How exactly does TrueCrypt work

1

1

I have some questions about how TrueCrypt and other Encryption Software work.

TrueCrypt overrides the Bootcode in the MBR. Is there any other TrueCrypt Code on the disk which is not encrypted (Chain Loader?) If so, where is the second-stage Bootloader of TC stored? In the so-called mbr-gap between the mbr and the first partition?
Is it correct that other encryption software that can work with UEFI and GPT store their bootloader in the efi system partition?

The Windows Bootloader is stored on the system partition and is not overriden, right?

When the Computer starts, the user has to enter a password in order to encrypt the disk. If the password is correct, the TrueCrypt Bootloader loads the OS. TrueCrypt installs a driver that detects every access to the disk and encrypts / decrypts on-the-fly. How is it possible to start this driver, before the OS has started?

Max

Posted 2015-09-01T08:41:36.387

Reputation: 111

Yes but I'm not sure, if the TrueCrypt Loader really overrides the Windows Loader because I dont know where the Windows Loader is stored. Is the MBR Bootloader overriden and the 2-level Windows loader which is stored on the disk is encrypted? And is the entire TrueCrypt Loader stored in the MBR or is the MBR loading a 2-level Truecrypt bootloader from the disk that is not encrypted? – Max – 2015-09-01T11:24:36.530

I've updated the question and made some improvements – Max – 2015-09-02T08:42:53.423

Answers

1

The entire disk is encrypted in what's called a container, thus the boot loader is not deleted but also encrypted.

The container has the bootloader inside and that's why Windows won't boot if you type the wrong password.

Here you can find different PDF on encryption :)

https://www.google.dk/webhp?sourceid=chrome-instant&rlz=1C1LENP_enDK538DK538&ion=1&espv=2&ie=UTF-8#q=encryption+filetype:pdf

Winoto

Posted 2015-09-01T08:41:36.387

Reputation: 54

But the Windows Bootloader is also stored in the MBR isn't it? So how can it be encrypted? Are you sure that the TrueCrypt Loader doesnt replace the Windows Loader? And is there any Code after the MBR that is not encrypted? – Max – 2015-09-01T09:45:41.207

The Windows Loader is a file on the hard drive and will be encrypted if you use a proper volume encryption software or BitLocker. TrueCrypt will place a small highly secure operating system that will start so that you're able to decrypt the volume with your key. If you forget the key all data will be lost! – Winoto – 2015-09-01T13:09:51.117

Ok but the first bootloader in the MBR that usually loads the Windows Bootloader is replaced by TrueCrypt? And on which part of the disk is the TC Loader stored? It can't be encrypted, that's why it can't be stored on the disk, right? – Max – 2015-09-01T13:26:48.623

What I can see from the documentation the TC loader should be stored on the MBR. TC loader can't be encrypted because TC doesn't support full drive encryption! Full drive encryption will require a USB key with the decryption key on it. – Winoto – 2015-09-01T13:41:16.683

Asked: 2015-09-01T08:41:36.387

Viewed: 1 487 times

Active: 2015-09-02T08:42:05.807