Hi guys, in Windows 10 I am under the impression, volume IDs (from "mountvol" command) and also the Truecrypt internal drive names (\harddisk0\partition1\..) are permanently scrambled. Not sure yet. Now Windows 10 has a fast startup mode which seems to be some kind of standard boot and hibernate hybrid. This way, TC drives stay mounted, which is a workaround to above problem. Is this a security disaster? I think, the stuff (encryption keys) that truecrypts holds in RAM are written to SSD then. I also think TC would not have clear text passwords in RAM...? Let's say the attacker is... you. Or another geek. Not superduper NSA with quantum computers. Is using that hibernation thing a problem then? I'm struggling between usability and security. I can not have my wife to mount TC drives manually, that's the thing. Thx EDIT: Fast startup, as described here: http://www.tenforums.com/tutorials/4189-fast-startup-turn-off-windows-10-a.html
I think that approach is a problem. The keys will necessarily be in the virtual ram. And all it takes for them to be exposed is for one person to figure out the way to search it, and you'll be toast. The only protection that might work there is if the system protected the disk information in the fast startup with bitlocker with TPM/Pin - is that the scenario? Something I sometimes do in this kind of circumstance is to have a batch file under the user account which opens the TC container when the account logs in. The batch file contains the password in clear, but, provided you have W10 Pro, it can be protected with EFS, and only accessible to that account. Of course, if the account is compromised then that information is open, but that's true anyway if the TC container is mounted when logged in - all the information is accessible anyway.
I would be interested in hearing what the difference in speed is between an "normal" start and fast start. I run a very basic family 10 Pro, but on a healthy horsepower machine, and my start times are decent. I rarely use Win 10 since most of the time I am on linux. That means either start scenario (for my circumstance) requires updating the defender file database. That is much more time consuming than anything start related. I could easily shut down windows defender but I am running that one simple machine as a typical family user, just to watch 10 Pro over time. Nothing needing security every happens on it.
When I had system on HDD fast start was noticeably quicker. Now on SSD, I have it disabled as difference in speed is minimal.
Palancar, I just know, it's a kind of hybrid hibernate/standby/shutdown thing. Windows does not unlock file systems in that mode. E.g. if you boot into another windows and then back to 10, it will detect a corupt file system and try to repair it. I read something about a "dirty bit". Yeah, on SSD it is negligible, about 7 vs. 9 seconds boot time(*), it's just for the convenience of $wife not having to enter a TC password too often. *Windows until user login. My BIOS: ~25 seconds, with AHCI controller...
I do get it Squeller. It gets frustrating having to tell my spouse the password every time they want to sign on. Not even a tough password either. I only use TC on the windows OS to keep it from doing anything "suspicious" while I am using Linux from inside a different partition. Thank you guys for the feedback.