0
If I create a truecrypt volume using my windows 7 password as a key, can I configure truecrypt/windows to automatically mount it when I login? This would probably require windows 7 support(something like ubuntu's PAM)
Thiago de Arruda
Posted 2013-03-25T03:36:36.120
Reputation: 219
1
You can certainly write a script to mount your volume on login, using the CLI options and executing the script via the windows task manager, but you will not get any integration with windows directly, so you will need to include your password in the script, which is of course non-optimal. you would also have to schedule a similar script to dismount it on log out.
I would also recommend against mounting at boot, rather than on demand, because the practical attacks on truecrypt involve accessing the encryption key in ram or a ram cache like hiberfil.sys or pagefile.sys. these attacks are impossible if you mount your volume only when needed and dismount it when you are done.
Frank Thomas
Posted 2013-03-25T03:36:36.120
Reputation: 29 039
Since I always disable hibernate and enable pagefile encryption, those two files are not a problem. Besides, I'm just looking for a simple way to encrypt/decrypt some commonly files using my normal workflow, extreme security isn't a concern – Thiago de Arruda – 2013-03-25T12:00:51.017
then it sounds like my answer will work for you. – Frank Thomas – 2013-03-25T12:48:28.037
Not if I have to write my key into plain text. With 'extreme security isnt a concern' I meant I don't care to protect against crackers with a lot of resources(eg: FBI), but I also dont want any kid with physical access to my computer to read my files. What I want is a solution in the spirit of ubuntu's PAM, which uses the password typed at login to unlock my passphrase and insert into the kernel keyring. – Thiago de Arruda – 2013-03-25T13:08:15.447
and once again, the answer is no, you cannot achieve that level of integration with truecrypt. – Frank Thomas – 2013-03-25T14:32:37.457