Truecrypt no longer mounts | Help from Dantz

Discussion in 'encryption problems' started by oelberger, Oct 8, 2013.

Thread Status:
Not open for further replies.
  1. oelberger

    oelberger Registered Member

    Joined:
    Oct 8, 2013
    Posts:
    4
    Location:
    United States
    Hello,

    I have been using truecrypt on multiple hard drives for about a year now and until this weekend everything was great. However, after a windows 8 shutdown error my primary drive no longer accepts my password. The drive is still intact and nothing appears to be wrong, but the drive will not mount even if I use the "restore header" option.

    To be more specific about the drive in question, it is a 3tb drive with two partitions. They first takes up almost all of the drive but spares the last 100mb for unencrypted files (TC installer, etc.) The first partition was created in windows then encrypted by TC using the system/partition tool.

    I am not sure if this makes a difference (from what I have read it shouldn't) but prior to the error I had recently changed the password. I mention this because it may be true that the drive never successfully dismounted with the new password because of the windows error. I.e. the error occurred during the first ever mount with the new password.

    In trying to remedy the situation I have tried to mount the drive using the normal and embedded backup header option with both the old and the new password. Neither makes any difference and it will not mount the drive and instead just tells me "incorrect password or no true crypt volume". At this point I have checked and re-checked the passwords and I am sure I am not typing them incorrectly.

    My question is whether or not it is possible to fix this drive? If the restore the embedded header option does not work am I sunk? Or is there any other tricks that could be used?

    The good news is, 99.9% of the 3tb are completely backed up on other drives but there are a few recent photos and videos that would be lost if I can not restore. I therefore like to hear an experts opinion on whether or not I have any chance of salvaging the files.

    Cheers,
    Thomas
     
  2. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    I might be wrong but Truecrypt is not W8 compatible, yet.
    Could this be the rootcause of your problem?
     
  3. oelberger

    oelberger Registered Member

    Joined:
    Oct 8, 2013
    Posts:
    4
    Location:
    United States
    Dogbite, Thanks very much for your response. It looks like Truecrypt might not be Windows 8 approved for system drives but definitely works fine for non-system partitions. I have been using four different non-system drives since I started using Truecrypt and this is the first problem.
     
  4. oelberger

    oelberger Registered Member

    Joined:
    Oct 8, 2013
    Posts:
    4
    Location:
    United States
    Sorry to be a bother but I thought I might try bumping this post. Thanks in advance to anyone who can help me determine if my files are recoverable or not.
     
  5. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    wtf , someone cant read the system compatibility part on the tc homepage apparently , i repeat if you havent, tc is NOT currently compatible with w8 installs and on , the devs are currently working on an support update

    here if youve missed it

    http://www.truecrypt.org/future

    http://www.truecrypt.org/docs/supported-operating-systems


    atleast youve done the proper thing and backed up your files except for that 1% , not sure what else to do in order to get to that 1% except for brute-forcing , depending on algorithm youve used and passphrase strength it could "work" if your lucky enough and used something like your name and birthdate or such
     
    Last edited: Oct 21, 2013
  6. oelberger

    oelberger Registered Member

    Joined:
    Oct 8, 2013
    Posts:
    4
    Location:
    United States
    happyyarou666 thank you very much for your reply. I realize that Truecrypt is not officially supported for Win 8 but it has been working for me with no problems for around a year. I realize in hindsight this was risky, and that the incompatibility may be the cause of my current problems, but I still have some unanswered questions about my options considering the predicament I am now in.

    I appreciate your suggestion of a brute force attack but if the header has been corrupted by the Win8 incompatibility is it likely that the new password will be close to the old, or will it have morphed into something completely different? As I understand it, a brute force attack is very unlikely unless I start it off with a word list that is very close to the password. So the question becomes, if the header is corrupt to the point that the password I know to be correct is not working, is the files system recoverable at all or should I just give up.
     
  7. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    993
    Location:
    Hawaii
    I assume you mean the "non-system partition" tool, right?

    Is the partition still exactly the same as it was, otherwise? If the boundaries somehow got changed then TrueCrypt would not be able to find its headers.

    However, since the problem occurred right after you changed the password, I strongly suspect that your actual password is just slightly different than what you think it is.

    Passwords can only be changed while the volume is dismounted, so one would normally assume that the password change was completed before you mounted the volume. And once a TC volume is mounted, an 'inelegant' dismount, or even a crash, will generally not harm the volume, aside from losing any editing changes that might have been in progress. It wouldn't harm the headers unless you were in the process of writing to them (e.g. in the middle of changing the password), but this was already finished, otherwise you would not have been able to mount the volume. Unless perhaps the changes were cached by the OS and weren't fully written yet? I'm not familiar enough with Win8 to know if changes written to the cache would take that long to be written to disk. Just grasping at straws here.

    Just for completeness, I'd probably look at the beginning of the partition with a hex editor to see if it looked right (that is, fully random with no recognizable text, strings of zeros, or any other recognizable pattern). This would be to rule out an accidental overwrite or an unasked-for "surprise" formatting by Win8, which sometimes happens.

    Sorry I can't be more helpful.
     
Loading...
Thread Status:
Not open for further replies.