG version The time between displaying the command line and the text Restoring file system is used to create the new keys and should be proportional to the iteration count multiplier Volume name If you want to use an encrypted partition instead of a container file you must specify the TCTEMP volume with the nomenclature IDevicelHaradiskO Partition2 Be aware that the device partition name is case sensitive and make sure that you use correct values for the hard disk number and the partition number TrueCrypt exe can be used to find the right values 5 Enter 9to install TCTEMP 6 Optionally run TrueCrypt and disable all auto dismount events Settings gt Preferences TCTEMP USER S GUIDE VERSION 1 20 Changing the Location of the Print Spooler Files The location of the print spooler files can be redirected as follows see also 6 and 1 1 Open Control Panel 2 Open Printers 3 Select menu item File gt Server Properties 4 Select A2. TCTEMP USER S GUIDE Version 1 20 TCTEMP USER S GUIDE VERSION 1 20 ii Contents General InformaliOri u oie ere e tm eh OE p rer pa c E D ERR c EXE ERR Rex Ee pe een 1 System Requirements ite t EORR aaa 1 Latest Versione deter idee e eed n Tem Ete e er eG rediret 1 licensing Information are ri ree rede ete er ein ves DERE RE SER RA RR AREE ieee eee 1 Copyrnght Information eoo e eo reete erede Mane eis na et 1 Technical Description of TGTEMPD ccrte oh ec ER CR HER OH RR RR nennt 2 Installing TOTEMP eerte De A ter e Exe Pee ra ter cette bn taies 3 Changing the Location of the Print Spooler Files 4 SIT vui duree H 5 Troubleshoolirig e E one ar pe Dt areas Den hd nde ie edie tie eats 6 Disabling TG TEMP e M 6 Frequently Asked Questlons dee tei ia 7 Uninstalling TC TEMP isco naa tr e eee eeu ex eere ata 8 e Ce oe ete Dot ed ee ete n dna eae 9 Other Projects e E etre etre tee e tir e en drin te xa e Fo Re tata 12 greci E 12 TG TEMP a A aia 12 TCUSER MM A coda 12 Acknowledgements pee een ro o ape ER m e E EX dead sa cxi ae 13 References oreet dateien Idi 14 TCTEMP USER S GUIDE VERSION 1 20 1 General Information TCTEMP automates the process of using TrueCrypt to on the fly encrypt temporary files and print spooler files TCTEMP creates new random keys and a new random p
3. assword for a TrueCrypt volume during Windows startup It then mounts the TrueCrypt volume and initializes the volume s file system The mounted TCTEMP TrueCrypt volume is suitable for temporary files and for print spooler files The file system is initialized by copying the contents of an image file to the TrueCrypt volume Only those sectors are copied to the TrueCrypt volume which are required to replicate the file system The initialization procedure should therefore be as fast as using quick format Note A more secure and more reliable method to encrypt temporary files is to encrypt the system partition TCTEMP is only then a preferable method if system encryption is not an option System Requirements Supported operating systems Windows 7 Vista XP 2000 SP4 2003 2008 and Windows 7 Vista XP 2003 2008 x64 Edition Required TrueCrypt version 7 0a or 7 0 Latest Version The latest TCTEMP version can be downloaded from the TCTEMP project homepage The authenticity of the downloaded files can be checked with the public project key Licensing Information TCTEMP may be used modified and or distributed under the terms of the TrueCrypt Collective License Version 1 2 see License txt Copyright Information TCTEMP 1 20 Copyright 2006 2010 Author of TCTEMP All rights reserved 1 Based on TrueCrypt freely available at http www truecrypt org 2 TCTEMP project homepage http www tctemp t35 com 3 Fingerprint of the TCTEMP proj
