Anyone familiar with TrueCrypt? Is this possible?

[Kroze]

I have 2 hard drive, one is an SSD which I have the operating system installed and the other is a mechanical hard drive for storage purposes.

I currently encrypted the SSD and also encrypted the mechanical hard drive. The thing is, is it possible for truecrypt to automatically mount and enter the password for the mechanical HD once I boot into windows? It's annoying to enter a truecrypt password to log into windows and then enter another password for the mechanical hard drive. I mean once I logged into windows, it's assumed that I'm the owner right?

 

[ch33zw1z]

http://www.truecrypt.org/faq

You have some options. with encryption, you trade convenience for security.

Can I configure TrueCrypt to mount automatically whenever Windows starts a non-system TrueCrypt volume that uses the same password as my system partition/drive (i.e. my pre-boot authentication password)?

Yes. To do so, follow these steps:

Mount the volume (to the drive letter to which you want it to be mounted every time).
Right-click the mounted volume in the drive list in the main TrueCrypt window and select 'Add to System Favorites'.
The System Favorites Organizer window should appear now. In this window, enable the option 'Mount system favorite volumes when Windows starts' and click OK.

For more information, see the chapter System Favorite Volumes.


Can a volume be automatically mounted whenever I log on to Windows?

Yes. To do so, follow these steps:

Mount the volume (to the drive letter to which you want it to be mounted every time).
Right-click the mounted volume in the drive list in the main TrueCrypt window and select 'Add to Favorites'.
The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume upon logon' and click OK.

Then, when you log on to Windows, you will be asked for the volume password (and/or keyfiles) and if it is correct, the volume will be mounted.

Alternatively, if the volumes are partition/device-hosted and if you do not need to mount them to particular drive letters every time, you can follow these steps:

Select Settings > Preferences. The Preferences window should appear now.
In the section 'Actions to perform upon logon to Windows', enable the option 'Mount all devices-hosted TrueCrypt volumes' and click OK.

Note: TrueCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volumes use the same password as the system partition/drive.

 

[Kroze]

Looks like I can auto mount it once boot into windows but still have to put in the password.

 

[GTaudiophile]

SSDs aren't all that great for encryption, so I read. Google it.

 

[Malak]

Looks like I can auto mount it once boot into windows but still have to put in the password.

That's like asking for a home alarm system to automatically disarm when you walk in the front door.

 

[Juddog]

That's like asking for a home alarm system to automatically disarm when you walk in the front door.

^^
Hahaha this made me laugh my ass off!

 

[orenero]

Looks like I can auto mount it once boot into windows but still have to put in the password.

Not necessarily. To get around this if you use Full disk encryption and that password is the same as your container / or hard drive password it will mount without asking for a password if you have the caching option set up.

 

[PingSpike]

From reading about truecrypt on SSD drives the main security concern seemed to be that if the password was changed there could potentially be an old copy of the "header" (not the right term) with the original password stored on the SSD somewhere still due to wear leveling. That "header" could be used to decrypt the drive with the hold password. I'm not sure if there were other concerns but I thought that was the main reason it wasn't recommended.

 

[PrincessFrosty]

I have 2 hard drive, one is an SSD which I have the operating system installed and the other is a mechanical hard drive for storage purposes.

I currently encrypted the SSD and also encrypted the mechanical hard drive. The thing is, is it possible for truecrypt to automatically mount and enter the password for the mechanical HD once I boot into windows? It's annoying to enter a truecrypt password to log into windows and then enter another password for the mechanical hard drive. I mean once I logged into windows, it's assumed that I'm the owner right?

Not that I'm aware of.

Storing the 2nd password on the first drive is fine for when the system is off, but while on and mounted it presents a danger because the 2nd drives password is then in plaintext somewhere on the system.

I think it's possible if you enable hibernation the keys can be kept in memory, that might be the closest you'll get, hibernation is OK as long as the OS drive is also encrypted.

 

[SecurityTheatre]

I have 2 hard drive, one is an SSD which I have the operating system installed and the other is a mechanical hard drive for storage purposes.

I currently encrypted the SSD and also encrypted the mechanical hard drive. The thing is, is it possible for truecrypt to automatically mount and enter the password for the mechanical HD once I boot into windows? It's annoying to enter a truecrypt password to log into windows and then enter another password for the mechanical hard drive. I mean once I logged into windows, it's assumed that I'm the owner right?

So, yeah... you went to great lengths to have an extraordinarily secure arrangement on your computer.

Here is how you make it kinda cheesy.


Write a batch file that loads on startup that mounts your drive from the command line Truecrypt command


Truecrypt /a /v \Device\Harddisk1\ /p "MyPassword"

 

[Chiefcrowe]

What is your source? I'm wondering why...

SSDs aren't all that great for encryption, so I read. Google it.

 

[smakme7757]

What is your source? I'm wondering why...

I don't agree with his statement, however it isn't unfounded.

For example:
The Intel 520 SSD uses compression to increase its overall speed. Now if the data on the drive is encrypted by software such as Bitlocker or Truecrypt the controller won't be able to compress the data all that well because encrypted data isn't very suitable for compression.

(The Intel 520 uses NAND that is already encrypted with AES 128, so using an ATA password in BIOS will give you the bonus of FDE without the performance hit.)

However, an SSD running on Bitlocker is still worlds ahead of a mechanical disk that isn't encrypted at all.

I encrypt all my drives (Which happen to be the Intel 520). My laptop has Secure ATA password support, so i use the inbuilt encryption there (No performance hit), but my desktop doesn't support this feature so i encrypt it with Bitlocker. There is a performance hit on the desktop due to the software encryption, but for a workstation which doesn't demand extremely fast and high throughput I/O the system still feels as fast as before it was encrypted.

The 520 has a read/write of 550/520 so if we (for arguments sake) say that after being encrypted that drops to 400/250 then you still have an extremely fast disk with an access speed which destroys mechanical disks. So unless you have extremely high I/O requirements for your system then there shouldn't be any reason to not use FDE. If you can leverage the inbuild encrypted NAND then you can have FDE without any penalty at all.

I might also mention the Crucual M500. I support eDrive technology where Bitlocker can leverage the onboard encrypted NAND which again gived the bonus of FDE, but with an extremely small performance hit (This has been covered on an article here at Anandtech).

While i've been typing this i'm running an ATTO benchmark on my Intel 520 which is encrypted with Bitlocker so i'll post the result when it's done.

Edit:
Bitlocker encrypted Intel 520 due to lack of ATA password support on Desktop

Writes take around 50 to 55% hit and reads are pretty much untouched. Again, depending on your requirements this may or may not be a problem. But, again, leveraging the inbuilt NAND encryption will yield perfect performance (100% performance)