The header key derivation function is based on HMAC-SHA-512, HMAC-RIPEMD-160, or HMAC-Whirlpool, depending on the users selection.
The salt consists of random values generated by the TrueCrypt random number generator during the volume creation process. This significantly decreases vulnerability to 'off-line' dictionary attacks. The method that TrueCrypt uses to generate the header key and the secondary header key (XTS mode) is PBKDF2 and a 512-bit salt is used. The header key is used to encrypt and decrypt the encrypted area of the TrueCrypt volume header, which contains the master key and other data. The header of the host/outer volume is located at the beginning of the volume.
If a TrueCrypt volume hosts a hidden volume (within its free space), the header of the hidden volume is located at the byte #1536 (offset) from the end of the host volume. The maximum possible TrueCrypt volume size is 2^63 bytes (8,589,934,592 GB) but due to security reasons the maximum allowed volume size is 1 PB (1,048,576 GB). The temporary keys are stored in RAM and are securely erased after formatting finishes. The resulting ciphertext blocks are used to fill (overwrite) the free space on the volume. The encryption algorithm is then used to encrypt plaintext blocks generated by the random number generator. The encryption algorithm that the user selected is initialised with the temporary keys. Right before TrueCrypt volume formatting a temporary encryption key and a temporary secondary key (XTS mode) are generated by the random number generator. Free space of each TrueCrypt volume is filled with random data when the volume is created (if the options Quick Format and Dynamic are disabled). Until decrypted, they appear to consist of random data. TrueCrypt volumes have no "signature" or ID strings. The "volume header" for a system partition/drive is stored in the first logical drive cylinder. The format of file-hosted volumes is identical to the format of partition/device-hosted volumes.
Since TrueCrypt 5.0 (February 5, 2008) the XTS mode is used. In version 4.1 (November 25, 2005) it as replaced by the LRW mode. Until version 4.0 TrueCrypt used the CBC mode of operation. TrueCrypt offers the choice between three encryption algorithms:Īdditionally there are the following cascadings available:Įach of the cascade ciphers uses its own independent key. The Rescue Disc is created during the process of system encryption and is used for repairing purposes. The pre-boot authentication is managed by the TrueCrypt Boot Loader, that resides on the first cylinder of the bootdrive and on the TrueCrypt Rescue Disc.
This feature includes a ao called pre-boot authentication: everyone who wants to access and use the system, has to enter the correct password each time before Windows boots.
Linux and Mac OS X are not supported, yet.Īll data, including all temporary files created by Windows and applications, hibernation files, swap files, etc. Since Version 5.0 TrueCrypt can encrypt Windows boot partitions. Data can be stored or read likewise a normal partition or USB drive, until it is dismounted. When a TrueCrypt volume is mounted, you can access it like a normal drive.
The user has not to interfere.įor this reason TrueCrypt has to install a device driver on the system. TrueCrypt decrypts and encrypts data automatically directly before respectively after it is stored to or loaded from disk. TrueCrypt file containers can have any file extension (.raw. It is impossible to identify a TrueCrypt volume as such - until decrypted a TrueCrypt volume seems to consist of nothing more than random data. Hidden volumes - even if the outer volume is mounted, it is not possible to detect if there is a hidden volume or not. TrueCrypt provides two types of plausible deniability: If this data is stored on a hidden volume, you can reveal the password of the outer volume, where some dummy files should be stored on. In that case the attacker would be able to access all you data. Hidden volumes are useful if you are forced to reveal your password and can't deny this. Therefor you need a password.Īdditionally there are hidden volumes, which are mounted by using another password. Volumes are crossplatform and have to be mounted. TrueCrypt uses so called volumes, from which there are two types:įile containers are normal files, which you can move, rename, delete, etc.