4. cess of using TrueCrypt to on the fly encrypt temporary files and print spooler files TCTEMP creates new random keys and a new random password for a TrueCrypt volume during Windows startup It then mounts the TrueCrypt volume and initializes the volume s file system The file system is initialized by copying the contents of an image file to the TrueCrypt volume Only those sectors are copied to the TrueCrypt volume which are required to replicate the file system The initialization procedure should therefore be as fast as using quick format Project Start February 2006 Fingerprint of the Public Project Key 75EB 6BC2 01B7 F6E7 4BD7 CC58 4A5F C393 19EE 6E69 Project Homepage htip tctemp t85 com TCUSER Description TCUSER allows the use of TrueCrypt to on the fly encrypt a Windows user profile A Windows user profile usually contains user registry files user documents and settings temporary files etc Project Start August 2008 Fingerprint of the Public Project Key B4B2 4F8B D691 335F B90C 1A64 FD5F 9D52 6EA4 7C3F Project Homepage http tcuser t85 com TCTEMP USER S GUIDE VERSION 1 20 13 Acknowledgements would like to thank the TrueCrypt Foundation for its excellent free open source disk encryption TrueCrypt The interface to the device driver is taken from the source code of TrueCrypt The method to add values to the entropy pool is taken from the TrueCrypt keyfile applying algorithm would like to thank Tom St De
5. dvanced 5 Enter a new location for the print spooler files TCTEMP USER S GUIDE VERSION 1 20 Security Precautions The automatically generated keys are possibly less secure than keys generated by TrueCrypt because the system offers less entropy sources during startup TCTEMP USER S GUIDE VERSION 1 20 Troubleshooting Disabling TCTEMP A native startup application has always the potential to make the operating system unbootable In this case TCTEMP can be disabled as follows 1 Boot from Windows setup disk 2 Select Repair Console 3 Enter the administrator password 4 Enter cd system32 5 Enter del tctemp exe TCTEMP USER S GUIDE VERSION 1 20 Frequently Asked Questions Q What was the reason of using an image file and not using quick format instead A The reason for using an image file is that the operating system cannot be asked during the boot process to quick format a drive the necessary libraries are Win32 DLLs and using an image file seemed to be the easiest fastest and most flexible way to obtain the same result Q Is it possible to store the hibernation file on the TCTEMP volume A No unfortunately it is impossible to store a hibernation file on the TCTEMP volume because the password and the keys of the TCTEMP volume are lost when the system is powered off TCTEMP USER S GUIDE VERSION 1 20 Uninstalling TCTEMP TCTEMP can be uninstalled as follows 1 Start INSTALL INSTALL CMD 2 Enter 3
6. ect key 75EB 6BC2 01B7 F6E7 4BD7 CC58 4A5F C393 19EE 6E69 TCTEMP USER S GUIDE VERSION 1 20 2 Technical Description of TCTEMP TCTEMP is started early in the boot process just after the hard disks have been checked and works as follows 1 TCTEMP fills its entropy pool with the contents of the CPU time stamp counter 2 TCTEMP fills its entropy pool with volatile system information 3 32 bit Windows only TCTEMP fills its entropy pool with 64 bytes from the VIA CPU RNG if a VIA CPU RNG is present and enabled TCTEMP fills its entropy pool with the contents of the CPU time stamp counter TCTEMP processes the command line arguments 4 5 6 TCTEMP fills its entropy pool with the contents of the CPU time stamp counter 7 TCTEMP fills its entropy pool with the last access time of the image file 8 TCTEMP fills its entropy pool with the contents of the CPU time stamp counter 9 TCTEMP reads the encrypted header of the unmounted TCTEMP TrueCrypt volume 10 TCTEMP fills its entropy pool with the contents of the CPU time stamp counter 11 TCTEMP fills its entropy pool again with volatile system information 12 TCTEMP fills its entropy pool with the contents of the CPU time stamp counter 13 TCTEMP creates new volume keys and a new password for the TCTEMP TrueCrypt volume with the same key deriving function which is later used to derive the header keys The 2nd 64 byte block of the encrypted header is used as salt and the entropy pool
