Is there a "Quick Start Guide" or some tutorial for beginners?

Yes. The first chapter, Beginner's Tutorial, in the TrueCrypt User Guide contains screenshots and step-by-step instructions on how to create, mount, and use a TrueCrypt volume.

Can TrueCrypt encrypt a partition/drive where Windows is installed?

Yes, see the chapter System Encryption in the TrueCrypt User Guide.

I forgot my password – is there any way to recover the files from my TrueCrypt volume?

TrueCrypt does not contain any mechanism or facility that would allow partial or complete recovery of your encrypted data without knowing the correct password or the key used to encrypt the data. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years depending on the length and quality of the password/keyfiles, on software/hardware efficiency, and other factors.

Can I directly play a video (.avi, .mpg, etc.) stored on a TrueCrypt volume?

Yes, TrueCrypt-encrypted volumes are like normal disks. You provide the correct password (and/or keyfile) and mount (open) the TrueCrypt volume. When you double click the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading next small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats.

The same goes for video recording: Before a chunk of a video file is written to a TrueCrypt volume, TrueCrypt encrypts it in RAM and then writes it to the disk. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files.

Will TrueCrypt be open-source and free forever?

Yes, it will. We will never create a commercial version of TrueCrypt, as we believe in open-source and free security software.

Is it possible to donate to the TrueCrypt project?

Yes. For more information, please visit http://www.truecrypt.org/donations/

Does TrueCrypt also encrypt file names and folder names?

Yes. The entire file system within a TrueCrypt volume is encrypted (including file names, folder names, and contents of every file). This applies to both types of TrueCrypt volumes – i.e., to file containers (virtual TrueCrypt disks) and to TrueCrypt-encrypted partitions/devices.

How can I use TrueCrypt on a USB flash drive?

You have two options:

1. Encrypt the entire USB flash drive. However, you will not be able run TrueCrypt from the USB flash drive.
   Note: Windows does not support multiple partitions on USB flash drives.
   
   
2. Create a TrueCrypt file container on the USB flash drive (for information on how to do so, see the chapter Beginner's Tutorial, in the TrueCrypt User Guide). If you leave enough space on the USB flash drive (choose an appropriate size for the TrueCrypt container), you will also be able to store TrueCrypt on the USB flash drive (along with the container – not in the container) and you will be able to run TrueCrypt from the USB flash drive (see also the chapter Traveler Mode in the TrueCrypt User Guide).

Does TrueCrypt use parallelization?

Yes. Increase in encryption/decryption speed is directly proportional to the number of cores/processors your computer has. For more information, please see the chapter Parallelization in the documentation.

Can data be read from and written to an encrypted volume/drive as fast as if the drive was not encrypted?

Yes, since TrueCrypt uses pipelining and parallelization. For more information, please see the chapters Pipelining and Parallelization in the documentation.

Is it possible to boot Windows installed in a hidden TrueCrypt volume?

Yes, it is (as of TrueCrypt 6.0). For more information, please see the section Hidden Operating System in the documentation.

Will I be able to mount my TrueCrypt volume (container) on any computer?

Yes, virtual TrueCrypt volumes (in contrast to TrueCrypt-encrypted physical system partitions/drives) are independent of the operating system. You will be able to mount your TrueCrypt volume on any computer on which you can run TrueCrypt (see also the question "Can I use TrueCrypt on Windows if I do not have administrator privileges?").

Can I unplug or turn off a hot-plug device (for example, a USB flash drive or USB hard drive) when there is a mounted TrueCrypt volume on it?

Before you unplug or turn off the device, you should always dismount the TrueCrypt volume in TrueCrypt first, and then perform the 'Eject' operation if available (right-click the device in the 'Computer' or 'My Computer' list), or use the 'Safely Remove Hardware' function (built in Windows, accessible via the taskbar notification area). Otherwise, data loss may occur.

What is a hidden operating system?

See the section Hidden Operating System in the documentation.

What is plausible deniability?

See the chapter Plausible Deniability in the documentation.

Will I be able to mount my TrueCrypt partition/container after I reinstall or upgrade the operating system?

