TrueCrypt install

If virtual volume is ok for your need, and don't need system/non-system/hidden disk|device|partition|volume|OS (for plausible deniability) or full disk encryption (FDE), follow the Beginner's Tutorial

The only caution are

- which encryption algorithm to use. 100MB buffer, T410 ( i5 520M,250GB5400 rpm, Windows 7) and W500 (P8600,160GB 5400 rpm,Windows7) benchmarks are below.

There are some exotic ways to attacks full AES implementations.

- there are a lot of limition if you choose dynamic container (sparse file)

- after you move around your mouse for more than 30 seconds to generate the seed, the creation step's time left is not very accurate, it takes longer than it initially guess.

you probably want to set up to mount favorite volume at login after install, so it will prompt you automatically.

Key management


"We use TrueCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?

Yes. Note that there is no "back door" implemented in TrueCrypt. However, there is a way to "reset" volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header).

Similarly, you can reset a pre-boot authentication password. To create a backup of the master key data (that will be stored on a TrueCrypt Rescue Disk and encrypted with your administrator password), select 'System' > 'Create Rescue Disk'. To set a user pre-boot authentication password, select 'System' > 'Change Password'. To restore your administrator password, boot the TrueCrypt Rescue Disk, select 'Repair Options' > 'Restore key data' and enter your administrator password.
Note: It is not required to burn each TrueCrypt Rescue Disk ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section Command Line Usage (option /noisocheck)."


FDE (Full Disk Encryption) drives.

They are probably similar to Seagate Momentus FDEs

No software installation, no performance issue, all done in hard drive hardware and BIOS.