Q: I forgot the password - is there any way to recover the files from my TrueCrypt volume?

A: TrueCrypt does not contain any mechanism or facility that would allow partial or complete recovery of your encrypted data without knowing the correct password or the key used to encrypt the data. The only way to recover your files is to try to 'crack' the password or the key, but it could take thousands or millions of years depending on the length and quality of the password, or on the key size, on the software/hardware efficiency, and on other factors.

Q: Does TrueCrypt save my password to a disk?

A: No.

Q: Is some hash of my password stored somewhere?

A: No.

Q: Is the key size limited to 160 bits when I use HMAC-SHA-1 or HMAC-RIPEMD-160?

A: No, TrueCrypt never uses an output of a hash function (nor of a HMAC algorithm) directly as an encryption key. See the section Header Key Derivation, Salt, and Iteration Count in the documentation for more information.

Q: What is the maximum possible size of a TrueCrypt volume?

A: TrueCrypt volumes can be up to 9223372036 GB. However, you need to take into account several factors. If the volume is a file-hosted container, you must take into account the limitations of the file system that the container will be stored on. Remember that file-hosted containers stored on the FAT32 file system cannot be larger than 4 GB (if you need a larger volume, store it on the NTFS file system or, instead of creating a file-hosted volume, encrypt a partition).
For all types of TrueCrypt volumes, you must take into account the limitations of the file system you are going to encrypt (i.e. the file system contained in the encrypted volume). Note that any FAT32 volume, encrypted or not, cannot be larger than 2048 GB (if you need larger volumes, format them as NTFS).
Finally, you must also take into account the hardware connection standard, and your operating system limitations. For example, note that you cannot access IDE drives larger than 137 GB under Windows XP to which you did not apply WinXP Service Pack 1 or later (in case of Windows 2000 you must apply SP3 or later and enable the 48-bit LBA support in the registry; for more information, see http://support.microsoft.com/kb/305098/EN-US).

Q: Which cipher is the most secure?

A: Unfortunately, it is impossible to answer this question. However, all ciphers implemented in TrueCrypt are well known and trusted. No weak cipher has been implemented in TrueCrypt.

Q: Can I directly play a video (.avi, .mpg, etc.) stored on a TrueCrypt volume?

A: Yes, TrueCrypt-encrypted volumes are like normal disks. You double click the video file and the operating system will launch the application associated with the file type -- probably a media player. The media player starts reading some portion of the video file to RAM (memory). But before that portion gets to RAM, it is decrypted by TrueCrypt. The decrypted portion of the video (stored in RAM) is then played by the media player. The same goes for video recording -- before a portion of a video is written to a TrueCrypt volume, it is encrypted. This process is called on-the-fly encryption/decryption and it works for all file types, not only for video files.

Q: Is it possible to install an application to a TrueCrypt volume and run it from there?

A: Yes.

Q: Is TrueCrypt distributed under an open source license such as the GPL?

A: Yes, it is (however, not under the GPL). The text of the license is contained in the file License.txt that is included in the TrueCrypt binary and source code distribution archives, and is also available at www.truecrypt.org/license.php.

Q: Which type of TrueCrypt volume is better - partition or file container?

A: File containers can be easily copied, moved, and managed like normal files (however, this also means that a container may get damaged or deleted as easy as any other file). Partitions/devices may be better as regards performance. Note that reading to/writing from a file container may take significantly longer when the container is heavily fragmented. Also note that mounting a hidden volume located within a file container may take significantly longer when the container is heavily fragmented. The reason is that the header of the hidden volume is located at the end of the outer (host) container and seeking the end of the container may take a long time when the container is fragmented. To solve this problem, defragment the container (when it is dismounted).

Q: Will I be able to mount my TrueCrypt container/partition if I move it to another computer?

A: TrueCrypt volumes are independent of the operating system. You will be able to mount your TrueCrypt volume on any computer on which you can run TrueCrypt (see also the question 'Can I use TrueCrypt on a system on which I do not have administrator privileges?').

Q: Will I be able to mount my TrueCrypt partition/container after I reinstall the operating system?

A: Yes, TrueCrypt volumes are independent of the operating system.

Q: Can I use TrueCrypt on a system on which I do not have administrator privileges?

A: Yes, but only after a system administrator installs TrueCrypt on the system. Then users without administrator privileges will be able to mount/dismount any TrueCrypt volume and create TrueCrypt file-hosted volumes on the system. However, users without administrator privileges cannot encrypt/format partitions, cannot create NTFS volumes, cannot install/uninstall TrueCrypt, and they cannot run TrueCrypt in 'traveller' mode.