Yes, TrueCrypt volumes are independent of the operating system. However, you need to make sure your operating system installer does not format the partition where your TrueCrypt volume resides.

Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive).

Can I upgrade from an older version of TrueCrypt to the latest version without any problems?

Generally, yes. However, before upgrading, please read the release notes for all versions of TrueCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the release notes.

Can I upgrade TrueCrypt if the system partition/drive is encrypted or do I have to decrypt it first?

Generally, you can upgrade to the latest version without decrypting the system partition/drive (just run the TrueCrypt installer and it will automatically upgrade TrueCrypt on the system). However, before upgrading, please read the release notes for all versions of TrueCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the release notes. Note: You cannot downgrade TrueCrypt if the system partition/drive is encrypted.

I use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use TrueCrypt?

Yes (as of TrueCrypt 6.1). To do so, boot the encrypted system, start TrueCrypt, select Settings > System Encryption, enable the option 'Do not show any texts in the pre-boot authentication screen' and click OK. Then, when you start the computer, no texts will be displayed by the TrueCrypt boot loader (not even when you enter the wrong password). The computer will appear to be "frozen" while you can type your password. It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the TrueCrypt boot loader.

I use pre-boot authentication. Can I configure the TrueCrypt Boot Loader to display only a fake error message?

Yes (as of TrueCrypt 6.1). To do so, boot the encrypted system, start TrueCrypt, select Settings > System Encryption, enable the option 'Do not show any texts in the pre-boot authentication screen' and enter the fake error message in the corresponding field (for example, the "Missing operating system" message, which is normally displayed by the Windows boot loader if it finds no Windows boot partition). It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the TrueCrypt boot loader.

How do I mount a hidden volume?

A hidden volume can be mounted the same way as a standard TrueCrypt volume: Click Select File or Select Device to select the outer/host volume (important: make sure the volume is not mounted). Then click Mount, and enter the password for the hidden volume. Whether the hidden or the outer volume will be mounted is determined by the entered password (i.e., when you enter the password for the outer volume, then the outer volume will be mounted; when you enter the password for the hidden volume, the hidden volume will be mounted).

Note: TrueCrypt first attempts to decrypt the standard volume header using the entered password. If it fails, it loads the area of the volume where a hidden volume header can be stored (i.e. the bytes 65536–131071, which contain solely random data when there is no hidden volume within the volume) to RAM and attempts to decrypt it using the entered password. Note that hidden volume headers cannot be identified, as they appear to consist entirely of random data. If the header is successfully decrypted (for information on how TrueCrypt determines that it was successfully decrypted, see the section Encryption Scheme in the documentation), the information about the size of the hidden volume is retrieved from the decrypted header (which is still stored in RAM), and the hidden volume is mounted (its size also determines its offset).

Further information may be found in the section Hidden Volume in the documentation.

Can I save data to the decoy system partition without risking damage to the hidden system partition?

Yes. You can write data to the decoy system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is not installed within the same partition as the hidden system). For more information, see the section Hidden Operating System in the documentation.

Can I use TrueCrypt on Windows if I do not have administrator privileges?

See the chapter 'Using TrueCrypt Without Administrator Privileges' in the documentation.

Does TrueCrypt save my password to a disk?

No.

Is some hash of my password stored somewhere?

No.

How does TrueCrypt verify that the correct password was entered?

See the section Encryption Scheme (chapter Technical Details) in the documentation.

What is the maximum possible size of a TrueCrypt volume?

The maximum possible size of a TrueCrypt volume is 8589934592 GB. However, due to security reasons, the maximum allowed volume size is 1 PB (1,048,576 GB), as the amount of data that is considered secure to be encrypted using a single key depends, among other factors, on the block size of the encryption algorithm. In addition, you need to take into account other limiting factors. For instance, file system constraints, limitations of the hardware connection standard and of the operating system, etc.

Can I encrypt a partition/drive without losing the data currently stored on it?

Yes, but the following conditions must be met:

• If you want to encrypt an entire system drive (which may contain multiple partitions) or a system partition (in other words, if you want to encrypt a drive or partition where Windows is installed), you can do so provided that you use TrueCrypt 5.0 or later and that you use Windows XP or a later version of Windows (such as Windows Vista) (select 'System' > 'Encrypt System Partition/Drive' and then follow the instructions in the wizard).
  
