| Main Program Window > Program Menu | External Link |
Note: To save space, only the menu items that are not self-explanatory are described in this documentation.
See the section Auto-Mount Devices in the chapter Main Program Window.
This function is useful if you often work with more than one TrueCrypt volume at a time and you need each of them to be always mounted to a particular drive letter.
A list of all currently mounted volumes (and the drive letters they are mounted as) is saved to a file called Favorite Volumes.xml in the folder %APPDATA%\TrueCrypt\. In portable mode, the file is saved to the folder from which you run the file TrueCrypt.exe (in which TrueCrypt.exe resides).
Note that when you use this function, all dismounted volumes that were previously saved as "Favorite" will be deleted from the list of favorite volumes.
To mount volumes saved as "Favorite", select Volumes > Mount Favorite Volumes.
To delete the list of favorite volumes, dismount all TrueCrypt volumes, and select Volumes > Save Currently Mounted Volumes as Favorites.
See also: Volumes -> Save Currently Mounted Volumes as System Favorites
This function mounts volumes you previously saved as "Favorite". For more information, see the section Volumes > Save Currently Mounted Volumes as Favorites above.
System favorites are useful, for example, in the following cases:
Note that, unlike the regular (non-system) favorites, system favorite volumes use the pre-boot authentication password and, therefore, require your system partition/drive to be encrypted (also note it is not required to enable caching of the pre-boot authentication password).
System favorite volumes can be configured to be available within TrueCrypt only to users with administrator privileges (select Settings > 'System Favorite Volumes' > 'Allow only administrators to view and dismount system favorite volumes in TrueCrypt'). This option should be enabled on servers to ensure that system favorite volumes cannot be dismounted by users without administrator privileges. On non-server systems, this option can be used to prevent system favorite volumes from interfering with normal TrueCrypt functions like, e.g., 'Dismount All'. If TrueCrypt is run without administrator privileges (the default on Windows Vista and later), system favorite volumes will not be available in the TrueCrypt application window.
When you select this menu item (Save Currently Mounted Volumes as System Favorites), a list of all currently mounted volumes (and the drive letters they are mounted as) is saved to a file called System Favorite Volumes.xml in the folder %ALLUSERSPROFILE%\TrueCrypt\.
Note that when you use this function, all dismounted volumes that were previously saved as system favorite will be deleted from the list.
To delete the list of system favorite volumes, dismount all TrueCrypt volumes, and select Volumes -> Save Currently Mounted Volumes as System Favorites.
This function allows you to re-encrypt a volume header with a header key derived using a different PRF function (for example, instead of HMAC-RIPEMD-160 you could use HMAC-SHA-512). Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will not be lost after you use this function. For more information, see the section Header Key Derivation, Salt, and Iteration Count.
Note: When TrueCrypt re-encrypts a volume header, the original volume header is first overwritten 256 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunneling microscopy [17] to recover the overwritten header (however, see also the chapter Security Requirements and Precautions).
Allows changing the password of the currently selected TrueCrypt volume (no matter whether the volume is hidden or standard). Only the header key and the secondary header key (XTS mode) are changed – the master key remains unchanged. This function re-encrypts the volume header using a header encryption key derived from a new password. Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will not be lost after you use this function (password change will only take a few seconds).
To change a TrueCrypt volume password, click on Select File or Select Device, then select the volume, and from the Volumes menu select Change Volume Password.
Note: For information on how to change a password used for pre-boot authentication, please see the section System > Change Password.
PKCS-5 PRF
In this field you can select the algorithm that will be used in deriving new volume header keys (for more information, see the section Header Key Derivation, Salt, and Iteration Count) and in generating the new salt (for more information, see the section Random Number Generator).
Note: When TrueCrypt re-encrypts a volume header, the original volume header is first overwritten 256 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunneling microscopy [17] to recover the overwritten header (however, see also the chapter Security Requirements and Precautions).
See also the chapter Security Requirements and Precautions.
Changes the password used for pre-boot authentication (see the chapter System Encryption).
WARNING: Your TrueCrypt Rescue Disk allows you to restore key data if it is damaged. By doing so, you also restore the password that was valid when the TrueCrypt Rescue Disk was created. Therefore, whenever you change the password, you should destroy your TrueCrypt Rescue Disk and create a new one (select System > Create Rescue Disk). Otherwise, an attacker could decrypt your system partition/drive using the old password (if he finds the old TrueCrypt Rescue Disk and uses it to restore the key data). See also the chapter Security Requirements and Precautions.
For more information on changing a password, please see the section Volumes > Change Volume Password above.
Check this option, if you need to mount a partition that is within the key scope of system encryption without pre-boot authentication. For example, if you need to mount a partition located on the encrypted system drive of another operating system that is not running. This can be useful e.g. when you need to back up or repair an operating system encrypted by TrueCrypt (from within another operating system).
Note: If you need to mount multiple partitions at once, click 'Auto-Mount Devices', then click 'Mount Options' and enable the option 'Mount partition using system encryption without pre-boot authentication'.
Please note you cannot use this function to mount extended (logical) partitions that are located on an entirely encrypted system drive.
Clears the list containing the file names (if file-hosted) and paths of the last twenty successfully mounted volumes.
See the chapter Portable Mode.
See the section Keyfiles > Generate Random Keyfile in the chapter Keyfiles.