7. ient to increase the password derivation complexity instead 1 2a Fixed File names are no longer limited to 15 characters It is now possible to use a device hosted TrueCrypt volume 1 2 Improved Setup and image file creation procedure New The CPU time stamp counter is used as a further entropy source Changed The salt of the new volume header is now encrypted with the new volume keys using LRW start index Oxfffffffffffffff in order to make it harder to find the previous contents of the volume header with forensic methods 1 1 Improved Setup and image file creation procedure Changed The stack is now wiped only once just before terminating TCTEMP TCTEMP USER S GUIDE VERSION 1 20 12 Other Projects TCGINA Description TCGINA allows the use of TrueCrypt to on the fly encrypt a Windows user profile A Windows user profile usually contains user registry files user documents and settings temporary files etc TCGINA detects whether a user profile is encrypted stored on a TrueCrypt volume and mounts the corresponding TrueCrypt volume before continuing the Windows log on procedure TCGINA is implemented as a stub GINA and works together with the original Windows GINA MSGINA DLL or with a custom GINA Project Start March 2005 Fingerprint of the Public Project Key 294B A769 4A0A CC05 DAE6 00DD FF47 8C72 4097 67CE Project Homepage http tcgina t35 com TCTEMP Description TCTEMP automates the pro
8. is used as password 14 TCTEMP initializes a buffer for the new volume header with zeros and copies the new volume keys to the header buffer 15 TCTEMP encrypts the salt of the header buffer with the new volume keys using Oxffffffffffffffff as data unit number for XTS mode 16 TCTEMP derives the header keys and encrypts the header buffer 17 TCTEMP replaces the header of the TCTEMP TrueCrypt volume with the header buffer frees unused sectors in case of a dynamic TrueCrypt container file and mounts the TrueCrypt volume 18 TCTEMP copies the contents of an image file to the sectors of the mounted TrueCrypt volume in order to restore the file system If a weak password is detected after calling the key password deriving function then one salt byte is incremented and the key password deriving function is called again up to 254 times TCTEMP aborts its operation if it cannot create a non weak password In this case the TCTEMP TrueCrypt volume is not available for the system TCTEMP USER S GUIDE VERSION 1 20 3 Installing TCTEMP Note that the installation procedure will add an entry to the registry value HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Session Manager BootExecute in order to start TCTEMP during system startup TCTEMP can be installed as follows 1 Start INSTALLUNSTALL CMD 2 If Windows notifies you that an unidentified program namely TCTEMP Setup exe wants access to your computer then press Allow
9. nis for his excellent portable ISO C cryptographic library LibTomCrypt have used his library for all hash functions the PKCS 5 V2 0 key deriving function and for all ciphers but Serpent would like to thank Wei Dai for his excellent comprehensive C class library Crypto have used his library for Serpent would like to thank Jason Perkins and the Premake Project for their free open source build script generator Premake have used Premake to create all solution and project files would like to thank Samuel Demeulemeester from x86 secret com for testing the 32 bit VIA RNG code on a VIA C7 processor TCTEMP USER S GUIDE VERSION 1 20 14 References 1 2 3 4 5 6 7 8 9 How to Move the Spool Folder in Windows XP http support microsoft com kbid 308666 How to Move the TEMP and TMP Directories http www microsoft com technet prodtechnol exchange guides E2k3Perf_ScalGuide 9214e e97 18e4 4754 937b 850f0045545a mspx How to Change the Location of Temporary Internet Files http support microsoft com kbid 172949 How to Move Event Viewer Log Files to another Location in Windows 2000 and in Windows Server 2003 http support microsoft com kbid 315417 How to Disable the Eventlog Service http www microsoft com resources documentation windows xp all proddocs en us bootcons_disable mspx How to Move the Windows Default Paging File and Print Spooler to a Different Hard Disk ht
