Introduction

Beginner's Tutorial

System Encryption

 Supported Systems

 Hidden Operating System

 Rescue Disk

Plausible Deniability

 Hidden Volume

  Protection of Hidden Vol.

  Security Requirements

 Hidden Operating System

Parallelization

Pipelining

Hardware Acceleration

Encryption Algorithms

 AES

 Serpent

 Twofish

 Cascades

Hash Algorithms

 RIPEMD-160

 SHA-512

 Whirlpool

Technical Details

 Notation

 Encryption Scheme

 Modes of Operation

 Header Key Derivation

 Random Number Gen.

 Keyfiles

 Volume Format Spec.

 Standards Compliance

 Source Code

TrueCrypt Volume

 Creating New Volumes

 Favorite Volumes

 System Favorite Volumes

Main Program Window

 Program Menu

 Mounting Volumes

Supported Systems

Portable Mode

Keyfiles

Tokens & Smart Cards

Language Packs

Hot Keys

Security Model

Security Requirements

 Data Leaks

  Paging File

  Hibernation File

  Memory Dump Files

 Unencrypted Data in RAM

 Physical Security

 Malware

 Multi-User Environment

 Authenticity and Integrity

 New Passwords & Keyfiles

 Password/Keyfile Change

 Trim Operation

 Wear-Leveling

 Reallocated Sectors

 Defragmenting

 Journaling File Systems

 Volume Clones

 Additional Requirements

Command Line Usage

Backing Up Securely

Miscellaneous

 Use Without Admin Rights

 Sharing over Network

 Background Task

 Removable Medium Vol.

 TrueCrypt System Files

 Removing Encryption

 Uninstalling TrueCrypt

 Digital Signatures

Troubleshooting

Incompatibilities

Issues and Limitations

License

Future Development

Acknowledgements

Version History

References

   

Known Issues & Limitations Search

Disclaimers





Please consider making a donation.

   Donate Now >> Donate   


Known Issues & Limitations

Last Updated February 7, 2012

Known Issues


(There are currently no confirmed issues.)



Limitations

  • [Note: This limitation does not apply to users of Windows Vista and later versions of Windows.] On Windows XP/2003, TrueCrypt does not support encrypting an entire system drive that contains extended (logical) partitions. You can encrypt an entire system drive provided that it contains only primary partitions. Extended (logical) partitions must not be created on any system drive that is partially or fully encrypted (only primary partitions may be created on it). Note: If you need to encrypt an entire drive containing extended partitions, you can encrypt the system partition and, in addition, create partition-hosted TrueCrypt volumes within any non-system partitions on the drive. Alternatively, you may want to consider upgrading to Windows Vista or a later version of Windows.

  • TrueCrypt currently does not support encrypting a system drive that has been converted to a dynamic disk.

  • TrueCrypt volume passwords must consist only of printable ASCII characters. Other characters in passwords are not supported and may cause various problems (e.g., inability to mount a volume).

  • To work around a Windows XP issue, the TrueCrypt boot loader is always automatically configured for the version of the operating system under which it is installed. When the version of the system changes (for example, the TrueCrypt boot loader is installed when Windows Vista is running but it is later used to boot Windows XP) you may encounter various known and unknown issues (for example, on some notebooks, Windows XP may fail to display the log-on screen). Note that this affects multi-boot configurations, TrueCrypt Rescue Disks, and decoy/hidden operating systems (therefore, if the hidden system is e.g. Windows XP, the decoy system should be Windows XP too).

  • The ability to mount a partition that is within the key scope of system encryption without pre-boot authentication (for example, a partition located on the encrypted system drive of another operating system that is not running), which can be done e.g. by selecting System > Mount Without Pre-Boot Authentication, is limited to primary partitions (extended/logical partitions cannot be mounted this way).

  • Due to a Windows 2000 issue, TrueCrypt does not support the Windows Mount Manager under Windows 2000. Therefore, some Windows 2000 built-in tools, such as Disk Defragmenter, do not work on TrueCrypt volumes. Furthermore, it is not possible to use the Mount Manager services under Windows 2000, e.g., assign a mount point to a TrueCrypt volume (i.e., attach a TrueCrypt volume to a folder).

  • TrueCrypt does not support pre-boot authentication for operating systems installed within VHD files, except when booted using appropriate virtual-machine software such as Microsoft Virtual PC.

