Is it possible to decrypt a truecrypt volume using the windows login password?

Posted on

QUESTION :

If I create a truecrypt volume using my windows 7 password as a key, can I configure truecrypt/windows to automatically mount it when I login? This would probably require windows 7 support(something like ubuntu’s PAM)

ANSWER :

You can certainly write a script to mount your volume on login, using the CLI options and executing the script via the windows task manager, but you will not get any integration with windows directly, so you will need to include your password in the script, which is of course non-optimal. you would also have to schedule a similar script to dismount it on log out.

I would also recommend against mounting at boot, rather than on demand, because the practical attacks on truecrypt involve accessing the encryption key in ram or a ram cache like hiberfil.sys or pagefile.sys. these attacks are impossible if you mount your volume only when needed and dismount it when you are done.

Leave a Reply

Your email address will not be published.