Q: Does TrueCrypt support hardware/software RAID and dynamic volumes?

A: Yes, it does. If you intend to format a dynamic volume as a TrueCrypt volume, keep in mind that after you create the dynamic volume (using the Windows Disk Management tool), you must restart the operating system in order for the volume to be available/displayed in the 'Select Device' window of the TrueCrypt Volume Creation Wizard. Also note that, in the 'Select Device' window, a dynamic volume is not displayed as a single device. Instead, all the volumes that the dynamic volume consists of are displayed and you can select any of them in order to format the entire dynamic disk.

Q: How does TrueCrypt verify that the correct password was entered?

See the section 'Technical Details' - 'Encryption Scheme' in the documentation.

Q: Is it possible to mount a TrueCrypt container that is stored on a CD or DVD?

A: Yes, it is. However, if you need to mount a TrueCrypt volume that is stored on a read-only medium (such as a CD or DVD) under Windows 2000, the file system of the TrueCrypt volume must be FAT (Windows 2000 cannot mount NTFS file system on read-only media).

Q: What will happen if I format a TrueCrypt partition?

See the question "Is it possible to change the file system of an encrypted volume?" in this FAQ.

Q: Is it possible to change the file system of an encrypted volume?

A: Yes, when mounted, TrueCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. The volumes behave as standard disk devices so you can right-click the device icon (for example in 'My Computer' list) and select 'Format'. The actual volume contents will be lost, the whole volume will remain encrypted though. If you format a TrueCrypt-encrypted partition when the TrueCrypt volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).

Q: Is it possible to change the password for a 'hidden' volume?

A: Yes, the password change dialog works both for standard and hidden volumes. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' dialog.

Remark: TrueCrypt first attempts to decrypt the standard volume header and if it fails, it attempts to decrypt the location within the volume where the hidden volume header may be stored (if there is a hidden volume within). In case it is successful, the password change applies to the hidden volume. (Both attempts use the password typed in the 'Current Password' field.)

Q: How do I decrypt a TrueCrypt partition permanently?

A: If you format a TrueCrypt-encrypted partition when the TrueCrypt volume hosted by the partition is not mounted, then the volume will be destroyed and the partition will not be encrypted anymore (it will be empty). Note that the contents of the TrueCrypt volume will be lost.

Q: How do I burn a TrueCrypt container larger than 2 GB onto a DVD?

A: The DVD burning software you use should allow you to select the format of the DVD. If it does, select the UDF format (ISO format does not support files over 2 GB).

Q: The Windows file selector remembers the path of the last container I mount. Is there a way to prevent this?

A: There are several ways to prevent this. One is to edit the Windows registry files correspondingly (see the Windows documentation for more information). Another way is to drag the icon of the container to the 'TrueCrypt.exe' icon (TrueCrypt will be automatically launched then), or to drag it to the TrueCrypt program window.

Q: Can I encrypt a partition without losing the data currently stored on it?

A: No, TrueCrypt does not allow this, and we do not plan to implement such feature either (there are several reasons for our decision and most of them are security-related).
Remark: In reaction to this, many people asked us whether we know that some commercial products allow this. Our answer: Yes, we do.

Q: Can I use tools like CheckDisk, Disk Defragmenter, etc. on the contents of a mounted TrueCrypt volume?

A: Yes, TrueCrypt volumes behave like real physical disk devices, so it is possible to use any filesystem checking/repairing/defragmenting tools on the contents of a mounted TrueCrypt volume.

Q: Is it possible to use TrueCrypt without leaving any 'traces' on Windows?

A: Yes. This can be achieved by running TrueCrypt in traveller mode under BartPE (for more information, please see the question ''Is it possible to encrypt my operating system boot partition?").

Q: Is it possible to encrypt my operating system boot partition?