  • The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of active system encryption (e.g. a system partition encrypted by TrueCrypt, or a non-system partition located on a system drive encrypted by TrueCrypt, mounted when the encrypted operating system is running). Note: For other types of volumes, the Volume Shadow Copy Service is not supported because the documentation for the necessary API is not available.

  • Windows boot settings cannot be changed from within a hidden operating system if the system does not boot from the partition on which it is installed. This is due to the fact that, for security reasons, the boot partition is mounted as read-only when the hidden system is running. To be able to change the boot settings, please start the decoy operating system.

  • Encrypted partitions cannot be resized except partitions on an entirely encrypted system drive that are resized while the encrypted operating system is running.

  • When the system partition/drive is encrypted, the system cannot be upgraded (for example, from Windows XP to Windows Vista) or repaired from within the pre-boot environment (using a Windows setup CD/DVD or the Windows pre-boot component). In such cases, the system partition/drive must be decrypted first. Note: A running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.

  • System encryption is supported only on drives that are connected locally via an ATA/SCSI interface (note that the term ATA also refers to SATA and eSATA).

  • When system encryption is used (this also applies to hidden operating systems), TrueCrypt does not support multi-boot configuration changes (for example, changes to the number of operating systems and their locations). Specifically, the configuration must remain the same as it was when the TrueCrypt Volume Creation Wizard started to prepare the process of encryption of the system partition/drive (or creation of a hidden operating system).

    Note: The only exception is the multi-boot configuration where a running TrueCrypt-encrypted operating system is always located on drive #0, and it is the only operating system located on the drive (or there is one TrueCrypt-encrypted decoy and one TrueCrypt-encrypted hidden operating system and no other operating system on the drive), and the drive is connected or disconnected before the computer is turned on (for example, using the power switch on an external eSATA drive enclosure). There may be any additional operating systems (encrypted or unencrypted) installed on other drives connected to the computer (when drive #0 is disconnected, drive #1 becomes drive #0, etc.)

  • When the notebook battery power is low, Windows may omit sending the appropriate messages to running applications when the computer is entering power saving mode. Therefore, TrueCrypt may fail to auto-dismount volumes in such cases.

  • Due to a Windows limitation, a container stored in a remote filesystem shared over a network cannot be mounted as a system favorite volume (however, it can be mounted as a regular, non-system, favorite volume when a user logs on).

  • Preserving of any timestamp of any file (e.g. a container or keyfile) is not guaranteed to be reliably and securely performed (for example, due to filesystem journals, timestamps of file attributes, or the operating system failing to perform it for various documented and undocumented reasons). Note: When you write to a file-hosted hidden volume, the timestamp of the container may change (and there is no corresponding change within the outer filesystem). This can be plausibly explained as having been caused by changing the (outer) volume password. Also note that TrueCrypt never preserves timestamps of system favorite volumes (regardless of the settings).

  • Special software (e.g., a low-level disk editor) that writes data to a disk drive in a way that circumvents drivers in the driver stack of the class 'DiskDrive' (GUID of the class is 4D36E967-E325-11CE-BFC1-08002BE10318) can write unencrypted data to a non-system drive hosting a mounted TrueCrypt volume ('Partition0') and to encrypted partitions/drives that are within the key scope of active system encryption (TrueCrypt does not encrypt such data written that way). Similarly, software that writes data to a disk drive circumventing drivers in the driver stack of the class 'Storage Volume' (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F) can write unencrypted data to TrueCrypt partition-hosted volumes (even if they are mounted).

  • For security reasons, when a hidden operating system is running, TrueCrypt ensures that all local unencrypted filesystems and non-hidden TrueCrypt volumes are read-only. However, this does not apply to filesystems on CD/DVD-like media and on custom, atypical, or non-standard devices/media (for example, any devices/media whose class is other than the Windows device class 'Storage Volume' or that do not meet the requirements of this class (GUID of the class is 71A27CDD-812A-11D0-BEC7-08002BE2092F)).

  • Device-hosted TrueCrypt volumes located on floppy disks are not supported. Note: You can still create file-hosted TrueCrypt volumes on floppy disks.

  • Further limitations are listed in the section Security Model.





  See also: Incompatibilities,  Troubleshooting


Legal Notices www.truecrypt.org

 Ads by Google