May 31, 2013

How To Auto-Mount Truecrypt Volumes Without A Password At Logon

Before I begin, I know what you are thinking. If you want your Truecrypt volume to be mounted without a password, why even have an encrypted Truecrypt volume? It doesn't sound very secure.

You are right, and that would be a valid question. I would say that you should only use this on computers that are protected with full disk encryption already. If you don't use full disk encryption, typing your password in once to mount a volume isn't going to kill you.

So let's say that you have full disk encryption configured already, so auto-mounting non-system Truecrypt volumes automatically isn't a huge security concern for you. Well there are two ways of doing it depending on if your non-system Truecrypt volume uses the same password/keyfiles as your system encrypted drive or not.

Let's say your non system drives use the same password/keyfiles as your system drive, here is what you need to do:

  • First open up Trucrypt and go to System > Settings
  • Check the box that says Cache pre-boot authentication password in driver memory

  • Click OK
  • Next mount your non-system volume(s) that you want auto-mounted at logon
  • Select the mounted volume, right-click your mouse and select Add to Favorites

  • Now go into Favorites > Organize Favorite Volumes
  • Select your Favorite Volume(s) and check the box to Mount selected volume upon logon

Now when you reboot, Truecrypt will cache your credentials when you decrypt your system drive in driver memory, and will use those credentials to mount your non-system volumes when you logon. Pretty cool right?

So what if your non-system volume uses a different password? That is the problem I had on my home computer. The system encryption password is different because I need to share it with my wife. However, the non-system volume I want mounted uses a more complex password that I don't share with my wife (Sorry Honey). I don't have an issue with her looking in the volume because it only holds media files, however if someone breaks into my house and steals my NAS where that volume is stored, I don't want them to be able to access it.

The way I have that mounted is via a batch script I wrote. Truecrypt has several command line options, so I wrote a script using those options to mount the drive when I first logon using a scheduled task. Before running the script, I recommend setting your non-system volume as a Favorite so Truecrypt always mounts it to the correct drive letter.

Here is how my script looks:
@echo off
cd "C:\Program Files\TrueCrypt"
truecrypt /a favorites /v PATH TO YOUR TRUECRYPT VOLUME /p PASSWORD /q
Be sure to change the above information to fit your situation. 

If you also use a keyfile, use the /k switch with a path to your keyfile in the command. A full list of command line switches can be found here: (Truecrypt Command Line Switches)

That's it, now when my wife or I login to our computer, the non-system Truecrypt volume is mounted and shows up like a regular drive.

Now there is a problem with the password being stored in plain text in your batch file. Because of that I would say you should only do this on a computer that you use, or if you share it like I do with my wife, you trust them. If that isn't the case, then you should skip using the script method.

What do you think about auto-mounting encrypted volumes? Good idea or pointless? Let us know your thoughts in the comments.
Enhanced by Zemanta

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam