Is it possible with TrueCrypt to encrypt a Windows boot volume with two-factor authentication?

Z

ZeroBit2012-09-19 15:36:34

Cryptography

ZeroBit, 2012-09-19 15:36:34

I would like to know if it is possible to encrypt Windows boot volumes using a method using two-factor authentication using tokens or a smartcard. A weaker solution is also possible. For example, store the key in a flash drive between the MBR and the first partition, as stated here . At least users will not be able to copy the key files to their flash drives. True, this is not truecrypt and not Windows, but in principle such a solution will do. I want to give users personalized flash drives / tokens / cards that they can duplicate on their own. It is important to encrypt the Windows boot partition so that the named media is used for decryption. I understand that this is not possible. Considered TrueCrypt and FreeOTFE . Maybe I overlooked something?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

slpdmn, 2012-09-20
@slpdmn

I personally did not install, but there is such a mode. Actually, I did everything described separately - I kept the key on the flash drive, and there were two passwords and the system disk was encrypted, I just didn’t bring everything together, but that shouldn’t be a problem.

Z

ZeroBit, 2012-09-20
@ZeroBit

There is such a mode in the description, yes. Up to for encrypting a non-system partition. Pre-authentication requires a driver to access a token or a smart card, and it has nowhere to come from, unless there is a special bootloader, but storing the key in a specially designated place on the USB flash drive by offset is possible, but, again, you need the corresponding bootloader, which would be able to read this place from USB. So I'm looking for an answer and the fundamental possibility of this under Windows.