hope i've posted to the right place.
i would like to know if truecrypt stores its passwords unencrypted on the hard drive (so that someone could examine the hard dirve and find the password)
i am asking this because i once read that pgp stored its passwords on the hard drive unencrypted is this true of truecrypt?
Hi Ken, and welcome to AO :)
If any encryption application stored its password in plain text on the HDD it would be as useful as a chocolate fireguard. I think that it is safe to say that none of them do these days.
From what I remember, Truecrypt does most of its stuff in RAM and I believe that they still claim that it does not store any unencrypted data on the HDD?
Now, here is where we might have a problem............... I have no idea how it, or any of the others for that matter, work at the detailed level. It might be possible that if you have a systems crash and it does a memory dump, that the password could be somewhere in that dump. Assuming, of course, that you had it open at the time.
Personally, I use CCleaner (free for private use) and let it overwrite the dumps and file fragments (and piles of other junk). I use 3 passes although you can set it to more if you are really paranoid and like watching paint dry :D I run it after every session.
I am assuming that you are using Windows, although TC has Mac and Linux versions. If that is the case then set your dumps to the mini dump rather than the full system dump that drops everything in RAM at the time of the crash.
I haven't tested it with Truecrypt personally, but looking at the short dumps usually tells me as much as I will be likely to understand about the Windows problem, and I have never seen any passwords or personal data......... just Windows stuff.
Hope that helps, give me a shout if you have any more questions.
thanks alot that has put my mind at rest
If you run truecrypt portable then nothing gets put on the machine as its all loaded in RAM.
Originally Posted by Cider