I wanted to post this at the TrueCrypt forum but they won't let me post because I have a Yahoo email address. Anyways:

I want to set up a system that has OS (Windows 7) and apps on HDD-1 (drive 1) and the paging file on HDD-2 (drive 2). If I do a system partition encryption on HDD-1, is there any way to encrypt HDD-2 (drive two) as well (whether as an extension of the system partition or as an external drive partition) so that it automatically "activates" when I login to the system partition on HDD-1?

I do not want to disable the paging file. But I want to learn if there are any ways that I can put the paging file on a second hard disk (for performance reasons) and still be able to encrypt it. Are there any options available to me or is it impossible to encrypt a paging file on a second hard disk as I've described?

Thanks

Version 6.3 has just been released. It has a new "System Favorites" feature that sounds like it might work for you, although I don't know the details yet. See the change log:

http://www.truecrypt.org/docs/?s=version-history

Why don't you try it out and let us know?

I was hoping they would add some MBR protection in the new version (Stoned bootkit attack).

FYI -- The BCWipe (http://www.jetico.com/wiping-bcwipe/) utility states that it has the capability to encrypt the paging file, although I have not tested this myself.

I have been at the library looking into this.

It appears that I can accomplish it by installing two hard discs and formatting the discs for dynamic spanning. then Windows will treat 2 Hard discs as if they are 1 disc. True crypt will system encrypt both discs as if they are both part of the "singular" system partition. Then I just move the paging file onto the second disc.

That will probably degrade your disk performance. I think you're going backwards.

I have a second hard disk used as a dedicated paging file on my Windows XP SP2 box. I've used Crypto Swap Guerrilla on that drive for several years with excellent results.

You can grab it here:

http://www.geocities.com/phosphor2013/list.htm

From the documentation:
"====================
HOW CRYPTOSWAP WORKS
====================

(The foregoing is adapted from the official documentation.)

CryptoSwap loads a low-level driver at Windows startup, before
Windows runs its virtual memory support mechanism and initializes the
swap file.

Upon initialization, the driver generates a random encryption key
that is unique to the current Windows session. The encryption key is
never written to disk, but held in RAM until the computer is shut
down or rebooted.

The CryptoSwap driver intercepts all filesystem operations, such as
open/close, read/write file, etc., detects requests to the swap file,
and encrypts data buffers when Windows writes something to the swap
file. When Windows reads data from or writes data to the swap file,
CryptoSwap encrypts and decrypts it on the fly, so that each
operation is performed automatically and transparently.


============
Final Notes:
============

Information on the algorithms implemented in CryptoSwap can be found
here:


http://www.ssh.fi/support/cryptography/algorithms/symmetric.html
(AES, Twofish, Blowfish)

http://vipul.net/gost/ (GOST)

Caveat:

After all that, I've never tested it on Vista and haven't a clue as to whether or not it would run on Windows7.

JW