A: No, TrueCrypt does not allow this. However, there are ways to ensure that the volume where operating system resides is read-only, which should prevent information leakage (registry, temporary files, etc., are stored in RAM) and make it impossible for an adversary to install a Trojan horse on the system. One of the ways is using BartPE. BartPE stands for "Bart's Preinstalled Environment", which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are stored in RAM - hard disk is not used at all and does not even have to be present). The freeware Bart's PE Builder can transform a Windows XP installation CD into BartPE.
If you use TrueCrypt 3.1 or later, you do not even need any TrueCrypt plug-in for BartPE. You can simply run TrueCrypt in 'traveller' mode under the BartPE system from a BartPE disk itself or from any other location where the TrueCrypt system files (i.e., 'TrueCrypt.exe', 'TrueCrypt.sys', etc.) are stored. The type of the CD or DVD on which you store BartPE should be "write once, read many" (for example CD-R), because rewritable disk types (such as CD-RW) might allow an adversary to alter the contents of the disk.

Q: Can I mount a TrueCrypt volume stored on another TrueCrypt volume?

A: Yes, TrueCrypt volumes can be nested without any limitation.

Q: Can I run TrueCrypt with another on-the-fly disk encryption tool on one system?

A: We are not aware of any on-the-fly encryption tool that would cause problems when run with TrueCrypt, or vice versa.

Q: How do I mount a container stored in a remote shared network folder?

A: It is necessary to map the folder to a network drive. The network drive must be created in the global object namespace so that the TrueCrypt driver can access it. The cmdrunas.exe tool can be used to map a network drive under LocalSystem account. This can be done as follows:

1. Open LocalSystem console by executing the following command:
   cmdasuser localsystem   (cmdasuser.exe can be downloaded here).
2. Map the network drive - in the newly opened window type:
   net use X: \\server\share
3. Mount the container, e.g.:  truecrypt /a /q /v X:\volume.tc

Q: Can I resize a TrueCrypt partition?

A: Unfortunately, TrueCrypt does not support this. Resizing a TrueCrypt partition using a program such as PartitionMagic will, in most cases, corrupt its contents.

Q: Why is it not possible to create arbitrary cascades?

A: The reason is that the encryption algorithm (and the mode of operation) that a TrueCrypt volume has been encrypted with is unknown. The correct encryption algorithm has to be determined through the process of trial and error. If we added the support for creating arbitrary cascades, the number of encryption algorithms to attempt mounting with would increase tremendously. The time needed to mount a volume would no longer be acceptable especially on slow machines.

Q: Does TrueCrypt run on Windows 98 or Windows ME?

A: The last version of TrueCrypt that ran on Windows 98/ME was 1.0. Note that we do not support this version (nor Windows 9x/ME), so please do not send us bug reports pertaining to TrueCrypt 1.0. We do not recommend running TrueCrypt 1.0 on Windows XP/2000/2003/Longhorn (see Version History for more information).

Q: What will happen when a part of a TrueCrypt volume becomes corrupted?

A: Data within each sector (sector is 512 bytes) are chained (see the section Modes of Operation in the documentation) so when a block becomes corrupted, each successive block within the sector will also become corrupted (block size is either 8 or 16 bytes, depending on the encryption algorithm). Corrupting the volume header will, in most cases, make the volume impossible to mount.

Q: Will I always be able to mount a TrueCrypt container no matter how fragmented it is?

A: Yes. However, note that mounting a hidden volume located within a file container may take significantly longer when the container is heavily fragmented. The reason is that the header of the hidden volume is located at the end of the outer (host) container and seeking the end of the container may take a long time when the container is fragmented. To solve this, defragment the whole host container (when it is dismounted) or create a hidden volume within a partition or a device.

Q: Is it necessary to restart the computer before copying a TrueCrypt container?

A: No, it is not necessary.

Q: Is it secure to create a new container by cloning an existing container?

A: You should always use the Volume Creation Wizard to create a new TrueCrypt volume. If you copy a container and then start using both this container and its clone in a way that both eventually contain different data, then you could aid cryptanalysis. The reason is that both volumes would share the same key, IVs, whitening values, etc.

Q: Do I have to "wipe" free space and/or files on a TrueCrypt volume?

["Wiping" - secure deletion; overwriting sensitive data in order to render them unrecoverable.]

A: If you believe that an adversary will be able to decrypt the volume (for example that he will make you reveal the password), then the answer is yes. Otherwise, it is not necessary, because the volume is entirely encrypted.

Q: How is TrueCrypt related to E4M?

A: TrueCrypt 1.0 was derived from E4M 2.02a. For information on differences between E4M and TrueCrypt, please see Version History.

Q: Will TrueCrypt be open-source and free forever?

A: Yes, it will. No commercial version is planned and never will be. We believe in open-source and free security software.

Remark: We know that there are certain individuals trying to distribute TrueCrypt as paid and closed-source software. We are not affiliated with these individuals.