[SATLUG] Re: USB device encryption

Daniel J. Givens daniel at rugmonster.org
Fri Jan 11 06:20:12 CST 2008


Brinkley Harrell wrote:
> TrueCrypt works fine on Windows with or without a an admin account. You
> do have to be admin to mount the encrypted drive on Linux in some cases.

>From their FAQ...

  Using TrueCrypt Without Administrator Privileges

  In Windows, a user who does not have administrator privileges can use
  TrueCrypt, but only after a system administrator installs TrueCrypt on
  the system. The reason for that is that TrueCrypt needs a device
  driver to provide transparent on-the-fly encryption/decryption, and
  users without administrator privileges cannot install/start device
  drivers in Windows.

  After a system administrator installs TrueCrypt on the system, users
  without administrator privileges will be able to run TrueCrypt,
  mount/dismount any type of TrueCrypt volume, load/save data from/to
  it, and create file-hosted TrueCrypt volumes on the system. However,
  users without administrator privileges cannot encrypt/format
  partitions, cannot create NTFS volumes, cannot install/uninstall
  TrueCrypt, cannot change passwords/keyfiles for TrueCrypt
  partitions/devices, cannot backup/restore headers of TrueCrypt
  partitions/devices, and they cannot run TrueCrypt in 'traveller' mode.

For most people, that just won't cut it. Where I currently work, there
are very strict policies on approved software on corporate systems. I
couldn't install Truecrypt on my workstation without the SMS big brother
getting all upset at me. I happen to have an account with admin
privileges, so I can at least use it in traveller mode, but I would be
screwed if I didn't have that. The majority of folks at work don't have
any privileged rights, network based or locally.

I also want to say you need to be able to get root privileges in Linux.
You may not realize it, but when you run Truecrypt as a non-privileged
user, it automatically calls sudo for you. If you don't have things
setup in the sudoers file for the non-privileged users on the system,
they won't be able to mount/dismount Truecrypt volumes.


More information about the SATLUG mailing list