  
• If you want to encrypt a non-system partition in place, you can do so provided that it contains an NTFS filesystem, that you use TrueCrypt 6.1 or later, and that you use Windows Vista or a later version of Windows (for example, Windows 7) (click 'Create Volume' > 'Encrypt a non-system partition' > 'Standard volume' > 'Select Device' > 'Encrypt partition in place' and then follow the instructions in the wizard).
  
  

Can I run TrueCrypt if I don't install it?

Yes, see the chapter Traveler Mode in the TrueCrypt User Guide.

Why does Windows Vista (or a later version of Windows) ask me for permission to run TrueCrypt every time I run it in 'traveler' mode?

When you run TrueCrypt in traveler mode, TrueCrypt needs to load and start the TrueCrypt device driver. TrueCrypt needs a device driver to provide transparent on-the-fly encryption/decryption, and users without administrator privileges cannot start device drivers in Windows. Therefore, Windows Vista and later versions of Windows ask you for permission to run TrueCrypt with administrator privileges.

Note that if you install TrueCrypt on the system (as opposed to running TrueCrypt in traveler mode), you will not be asked for permission every time you run TrueCrypt.

Do I have to dismount TrueCrypt volumes before shutting down or restarting Windows?

No. TrueCrypt automatically dismounts all mounted TrueCrypt volumes on system shutdown/restart.

Which type of TrueCrypt volume is better – partition or file container?

File containers are normal files so you can work with them as with any normal files (file containers can be, for example, moved, renamed, and deleted the same way as normal files). Partitions/drives may be better as regards performance. Note that reading and writing to/from a file container may take significantly longer when the container is heavily fragmented. To solve this problem, defragment the file system in which the container is stored (when the TrueCrypt volume is dismounted).

What's the recommended way to backup a TrueCrypt volume?

See the chapter How to Back Up Securely in the documentation.

What will happen if I format a TrueCrypt partition?

See the question "Is it possible to change the file system of an encrypted volume?"

Is it possible to change the file system of an encrypted volume?

Yes, when mounted, TrueCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. TrueCrypt volumes behave as standard disk devices so you can right-click the device icon (for example in the 'Computer' or 'My Computer' list) and select 'Format'. The actual volume contents will be lost. However, the whole volume will remain encrypted. If you format a TrueCrypt-encrypted partition when the TrueCrypt volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).

Can I configure TrueCrypt to start, prompt me for password(s), and mount my volume(s) automatically whenever Windows starts?

Yes. To do so, follow these steps:

1. Mount the volume(s) and then select 'Volumes' -> 'Save Currently Mounted Volumes as Favorite'.
2. Select 'Settings' -> 'Preferences'. In the 'Preferences' window in the section 'Actions to perform upon log on to Windows', enable the option 'Mount favorite volumes'.
3. In the 'Preferences' window, click 'OK'.

Alternatively, if the volume(s) is/are partition/device-hosted and if you do not need to mount it/them to particular drive letter(s) every time, you may skip step 1 and in the 'Preferences' window in the section 'Actions to perform upon log on to Windows' enable the option 'Mount all devices-hosted TrueCrypt volumes' (instead of 'Mount favorite volumes').

Does TrueCrypt support hardware/software RAID and Windows dynamic volumes?

Yes. However, if you use Windows XP/2000/2003, please read the following notes on dynamic volumes (the notes do not apply to Windows Vista and later). If you intend to format a Windows dynamic volume as a TrueCrypt volume, keep in mind that after you create the Windows dynamic volume (using the Windows Disk Management tool), you must restart the operating system in order for the volume to be available/displayed in the 'Select Device' dialog window of the TrueCrypt Volume Creation Wizard. Also note that, in the 'Select Device' dialog window, a Windows dynamic volume is not displayed as a single device (item). Instead, all volumes that the Windows dynamic volume consists of are displayed and you can select any of them in order to format the entire Windows dynamic volume.

Is it possible to mount a TrueCrypt container that is stored on a CD or DVD?

