mounting encrypted system partition

Topics: Technical Issues
May 7, 2015 at 3:05 PM
In the event I am not able to fix an OS boot problem I typically put a drive in a external dock in another computer to backup files.

If the drive is encrypted (Encrypt System Partition/Drive) how do I mount the drive in another computer?
May 7, 2015 at 3:11 PM
You can mount the system disk on the other PC using the mount option "Mount partition using system encryption without pre-boot authentication" to copy files off the drive.
May 7, 2015 at 4:20 PM
Thanks that is what I thought that was for. I'll do some testing. Looking to roll this out in our organization for a few of our users.

From an admin point of view looks like I should do keyfiles and let the users choose their own passwords?

On my test system it took about 2 minutes to reach the windows login prompt. Looking to cut that down a bit. Going to try a different encryption.

Must a cd be created? I would rather have an iso file.
May 7, 2015 at 7:23 PM
Edited May 9, 2015 at 8:05 PM
I would not use TrueCrypt/VeraCrypt for business users unless you are talking about a mom-and-pop business. You need to purchase a commercial product.

This will become apparent as you deal with users forgetting the password (they can change the password), users knowing the pre-boot password for all the PCs, employee turnover (need to change the password), maintain access to the PC by the IT Security department when the company needs to access the PC without the employee's permission.

TrueCrypt/VeraCrypt does not support keyfile for system encryption.

The slow mounting times has to do with the increased hash iterations performed in VeraCrypt and not the encryption algorithms. There are plans to modify/rewrite the bootloader from 16-bit code to use 32-bit code and finally 64-bit code. Also there are plans for passwords of 20 or more characters to allow for smaller hash iterations to reduce the mounting delay.

You can keep the ISO for each PC. Be sure not lose the ISO file for each PC since they are unique to each machine's even if they use the same password.