[SATLUG] Re: USB device encryption
Daniel J. Givens
daniel at rugmonster.org
Fri Jan 11 06:20:12 CST 2008
Brinkley Harrell wrote:
> TrueCrypt works fine on Windows with or without a an admin account. You
> do have to be admin to mount the encrypted drive on Linux in some cases.
>From their FAQ...
Using TrueCrypt Without Administrator Privileges
In Windows, a user who does not have administrator privileges can use
TrueCrypt, but only after a system administrator installs TrueCrypt on
the system. The reason for that is that TrueCrypt needs a device
driver to provide transparent on-the-fly encryption/decryption, and
users without administrator privileges cannot install/start device
drivers in Windows.
After a system administrator installs TrueCrypt on the system, users
without administrator privileges will be able to run TrueCrypt,
mount/dismount any type of TrueCrypt volume, load/save data from/to
it, and create file-hosted TrueCrypt volumes on the system. However,
users without administrator privileges cannot encrypt/format
partitions, cannot create NTFS volumes, cannot install/uninstall
TrueCrypt, cannot change passwords/keyfiles for TrueCrypt
partitions/devices, cannot backup/restore headers of TrueCrypt
partitions/devices, and they cannot run TrueCrypt in 'traveller' mode.
For most people, that just won't cut it. Where I currently work, there
are very strict policies on approved software on corporate systems. I
couldn't install Truecrypt on my workstation without the SMS big brother
getting all upset at me. I happen to have an account with admin
privileges, so I can at least use it in traveller mode, but I would be
screwed if I didn't have that. The majority of folks at work don't have
any privileged rights, network based or locally.
I also want to say you need to be able to get root privileges in Linux.
You may not realize it, but when you run Truecrypt as a non-privileged
user, it automatically calls sudo for you. If you don't have things
setup in the sudoers file for the non-privileged users on the system,
they won't be able to mount/dismount Truecrypt volumes.
More information about the SATLUG