Essential True Crypt Tips

I have been working with True-Crypt for several years now, and like the open source program a lot. That much, that I'm still using it and not Microsoft's Bitlocker which is an alternative in select Windows Vista and Windows 7 editions. Over the years, I discovered a few aspects of the software that made my life a lot easier, and this article is about them. Don't expect the eights world wonder in here, but if you use True Crypt regularly you will probably appreciate them. That is, if you do not know them already.

True Crypt Backup

One of the most important security precautions are backups, so that the encrypted volume can be restored in case of emergency. Backup in this regard does not mean a backup of the full volume, but the backup of the True-Crypt headers. The headers contain all the information about the volume. They can match the entered password for instance, which already indicates that they are the most important part of a True Crypt volume. If the headers get corrupted, and there is no backup to restore, the encrypted volume can never be accessed again.

To backup the volume header do the following. Open True Crypt and make sure the encrypted volume is currently not mounted. If it is dismount it. Now click on Tools > Backup Volume Header. This process requires administrative rights, and will ask for the volume password for security reasons.

You are then asked if the volume contains a hidden volume. A hidden volume basically is another volume inside the encrypted area. Make your selection. If you say yes you need to enter the password of the hidden volume as well. After that a file save prompt is displayed, to store the backed up header of the encrypted volume on a storage device. As the last step, move your mouse around to create random characters and select an algorithm if you like.

Volume headers can be restored by clicking on Tools > Restore Volume Headers. You need the backup header for that obviously and the passwords.

True Crypt in a corporate environment

As a system administrator, one of the biggest problems with True Crypt is the missing ability to reset a user's password. The security design of True Crypt makes that impossible. On the other hand, if the user forgets the password then the data on the encrypted volume is toast.

The proposed solution is the following. The True-Crypt admin creates the encrypted volume and selects a password for it. The volume headers are then backed up and the password is changed. Then the user is given the new password and asked to change it in the software.

Now, whenever the user forgets the password the admin can restore the original headers with the first password, to recover the volume and repeat the process to give the user access to it again.

Changing the True Crypt password

There may come a time when you want to change the password of a True Crypt volume. This can be a security precaution, or because the password was leaked or discovered. To change the password simply select a True Crypt volume first, and then Volumes > Change Volume Password in the True Crypt menu.

True Crypt in a network

There are basically two options to use True Crypt in a network. The first is that the True Crypt volume gets mounted and shared on one computer system of the network, the second that all connected computers that need access to it mount it individually. Both options have their advantages and disadvantages. It is furthermore recommended to make sure the connections use encryption, otherwise it would be possible to snoop on the traffic in the network. (see sharing over a network for details)

Are you using True Crypt? If so, have anything to add to the list? Let me know in the comments.

Advertisement