Essential True Crypt Tips

Martin Brinkmann
Sep 27, 2010
Updated • Nov 28, 2012
Encryption, Tutorials

I have been working with True-Crypt for several years now, and like the open source program a lot. That much, that I'm still using it and not Microsoft's Bitlocker which is an alternative in select Windows Vista and Windows 7 editions. Over the years, I discovered a few aspects of the software that made my life a lot easier, and this article is about them. Don't expect the eights world wonder in here, but if you use True Crypt regularly you will probably appreciate them. That is, if you do not know them already.

True Crypt Backup

One of the most important security precautions are backups, so that the encrypted volume can be restored in case of emergency. Backup in this regard does not mean a backup of the full volume, but the backup of the True-Crypt headers. The headers contain all the information about the volume. They can match the entered password for instance, which already indicates that they are the most important part of a True Crypt volume. If the headers get corrupted, and there is no backup to restore, the encrypted volume can never be accessed again.

To backup the volume header do the following. Open True Crypt and make sure the encrypted volume is currently not mounted. If it is dismount it. Now click on Tools > Backup Volume Header. This process requires administrative rights, and will ask for the volume password for security reasons.

true crypt backup header
true crypt backup header

You are then asked if the volume contains a hidden volume. A hidden volume basically is another volume inside the encrypted area. Make your selection. If you say yes you need to enter the password of the hidden volume as well. After that a file save prompt is displayed, to store the backed up header of the encrypted volume on a storage device. As the last step, move your mouse around to create random characters and select an algorithm if you like.

Volume headers can be restored by clicking on Tools > Restore Volume Headers. You need the backup header for that obviously and the passwords.

True Crypt in a corporate environment

As a system administrator, one of the biggest problems with True Crypt is the missing ability to reset a user's password. The security design of True Crypt makes that impossible. On the other hand, if the user forgets the password then the data on the encrypted volume is toast.

The proposed solution is the following. The True-Crypt admin creates the encrypted volume and selects a password for it. The volume headers are then backed up and the password is changed. Then the user is given the new password and asked to change it in the software.

Now, whenever the user forgets the password the admin can restore the original headers with the first password, to recover the volume and repeat the process to give the user access to it again.

Changing the True Crypt password

There may come a time when you want to change the password of a True Crypt volume. This can be a security precaution, or because the password was leaked or discovered. To change the password simply select a True Crypt volume first, and then Volumes > Change Volume Password in the True Crypt menu.

True Crypt in a network

There are basically two options to use True Crypt in a network. The first is that the True Crypt volume gets mounted and shared on one computer system of the network, the second that all connected computers that need access to it mount it individually. Both options have their advantages and disadvantages. It is furthermore recommended to make sure the connections use encryption, otherwise it would be possible to snoop on the traffic in the network. (see sharing over a network for details)

Are you using True Crypt? If so, have anything to add to the list? Let me know in the comments.


Previous Post: «
Next Post: «


  1. John Mack said on September 28, 2010 at 2:31 am

    One of the drawbacks of Truecrypt with the increasing popularity of Netbooks is the requirement of making a copy of the MBR on a CD since Netbooks generally don’t have an optical drive.

    DiskCryptor, which is freeware, is a nice alternative to Truecrypt if you need to encrypt a Netbook since DiskCryptor doesn’t require creating a CD backup.

    1. Dave said on October 1, 2010 at 9:39 pm

      There is a way to bypass the rescue disk setup using Truecrypt command line.

      1. Shep said on March 7, 2011 at 3:10 pm

        For setup to not require a cd, run the following from the command line:

        “C:\Program Files\TrueCrypt\TrueCrypt Format.exe” /n

  2. CryptKeeper said on September 27, 2010 at 5:09 pm

    Thanks! Just in time. I just started to use TrueCrypt and luckily stumbled on this during my daily reads.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.