Known Issues & Limitations

Last Updated July 2, 2008

Known Issues

• Affects: System encryption, Windows systems with enabled paging files
  
  For security reasons, all versions of TrueCrypt that support system encryption (5.0 and later) erase the master key (stored in RAM) with which the system partition or system drive is encrypted (as well as any other encryption keys and cached passwords for non-system volumes that are stored in RAM) whenever the computer is cleanly restarted or cleanly shut down. Before a key can be erased from RAM, the corresponding TrueCrypt volume must be dismounted. For non-system volumes, this does not cause any problems. However, as Microsoft currently does not provide any API for handling system shutdown, paging files located on encrypted system volumes that are dismounted during the system shutdown sequence (even though they are dismounted at the latest possible time during the shutdown sequence) may, in rare cases, still contain valid swapped-out memory pages (including portions of Windows system files). This may cause a blue screen error at the very end of the shutdown sequence. Note that files stored on the system drive are safely flushed to disk at that point in the shutdown sequence, so the integrity of the files is not affected by the system crash. Also note that instead of displaying a blue screen error, your system may be configured to restart (when the 'Automatically restart' option is enabled in the Windows settings pertaining to system failures, which it typically is, by default).
  
  Remark: Due to the above-mentioned nonexistence of a public API for handling system shutdown, and due to other similar issues, we plan to file a complaint with Microsoft (and if rejected, with the European Commission) about this issue.
  
  [Update 2008-04-02: Although we have not filed any complaint with Microsoft yet, we were contacted (on March 27) by Scott Field, a lead Architect in the Windows Client Operating System Division at Microsoft, who stated that he would like to investigate our requirements and look at possible solutions. We responded on March 31 providing details of the issues and suggested solutions.]
  
  Possible workarounds:
  
  
  • Disable the paging file feature (for information on how to do so, please see the section Paging File).
    
    
  • Configure your Windows to clear the paging files every time the system shuts down. For more information, see http://support.microsoft.com/kb/314834. Note that this may slow down the system shutdown.
    
    
  • Hibernate the computer (instead of shutting it down).
    
    

---

Limitations

• On Windows XP/2003, TrueCrypt does not support encrypting an entire system drive that contains extended (logical) partitions. You can encrypt an entire system drive provided that it contains only primary partitions. Extended (logical) partitions must not be created on any system drive that is partially or fully encrypted (only primary partitions may be created on it). Note: If you need to encrypt an entire drive containing extended partitions, you can encrypt the system partition and, in addition, create partition-hosted TrueCrypt volumes within any non-system partitions on the drive. Alternatively, you may want to consider upgrading to Windows Vista or a later version of Windows.
  
  
• TrueCrypt currently does not support encrypting a system drive that has been converted to a dynamic disk.
  
  
• TrueCrypt volume passwords must consist only of printable ASCII characters. Non-ASCII characters in passwords are not supported and may cause various problems (e.g., inability to mount a volume).
  
  
• Due to a Windows 2000 issue, TrueCrypt does not support the Windows Mount Manager under Windows 2000. Therefore, some Windows 2000 built-in tools, such as Disk Defragmenter, do not work on TrueCrypt volumes. Furthermore, it is not possible to use the Mount Manager services under Windows 2000, e.g., assign a mount point to a TrueCrypt volume (i.e., attach a TrueCrypt volume to a folder).
  
  
• The Windows Volume Shadow Copy Service is currently supported only for partitions within the key scope of system encryption (for example, a system partition encrypted by TrueCrypt or a non-system partition located on a system drive encrypted by TrueCrypt).
  
  
• TrueCrypt-encrypted floppy disks: When a floppy disk is ejected and another one is inserted, data read/written from/to the disk will be corrupted. Note that this affects only raw floppy disk volumes (not file-hosted TrueCrypt containers stored on floppy disks).