TrueCrypt

TrueCrypt is a computer software program whose primary purposes are to:

• Secure data by encrypting it before it is written to a disk.
• Decrypt encrypted data after it is read from the disk.

TrueCrypt does not:

• Encrypt or secure any portion of RAM (the main memory of a computer).
• Secure any data on a computer * if an attacker has administrator privileges † under an operating system installed on the computer.
• Secure any data on a computer if the computer contains any malware (e.g. a virus, Trojan horse, spyware) or any other piece of software (including TrueCrypt or an operating system component) that has been altered, created, or can be controlled by an attacker.
• Secure any data on a computer if an attacker has physical access to the computer before or while TrueCrypt is running.
• Secure any data on a computer if an attacker has physical access to the computer between the time when TrueCrypt is shut down and the time when all volatile memory contents (including those in peripheral devices) have been permanently erased.
• Secure any data on a computer if an attacker can remotely intercept emanations from the computer hardware (e.g. the monitor or cables) while TrueCrypt is running or otherwise remotely monitor the hardware.
• Secure any data stored in a TrueCrypt volume ‡ if an attacker without administrator privileges can access the contents of the mounted volume (e.g. if file/folder/volume permissions do not prevent such access).
• Preserve/verify the integrity or authenticity of encrypted or decrypted data.
• Prevent traffic analysis when encrypted data is transmitted over a network.
• Prevent an attacker from determining in which sectors of the volume the content changed (and when and how many times) if they can observe the volume before and after data is written, or if the storage medium permits such observation.
• Encrypt any existing unencrypted data in place (or re-encrypt or erase data) on devices or filesystems that use wear-leveling or relocate data internally.
• Ensure that users choose cryptographically strong passwords or keyfiles.
• Secure any computer hardware component or an entire computer.
• Secure any data on a computer where the security requirements or precautions listed in the chapter Security Requirements and Precautions are not followed.
• Do anything listed in the chapter Known Issues & Limitations.

Under Windows, a user without administrator privileges can (assuming the default TrueCrypt and operating system configurations):

• Mount any file-hosted TrueCrypt volume provided that the file permissions of the container allow it.
• Mount any partition/device-hosted TrueCrypt volume.
• Complete the pre-boot authentication process and gain access to data on an encrypted system partition/drive (and start the encrypted operating system).
• Skip the pre-boot authentication process (this can be prevented by disabling the option Settings > ‘System Encryption’ > ‘Allow pre-boot authentication to be bypassed by pressing the Esc key’; note that this option can only be enabled or disabled by an administrator).
• Dismount (using TrueCrypt) any TrueCrypt volume mounted by them. However, this does not apply to ‘system favorite volumes’ which can be dismounted regardless of who mounted them (this can be prevented by enabling the option Settings > ‘System Favorite Volumes’ > ‘Allow only administrators to view and dismount system favorite volumes in TrueCrypt’).
• Create a file-hosted TrueCrypt volume containing a FAT or no file system (provided that the relevant folder permissions allow it).
• Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted TrueCrypt volume (provided that the file permissions allow it).
• Access the filesystem residing within a TrueCrypt volume mounted by another user (if permissions permit).
• Use passwords (and processed keyfiles) stored in the password cache (note that caching can be disabled; for more information see the section Settings -> Preferences, subsection Cache passwords in driver memory).
• View the basic properties (e.g., the size of the encrypted area, encryption and hash algorithms used, etc.) of the encrypted system partition/drive when the encrypted system is running.
• Run and use the TrueCrypt application (including the TrueCrypt Volume Creation Wizard) provided that the TrueCrypt device driver is running and file permissions allow it.

Under Linux, a user without administrator privileges can (assuming the default TrueCrypt and operating system configurations):

• Create a file-hosted or partition/device-hosted TrueCrypt volume containing a FAT or no file system provided that the relevant folder/device permissions allow it.
• Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted TrueCrypt volume (provided permissions allow it).
• Access the filesystem residing within a TrueCrypt volume mounted by another user (if permissions allow).
• Run and use the TrueCrypt application (including the TrueCrypt Volume Creation Wizard) provided that file permissions allow it.
• In the TrueCrypt application window, view the path to and properties of any TrueCrypt volume mounted by them.