Yes. However, if you need to mount a TrueCrypt volume that is stored on a read-only medium (such as a CD or DVD) under Windows 2000, the file system within the TrueCrypt volume must be FAT (Windows 2000 cannot mount an NTFS file system on read-only media).

Is it possible to change the password for a hidden volume?

Yes, the password change dialog works both for standard and hidden volumes. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' dialog.

Remark: TrueCrypt first attempts to decrypt the standard volume header and if it fails, it attempts to decrypt the area within the volume where the hidden volume header may be stored (if there is a hidden volume within). In case it is successful, the password change applies to the hidden volume. (Both attempts use the password typed in the 'Current Password' field.)

When I use HMAC-RIPEMD-160, is the size of the header encryption key only 160 bits?

No, TrueCrypt never uses an output of a hash function (nor of a HMAC algorithm) directly as an encryption key. See the section Header Key Derivation, Salt, and Iteration Count in the documentation for more information.

Can I change the header key derivation algorithm (for example, from HMAC-RIPEMD-160 to HMAC-SHA-512) without losing data stored on the volume?

Yes. To do so, select Volumes -> Set Header Key Derivation Algorithm.

How do I burn a TrueCrypt container larger than 2 GB onto a DVD?

The DVD burning software you use should allow you to select the format of the DVD. If it does, select the UDF format (ISO format does not support files larger than 2 GB).

The Windows file selector remembers the path of the last container I mount or the path of the last selected keyfile. Is there a way to prevent this?

Yes, there is. If you have not done so yet, upgrade to TrueCrypt 4.2a or later. Run TrueCrypt and make sure the option 'Never save history' in the main window is enabled. If you do not want to enable the option 'Never save history', you can avoid using the Windows file selector by dragging the icon of the container onto the 'TrueCrypt.exe' icon (TrueCrypt will be automatically launched then), or dragging it onto the TrueCrypt program window. Likewise, a keyfile can be selected by dragging its icon onto the Keyfiles window or onto the password entry window.

Can I use tools like chkdsk, Disk Defragmenter, etc. on the contents of a mounted TrueCrypt volume?

Yes, TrueCrypt volumes behave like real physical disk devices, so it is possible to use any filesystem checking/repairing/defragmenting tools on the contents of a mounted TrueCrypt volume.

Is it possible to use TrueCrypt without leaving any 'traces' on unencrypted Windows?

Yes. This can be achieved by running TrueCrypt in traveler mode under BartPE. BartPE stands for "Bart's Preinstalled Environment", which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are stored in RAM – hard drive is not used at all and does not even have to be present). The freeware Bart's PE Builder can transform a Windows XP installation CD into BartPE. As of TrueCrypt 3.1, you do not need any TrueCrypt plug-in for BartPE. Just boot BartPE, download the TrueCrypt self-extracting package to the RAM disk (which BartPE creates), run it, extract its content to the RAM disk, and then run the file 'TrueCrypt.exe' from the RAM disk.

Note: You may also want to consider creating a hidden operating system (for more information, see the section Hidden Operating System in the documentation).

Does TrueCrypt support Windows Vista?

Yes.

Note: Full support for Windows Vista was introduced in version 4.3. Therefore, we strongly recommend that you do not run TrueCrypt 4.2a or earlier versions under Windows Vista (those versions were not designed to run on Windows Vista).

Does TrueCrypt support Windows Vista x64 (64-bit) Edition?

Yes. Note: All .sys and .exe files of TrueCrypt are digitally signed with the digital certificate of the TrueCrypt Foundation, which was issued by the certification authority GlobalSign.

Does TrueCrypt run on Mac OS X?

Yes.

Does TrueCrypt run on Linux?

Yes.

Can I mount my TrueCrypt volume under Windows, Mac OS X, and Linux?

Yes, TrueCrypt volumes are fully cross-platform.

Is there a list of all operating systems that TrueCrypt supports?

Yes, see the chapter Supported Operating Systems in the TrueCrypt User Guide.

Is it possible to install an application to a TrueCrypt volume and run it from there?

Yes.

What will happen when a part of a TrueCrypt volume becomes corrupted?

