Originally Posted by hammong
It's been a long time since I fiddled with TrueCrypt, but as I understand it - the volume itself is unencrypted. You have the TrueCrypt executable and a single file that represents the encrypted volume on the USB key, HDD, etc. You plug in the device, then run the executable, and then mount the encrypted file (by supplying the password when prompted). There's no need to "install" the Truecrypt software on the host computer, I think it just runs by clicking on it when you need it.
Someone else with more recent TrueCrypt experience might chime in.
The volume is unencrypted once you mounted it. The most important part of a TC volume is the volume header
. Without it you can't mount the volume , that's why it comes with an option to backup the volume header.
Every version of TC past 6.0 has built in backup volume header even if you don't manually back it up , maybe people were corrupting their volumes or something.
Truecrypt just unlocks the "volume" / "container" which may just be a file akin to an iso / daa but with any extension you want
Truecrypt is rebranded on Lacie Private-Public
You can put Truecrypt anywhere (even on the same USB drive on a un-encrypted partition) and run it, it doesn't need to be installed.
Truecrypt isn't 100% safe: Cold boot attacks , for starters. Don't use hibernate (see http://arstechnica.com/security/2012/12/cheap-app-cracks-pgp/
There's also the issue of keyloggers/rootkits that read keystrokes. With a hardware based solution (preferably dual factor such as biometric on top of software) there's another set of issues but keyloggers are less of an issue.Edited by AlphaC - 8/21/13 at 1:57pm