10. oves an entry within that value in order to start TCTEMP during Windows startup 1 8 Changed TCTEMP requires TrueCrypt 5 0 instead of TrueCrypt 4 3a Changed The TCTEMP volume is mounted as a standard volume and not as a system volume Removed The TCTEMP volume can no longer be used as a host for the paging file 1 7 Updated Documentation 1 6 Changed TCTEMP requires TrueCrypt 4 3a instead of TrueCrypt 4 3 1 5 Changed TCTEMP requires TrueCrypt 4 3 instead of TrueCrypt 4 2a Added Support for Windows Vista 1 4a Fixed Image file creation on Windows 2000 with TCTEMP 1 4 failed regularly with error code 21 1 4 Fixed Raw volume access is now done with more respect to the operating system TCTEMP USER S GUIDE VERSION 1 20 11 1 3a Improved Setup makes further parameter validity checks 1 3 Changed TCTEMP requires TrueCrypt 4 2 instead of TrueCrypt 4 1 New Prepared to support volumes with a sector size of 512 1024 2048 or 4096 bytes instead of supporting only a fixed sector size of 512 bytes New Support for the VIA CPU RNG on 32 bit Windows New A higher value for the iteration count of the volume key and password derivation function can be specified to increase the derivation complexity Changed Some merely static system information blocks are no longer added to the entropy pool The 500 msec loop which reads only the CPU timestamp counter has been removed it is more effic
11. to select menu item Uninstall TCTEMP TCTEMP USER S GUIDE VERSION 1 20 Version History 1 20 New Better support for dynamic TrueCrypt container files All unused sectors of a dynamic TrueCrypt container file are now freed before the file system is replicated Changed TCTEMP creates TrueCrypt 7 0 volumes Note that TrueCrypt 7 0 volumes are roughly identical to TrueCrypt 6 0 volumes thus the same default name 1 19 Changed TCTEMP requires TrueCrypt 7 0a 7 0 instead of TrueCrypt 6 3a 6 3 1 18 Changed TCTEMP requires TrueCrypt 6 3 6 3a instead of TrueCrypt 6 2 6 2a 1 17 Changed TCTEMP requires TrueCrypt 6 2 6 2a instead of TrueCrypt 6 1a 1 16 Changed TCTEMP requires TrueCrypt 6 1a instead of TrueCrypt 6 1 1 15 Changed TCTEMP requires TrueCrypt 6 1 instead of TrueCrypt 6 0 6 0a 1 14 Changed TCTEMP creates TrueCrypt 6 0 volumes 1 13 Changed TCTEMP requires TrueCrypt 6 0 6 0a instead of TrueCrypt 6 0 1 12 Changed TCTEMP requires TrueCrypt 6 0 instead of TrueCrypt 5 1 5 1a TCTEMP USER S GUIDE VERSION 1 20 10 1 11 Changed TCTEMP requires TrueCrypt 5 1 5 1a instead of TrueCrypt 5 1 1 10 Changed TCTEMP requires TrueCrypt 5 1 instead of TrueCrypt 5 0 5 0a Changed TCTEMP creates TrueCrypt 5 0 volumes 1 9 Changed TCTEMP requires TrueCrypt 5 0 5 0a instead of TrueCrypt 5 0 Changed The installer does not replace the corresponding registry value entirely but only adds rem
12. tp support microsoft com kbid 314105 Inside Native Applications http www microsoft com technet sysinternals information nativeapplications mspx M E Russinovich and D A Solomon Microsoft Windows Internals 4th Edition Microsoft Windows Server 2003 Windows XP and Windows 2000 Microsoft Press 2005 http en wikipedia org wiki Special Booksources 0735619174 G Nebbett Windows NT 2000 Native API Reference Macmillan Technical Publishing 2000 http en wikipedia org wiki Special Booksources 1578701996
Download Pdf Manuals
Related Search