In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by TrueCrypt is 16 bytes (i.e., 128 bits). The mode of operation used by TrueCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected. See also the question 'What do I do when the encrypted filesystem on my TrueCrypt volume is corrupted?

What do I do when the encrypted filesystem on my TrueCrypt volume is corrupted?

File system within a TrueCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the 'chkdsk' tool. TrueCrypt provides an easy way to use this tool on a TrueCrypt volume: Right-click the mounted volume in the main TrueCrypt window (in the drive list) and from the context menu select 'Repair Filesystem'.

We use TrueCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?

Yes. Note that there is no "back door" implemented in TrueCrypt. However, there is a way to "reset" volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header).

Similarly, you can reset a pre-boot authentication password. To create a backup of the master key data (that will be stored on a TrueCrypt Rescue Disk and encrypted with your administrator password), select 'System' > 'Create Rescue Disk'. To set a user pre-boot authentication password, select 'System' > 'Change Password'. To restore your administrator password, boot the TrueCrypt Rescue Disk, select 'Repair Options' > 'Restore key data' and enter your administrator password.
Note: It is not required to burn each TrueCrypt Rescue Disk ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section Command Line Usage (option /noisocheck).

It is possible to access a single TrueCrypt volume simultaneously from multiple operating systems (for example, a volume shared over a network)?

Please see the chapter 'Sharing over Network' in the TrueCrypt User Guide.

Can a user access his or her TrueCrypt volume via a network?

Please see the chapter 'Sharing over Network' in the TrueCrypt User Guide.

I encrypted a non-system partition, but its original drive letter is still visible in the 'My Computer' list. When I double click this drive letter, Windows asks if I want to format the drive. Is there a way to hide or free this drive letter?

Yes, to free the drive letter follow these steps:

1. Right-click the 'Computer' (or 'My Computer') icon on your desktop or in the Start Menu and select Manage. The 'Computer Management' window should appear.
2. From the list on the left, select 'Disk Management' (within the Storage sub-tree).
3. Right-click the encrypted partition and select Change Drive Letter and Paths.
4. Click Remove.
5. If Windows prompts you to confirm the action, click Yes.

How do I remove or undo encryption if I do not need it anymore? How do I permanently decrypt a volume?

Please see the chapter 'How to Remove Encryption' in the TrueCrypt User Guide.

What will change when I enable the option 'Mount volumes as removable media'?

You can enable this option, for example, to prevent Windows from automatically creating the 'Recycled' and/or the 'System Volume Information' folders on TrueCrypt volumes (in Windows, these folders are used by the Recycle Bin and System Restore facilities). However, there are some disadvantages. For example, when you enable this option under Windows Vista or earlier, the 'Computer' (or 'My Computer') list will not show free space on the volume (note that this is a Windows limitation, not a bug in TrueCrypt).

Is the online documentation available for download as a single file?

Yes, the documentation is contained in the file TrueCrypt User Guide.pdf that is included in all official TrueCrypt distribution packages. Note that you do not have to install TrueCrypt to obtain the PDF documentation. Just run the self-extracting installation package and then, on the second page of the TrueCrypt Setup wizard, select Extract (instead of Install). Also note that when you do install TrueCrypt, the PDF documentation is automatically copied to the folder to which TrueCrypt is installed, and is accessible via the TrueCrypt user interface (by pressing F1 or choosing Help > User's Guide).

Do I have to "wipe" free space and/or files on a TrueCrypt volume?

Remark: to "wipe" = to securely erase; to overwrite sensitive data in order to render them unrecoverable.

If you believe that an adversary will be able to decrypt the volume (for example that he will make you reveal the password), then the answer is yes. Otherwise, it is not necessary, because the volume is entirely encrypted.

Is it secure to create a new container by cloning an existing container?

You should always use the Volume Creation Wizard to create a new TrueCrypt volume. If you copy a container and then start using both this container and its clone in a way that both eventually contain different data, then you might aid cryptanalysis (both volumes would share a single key set). See also the chapter How to Back Up Securely in the documentation.

How does TrueCrypt know which encryption algorithm my TrueCrypt volume has been encrypted with?

Please see the section Encryption Scheme (chapter Technical Details) in the documentation.