Under Mac OS X, a user without administrator privileges can (assuming the default TrueCrypt and operating system configurations):

• Mount any file-hosted or partition/device-hosted TrueCrypt volume provided that the file/device permissions allow it.
• Dismount (using TrueCrypt) any TrueCrypt volume mounted by them.
• Create a file-hosted or partition/device-hosted TrueCrypt volume provided that the relevant folder/device permissions allow it.
• Change the password, keyfiles, and header key derivation algorithm for, and restore or back up the header of, a file-hosted or partition/device-hosted TrueCrypt volume (provided permissions allow it).
• Access the filesystem residing within a TrueCrypt volume mounted by another user (if permissions allow).
• Run and use the TrueCrypt application (including the TrueCrypt Volume Creation Wizard) provided that file permissions allow it.

TrueCrypt does not support the set-euid root mode of execution.

Additional information and details regarding the security model are contained in the chapter Security Requirements and Precautions.

* In this section (Security Model), the phrase “data on a computer” means data on internal and external storage devices/media (including removable devices and network drives) connected to the computer.

† In this section (Security Model), the phrase “administrator privileges” does not necessarily refer to a valid administrator account. It may also refer to an attacker who, by exploiting system vulnerabilities or misconfigurations, can perform actions normally restricted to a valid administrator.

‡ “TrueCrypt volume” also means a TrueCrypt-encrypted system partition/drive (see the chapter System Encryption).

TrueCrypt is a computer software program whose primary purposes are to:

• Secure data by encrypting it before it is written to a disk.
• Decrypt encrypted data after it is read from the disk.

TrueCrypt does not:

• Encrypt or secure any portion of RAM (the main memory of a computer).
• Secure any data on a computer if an attacker has administrator privileges.
• Secure any data on a computer if the computer contains malware or altered software that an attacker controls.
• Secure any data on a computer if an attacker has physical access to it before or while TrueCrypt is running.
• Secure any data on a computer if an attacker has physical access to it after TrueCrypt shuts down, before memory is cleared.
• Secure any data on a computer if an attacker can remotely intercept emanations from the hardware.
• Secure any data stored in a TrueCrypt volume if an attacker without administrator privileges can access it.
• Preserve or verify the integrity or authenticity of encrypted or decrypted data.
• Prevent traffic analysis when encrypted data is transmitted.
• Prevent an attacker from determining which sectors changed if they can observe the volume.
• Encrypt existing unencrypted data in place on devices that use wear-leveling.
• Ensure that users choose cryptographically strong passwords or keyfiles.
• Secure computer hardware components or an entire computer.
• Secure data on a computer where security precautions (see Security Requirements and Precautions) are not followed.
• Do anything listed in the chapter Known Issues & Limitations.

Under Windows, a user without administrator privileges can (assuming the default configurations):

• Mount any file-hosted TrueCrypt volume if file permissions allow.
• Mount any partition/device-hosted TrueCrypt volume.
• Complete the pre-boot authentication process for encrypted system partitions/drives.
• Skip pre-boot authentication if allowed (this can be disabled by an administrator).
• Dismount volumes mounted by them (except system favorite volumes, unless restricted by an administrator).
• Create a file-hosted TrueCrypt volume containing a FAT or no file system if permitted.
• Change the password, keyfiles, and header key derivation for a file-hosted volume if allowed.
• Access a filesystem within a volume mounted by another user (if permissions permit).
• Use cached passwords and keyfiles.
• View basic properties of an encrypted system partition/drive when the system is running.
• Run the TrueCrypt application and Volume Creation Wizard if file permissions allow.

Under Linux and Mac OS X, similar restrictions apply based on file/device permissions.

TrueCrypt does not support the set-euid root mode of execution.

Additional details regarding the security model are in the chapter Security Requirements and Precautions.

* “Data on a computer” means data on internal/external storage devices, including removable and network drives.

† “Administrator privileges” may refer to an attacker who can perform actions normally restricted to administrators.

‡ “TrueCrypt volume” also includes a TrueCrypt-encrypted system partition/drive (System Encryption).