If the header of a TrueCrypt volume is damaged, the volume is, in most cases, impossible to mount. Therefore, each volume created by TrueCrypt 6.0 or later contains an embedded backup header, located at the end of the volume. For extra safety, you can also create external volume header backup files. To do so, click Select Device or Select File, select the volume, select Tools > Backup Volume Header, and then follow the instructions.
Note: A backup header (embedded or external) is not a copy of the original volume header because it is encrypted with a different header key derived using a different salt (see the section Header Key Derivation, Salt, and Iteration Count). When the volume password and/or keyfiles are changed, or when the header is restored from the embedded (or an external) header backup, both the volume header and the backup header (embedded in the volume) are re-encrypted with header keys derived using newly generated salts (the salt for the volume header is different from the salt for the backup header). Each salt is generated by the TrueCrypt random number generator (see the section Random Number Generator).
Both types of header backups (embedded and external) can be used to repair a damaged volume header. To do so, click Select Device or Select File, select the volume, select Tools > Restore Volume Header, and then follow the instructions.
WARNING: Restoring a volume header also restores the volume password that was valid when the backup was created. Moreover, if keyfile(s) are/is necessary to mount a volume when the backup is created, the same keyfile(s) will be necessary to mount the volume again after the volume header is restored. For more information, see the section Encryption Scheme.
After you create a volume header backup, you might need to create a new one only when you change the volume password and/or keyfiles. Otherwise, the volume header remains unmodified so the volume header backup remains up-to-date.
Note: Apart from salt (which is a sequence of random numbers), external header backup files do not contain any unencrypted information and they cannot be decrypted without knowing the correct password and/or supplying the correct keyfile(s). For more information, see the chapter Technical Details.
When you create an external header backup, both the standard volume header and the area where a hidden volume header can be stored is backed up, even if there is no hidden volume within the volume (to preserve plausible deniability of hidden volumes). If there is no hidden volume within the volume, the area reserved for the hidden volume header in the backup file will be filled with random data (to preserve plausible deniability).
When restoring a volume header, you need to choose the type of volume whose header you wish to restore (a standard or hidden volume). Only one volume header can be restored at a time. To restore both headers, you need to use the function twice (Tools > Restore Volume Header). You will need to enter the correct password (and/or to supply the correct keyfiles) that was/were valid when the volume header backup was created. The password (and/or keyfiles) will also automatically determine the type of the volume header to restore, i.e. standard or hidden (note that TrueCrypt determines the type through the process of trial and error).
Note: If the user fails to supply the correct password (and/or keyfiles) twice in a row when trying to mount a volume, TrueCrypt will automatically try to mount the volume using the embedded backup header (in addition to trying to mount it using the primary header) each subsequent time that the user attempts to mount the volume (until he or she clicks Cancel). If TrueCrypt fails to decrypt the primary header but it successfully decrypts the embedded backup header at the same time, the volume is mounted and the user is warned that the volume header is damaged (and informed as to how to repair it).
Note that these features can be used in a corporate environment to reset volume passwords in case a user forgets it (or when he/she loses his/her keyfile). After you create a volume, backup its header (select Tools > Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes > Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header backup (Tools > Restore Volume Header).
Invokes the Preferences dialog window, where you can change, among others, the following options:
Wipe cached passwords on exit
If enabled, passwords (which may also contain processed keyfile contents) cached in driver memory will be cleared when TrueCrypt exits.
Cache passwords in driver memory
When checked, passwords and/or processed keyfile contents for up to last four successfully mounted TrueCrypt volumes are cached. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. TrueCrypt never saves any password to a disk (however, see the chapter Security Requirements and Precautions). Password caching can be enabled/disabled in the Preferences (Settings > Preferences) and in the password prompt window. If the system partition/drive is encrypted, caching of the pre-boot authentication password can be enabled or disabled in the system encryption settings (Settings > 'System Encryption').
Open Explorer window for successfully mounted volume
If this option is checked, then after a TrueCrypt volume has been successfully mounted, an Explorer window showing the root directory of the volume (e.g., T:\) will be automatically opened.
Close all Explorer windows of volume being dismounted
Sometimes, dismounting a TrueCrypt volume is not possible because some files or folders located on the volume are in use or "locked". This also applies to Explorer windows displaying directories located on TrueCrypt volumes. When this option is checked, all such windows will be automatically closed before dismounting, so that the user does not have to close them manually.
TrueCrypt Background Task – Enabled
See the chapter TrueCrypt Background Task.
TrueCrypt Background Task – Exit when there are no mounted volumes
If this option is checked, the TrueCrypt background task automatically and silently exits as soon as there are no mounted TrueCrypt volumes. For more information, see the chapter TrueCrypt Background Task. Note that this option cannot be disabled when TrueCrypt runs in portable mode.
Auto-dismount volume after no data has been read/written to it for
After no data has been written/read to/from a TrueCrypt volume for n minutes, the volume is automatically dismounted.
Force auto-dismount even if volume contains open files or directories
This option applies only to auto-dismount (not to regular dismount). It forces dismount (without prompting) on the volume being auto-dismounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).
| Advertisements/Sponsored Links: |
| Copyright © 2003-2009 TrueCrypt Foundation. All rights reserved. | www.truecrypt.org |