TrueCrypt, Encryption.

I have a 1TB removable HDD. I did a full device encryption on it a year ago. I now wish to change the encryption method and password. Is there any way for me to do this without copying or deleting my files?

 

To change password: System menu > change password.
If you would like to change encryption method I believe you will have to decrypt volume first and then encrypt again with selected by you new method.

 

How is decryption possible i see no options?

 

All is in Help Truecrypt file.

and

BTW. Truecrypt website doesn't work today.

 

Thanks, indeed it is online now, but when I wrote my previous message their website was offline for at least 2h (I did check using downforeveryone... website status checker).

 

You CANNOT decrypt non-system volumes at all. The TC code specifically disallows it. You will need to copy off your data and re-encrypt if you want to change the algo of the volume. As mentioned earlier, you can change the password and/or keyfiles at any time.

If stealth is your big thing you do have the option of writing a "false header" to the volume. I have done this many times but I have years of familiarity with this product. You would save (multiple times) the actual header. Then you can write a volume header for another volume to the external drive leaving it completely unbreakable. No one would know its not genuine except you based upon viewing the external drive alone. If they "cracked" the fake header after countless hours they would see nothing but blank space.

You would need to decide your comfort with this approach. I feel no risk for myself but others just might mess something up and lose it all!!

 

With a non-system drive your best bet is to move it all and then wipe and do a new full encryption of your external drive.

 

That's a big disadvantage in my opinion - if you have eg. 3TB encrypted volume where you have 2.5TB data and you want change encryption or simply just decrypt volume - then you have to find or buy (if you don't have) another drive to copy 2.5TB of data. It's also time consuming and increase I/O:
1) Mount volume
2) Copy/move 2.5TB from volume A to volume/drive B
3) Delete encrypted 3TB volume (or format)
4) Again copy/move 2.5TB of data but this time from volume B to volume A
5) Encrypt volume A with new algo.

It should looks like this (this is how BestCrypt Volume Encryption works for system and non-system volumes/drives):
1) Decrypt volume A
2) Encrypt volume A with new algo.
Done.

 

I would swap steps 4 and 5 to avoid utilizing in-place encryption unnecessarily. First create the encrypted volume, then copy in the data. It's both faster and safer.

Sounds good! Let's all go and ask TC for our money back

 

Good luck
Community/TC users should ask authors TC to simplify/reduce steps that users have to follow when they want to change encryption alghoritm on encrypted non system volumes.

 

Yes, but they never do a damn thing that we ask. It's like they're the CIA or something.

 

Ha! Good one.

PD

 

All you need to do is :
1 : Encrypt the disk
2 : Copy the files back to the volume - FROM YOUR BACKUP

Because you DO have a backup, right ?
If not, your data is at risk 100% of the time, encrypted or not !!!

 

Since OP asked this question:

where he stated that he don't want to play with copy/paste I do assume worst case scenario that he doesn't have backup.
In that case he has to wade through all 5 steps mentioned by me above.

 

I don't have back-up and don't wish to spend money on another 1TB HDD. I have no way of doing what i wish with how TrueCrypt is currently set up. If you can decrypt your main systems FDE, you should be able to do the same for a non system volume. Having no back-ups is no big deal, If you know how to gauge the health of your drives you need never back-up before you know they are starting to have problems. I have never had back-ups and have never needed them.

 

Nobody has needed a backup..........until they need one. And then - backups are priceless, and if you don't have one, you'll feel really foolish.

At least backup your TC headers. It's not always the failure of the physical drive as to why you would need a backup.

Good luck.

 

I'm 100% certain that you're wrong about that, but ok, it's your data and I won't argue with you. Some people just have to learn things the hard way. In the meantime, I hope your luck holds.

PS: Based on your above posts I'd say that TrueCrypt is not for you. The program has no mercy; it's more of a guard dog than a friend. If you screw up it will eat your data in a heartbeat, and that will be that. All TrueCrypt users are strongly urged to back up their data.

PPS: I'm sorry if my post seems to come on a bit too strong. It's just that I have spent almost my entire time in these forums trying to help those TrueCrypt users who have screwed up (or gotten unlucky) and lost all of their encrypted data. There are so many ways you can screw up a TrueCrypt volume that I can't even begin to list them all, but almost everyone I've tried to help has committed this one big mistake: No current backups.

 

I have been using TrueCrypt fine for 4 years. I have had it on USB devices R-HDD's, my main computer and more. I know why you keep backups. I just don't really need them. I never forget my passwords and don't use my HDD's enough for them to fail.

 

That's like saying "I don't ride in cars enough to get into a wreck." If you ride in a car, you can get into a wreck. If you use a hard drive, it can fail, and you can lose data.