FreeOTFE logo FreeOTFE
Free disk encryption software for PCs and PDAs
(PDA version of WWW site)

Contents

Miscellaneous Notes: PC Version Specific

PC version only This section applies to the PC version of FreeOTFE only

  • After creating a new volume, it must be mounted and formatted. After this, it is highly recommended that you overwrite all the free space on the drive ("Tools | Overwrite free space"...)
  • A password is not needed when backing up a volume's CDB as the backup copy is not stored in plaintext; it is a literal backup copy of a volume's (encrypted) CDB.
  • A password is needed when creating a keyfile as this requires that the volume's CDB is decrypted, before being re-encrypted with the keyfile's password and written out to the keyfile.
  • Linux encryption settings files (".les") files are straightforward text files which contain the settings entered.
  • Peter Gutmann's "cryptlib" may (optionally) be used as an RNG, provided that it has been installed correctly. This may be downloaded from http://www.cs.auckland.ac.nz/~pgut001/cryptlib/. After installation, the "cryptlib" option will no longer be greyed out on RNG selection dialogs.
  • User settings configured via the "View | Options" menu are stored within a configuration file (".ini" file) which is located in the same directory the FreeOTFE executable is launched from. User options are not stored within the registry. By storing user settings in a separate file, as opposed to the registry, FreeOTFE achieves two things:
    1. If FreeOTFE is stored on removable media (e.g. a USB flash drive, CDROM), your settings can be stored together with FreeOTFE; there is no need to configure FreeOTFE every time you use it on a different computer - this would not be possible to do if the registry was used.
    2. Because user settings are not written to the registry, security is increased. It is trivial to overwrite a simple file if needed, but removing registry entries completely is another matter.
  • Creating an encrypted partition/disk may overwrite whatever data was stored on the partition/disk you select. Be careful!
  • An additional option is available to allow a program to be automatically executed:
    • After a volume has been mounted
    • Before a volume is dismounted
    • After a volume is dismounted
    This functionality gives significantly more flexibility than the standard Windows "autorun" feature, and allows automated integrity checking, setup, cleanup to be carried out
  • For security reasons, any file launched by the post-mount and pre-dismount options must reside on the encrypted volume; a path relative to the root directory of the mounted volume should be specified in the options dialog (e.g. "\MyFiles\start.bat"). For the post-dismount option, the absolute path to the file to be launched should be specified (e.g. "C:\volume_just_dismounted.bat")
  • The pre-dismount executable must terminate before the dismount will be carried out.
  • The pre-dismount executable will not be launched in case of a forced/emergency dismount

Windows Vista Specific
User Access Control (UAC)
Windows Vista incorporates a new security system called "User Access Control" (UAC), which is there to help prevent malicious software from doing things which could be harmful to your computer.

As part of this new security system, you will find a number of FreeOTFE's menuitems are marked with a "shield" icon - specifically, those which relate to installing or changing FreeOTFE's drivers, starting/stopping portable mode, and formatting.

Whenever you attempt to use functionality which is marked with one of these icons, Windows will display a dialog (the "consent/credential" dialog), asking for your permission to allow FreeOTFE to continue. This is for your protection, and is perfectly normal. You will be shown this dialog even if you are logged on as an Administrator

Although the FreeOTFE binaries are digitally signed using the Microsoft standard, Windows refuses to identify FreeOTFE, and as such this dialog will state that "An unidentified program wants access to your computer". Again, this is perfectly normal; if you would like to check that your copy of FreeOTFE is an unmodified, original copy, you may do so by checking the hashes/signatures available from the FreeOTFE WWW site.

If you are logged on as a "standard" (i.e. non-Administrator) user, the prompt you are shown will also ask for an Administrator's password. It should be emphasised that it is Windows Vista itself which is generating these prompts, and not FreeOTFE, which will have no access to the password you type in. The same type of warning dialogs will appear when you attempt to (for example) go to Window's Control Panel, select "Date and Time", and then attempting to change the computer's time or date.

If you are happy for FreeOTFE to carry out the operation you requested of it, you should select the relevant option from the consent/credential dialog to allow FreeOTFE to proceed.

You can find out more about UAC from the Microsoft WWW site.