High Level Security Features Supported By TrueCrypt
TrueCrypt supports a number of other high-security features that are optional but useful, such as:
A keyfile is any file, a piece of text, an image, an .MP3 file, etc, that TrueCrypt combines with the password supplied to decrypt a particular volume. Without the correct keyfile and the password, the volume cannot be decrypted. Key files can be combined with other security techniques e.g. if you have a keyfile that's stored on a BitLocker-encrypted boot volume (or even in another TrueCrypt volume), then the TrueCrypt volume can only be accessed if someone also has access to the BitLocker volume. This is applicable even if the TrueCrypt volume is stored on another removable drive or another partition.
Hidden volumes let you to mount two different partitions within a defined TrueCrypt volume, that is, a regular one, revealed by default when a password is provided, and a 2nd one that is not detectable and also is hid with a different password. This feature is designed to strengthen the security for the end user; a certain amount of less- significant information can be placed in the outer volume preventing the sensitive information on the inner volume even if the administrator is asked to reveal the main password.
Vista- specific features in Version.4.3
The latest revision of TrueCrypt open source disk encryption fully supports Windows Vista, including User Account Control (UAC), so TrueCrypt will run as a regular user without balking. Only an administrator is allowed to install TrueCrypt on a given Vista system.
This allows the user to put a runtime copy of TrueCrypt on a detachable drive and run it on Windows systems on which TrueCrypt is not installed. TrueCrypt comes with a wizard that helps in automating this process, moreover, by it, this becomes possible for the volume to mount itself (using the correct password) when the volume in question is inserted. Traveler mode can’t be used in Vista unless an account is being managed with administrative privileges.
Support for encrypting entire physical devices
If chosen, an entire unpartitioned physical device i.e. a hard drive or a flash drive can be taken as a TrueCrypt volume for maximum security. This may consume a lot of time, depending on the size of the volume. Mounting a partition or device as an encrypted volume (instead of a file) also makes it more difficult for an attacker to reverse-engineer information that might be stored on the volume if NTFS was being used.