[email protected]

New features:

• TrueCrypt volumes can now be mounted on Linux. The Linux version of TrueCrypt is available at http://www.truecrypt.org/downloads.php

• It is now possible to write to outer volume without risking that a hidden volume within it will get damaged (overwritten):
  
  When mounting an outer volume, the user can now enter two passwords: One for the outer volume, and the other for a hidden volume within it, which he/she wants to protect. In this mode, TrueCrypt does not actually mount the hidden volume. It only decrypts its header and retrieves information about the size of the hidden volume (from the decrypted header). Then, the outer volume is mounted and any attempt to save data to the area of the hidden volume will be rejected by the driver (until the outer volume is dismounted). For further details, please see the section ‘Protection of Hidden Volumes against Damage’ in the documentation.

• Support for the x86-64 (64-bit) platform

• TrueCrypt now runs on Windows XP x64 Edition (64-bit) and Windows Server 2003 x64.

• Support for big-endian hardware platforms (PowerPC, SPARC, Motorola, etc.)

• Full support for keyfiles. Keyfiles provide protection against keystroke loggers and may strengthen protection against brute force attacks. Keyfile is a file whose content is combined with a password. Until correct keyfile is provided, no volume that uses the keyfile can be mounted. Any number of, and any kind of files (for example, .mp3, .jpg, .exe, .avi) may be used as TrueCrypt keyfiles. TrueCrypt never modifies the keyfile contents. Therefore, it is possible to use, for example, five files in your large mp3 collection as TrueCrypt keyfiles (and inspection of the files will not reveal that they are used as keyfiles). TrueCrypt can also generate a file with random content, which can be used as a keyfile. For more information on keyfiles, see the chapter Keyfiles in the documentation.

• Support for language packs (localizations). Language packs may be downloaded at: http://www.truecrypt.org/localizations.php

• Whirlpool hash algorithm added.
  
  The size of the output of this hash algorithm is 512 bits. It was designed by Vincent Rijmen (co-author of the AES encryption algorithm) and Paulo S. L. M. Barreto. The first version of Whirlpool was published in November 2000. The second version, now called Whirlpool-T, was selected for the NESSIE (“New European Schemes for Signatures, Integrity and Encryption") portfolio of cryptographic primitives (a project organized by the European Union, similar to the AES contest). TrueCrypt uses the third (final) version of Whirlpool, which was adopted by the International Organization for Standardization (ISO) and the IEC in the ISO/IEC 10118-3:2004 international standard.

• Auto-Dismount facility, which can be set to dismount a volume after no data has been written/read to/from it for specified number minutes. It can also be set to dismount all mounted TrueCrypt volumes when:
  - user logs off
  - entering power saving mode
  - screen saver is launched
  Auto-dismount can be configured and activated in the Preferences (select Settings -> Preferences)

• TrueCrypt settings are not saved to the Windows registry file. Instead, they are stored in XML files in the folder where application data are saved on the system (for example, in C:\Documents and Settings\YourUserName\Application Data\TrueCrypt). In traveller mode, the configuration XML files are saved to the folder from which you run the file TrueCrypt.exe.
  
  Note: When you install this version of TrueCrypt, all TrueCrypt settings that were stored by previous versions in the registry file will be automatically removed.

• Tray icon. Right-clicking the tray icon opens a popup menu with the most used functions. Left-clicking the tray icon opens the main TrueCrypt window and puts it into the foreground.

• Optionally, TrueCrypt can now continue running in the background after its main window is closed. This is referred to as TrueCrypt Background Task. When the main TrueCrypt window is closed, the TrueCrypt Background Task handles the following tasks/functions:
  1) Hot keys
  2) Auto-dismount
  3) Notifications (e.g., when damage to hidden volume is prevented)
  4) Tray icon
  For more information, see the chapter TrueCrypt Background Task in the documentation.

• When a mounted volume is right-clicked in the drive list (in the main TrueCrypt window), a context menu is opened. From this menu, the user can select functions such as ‘Repair Filesystem’ or ‘Check Filesystem’ (front-end to the ‘chkdsk’ tool).

• Containers stored on a locally mapped network drive can now be mounted.

• Container stored on a remote server can be mounted via UNC path (e.g., \\server\share\volume).

• Option to display password (typed in input field)

• ‘Favorite Volumes’ facility, which is useful if you often work with more than one TrueCrypt volume at a time and you need each of them to be mounted as the same drive letter every time. For more information, see the chapter ‘Main Program Window’, section ‘Program Menu’, subsection ‘Volumes -> Save Currently Mounted Volumes as Favorite’ in the documentation.

• Functions ‘Backup Volume Header’ and ‘Restore Volume Header’ added to the Tools menu. Both the standard volume header and the hidden volume header area are always backed up (copied to the backup file) even if there is no hidden volume within the volume (to preserve plausible deniability of hidden volumes).
  
  Note: If you do not have enough free space to backup all files, we highly recommend that you at least use this facility to backup the volume header, which contains the master key (size of the backup file will be 1024 bytes). If the volume header is damaged, the volume is, in most cases, impossible to mount.

• System-wide hot keys (which can be used, for example, to dismount all TrueCrypt volumes, etc.)

• Users can now set actions to perform upon log on to Windows. The actions can be any of the following:
  - Start TrueCrypt
  - Mount all device-hosted TrueCrypt volumes
  - Mount favorite volumes
  These actions can be enabled in the Preferences (select Settings -> Preferences).

• Title bar of the password prompt dialog window now displays path to volume being mounted

• When the 'Never save history' option is enabled, TrueCrypt clears the registry entries created by the Windows file selector for TrueCrypt. Therefore, the Windows file selector will not remember the path of the last mounted container after you exit TrueCrypt. Note that even when this option is enabled, the file selector will still remember the path, but only until you exit TrueCrypt.

• Set Header Key Derivation Algorithm' added to the Volumes menu. It allows the user to re-encrypt a volume header with a header key derived using a different PRF function (e.g., instead of HMAC-SHA-1 you could use HMAC-Whirlpool). Note: Volume header contains master encryption key with which volume is encrypted. Therefore, data stored on the volume will not be lost after this function is used.

• Number of bytes read/written from/to a volume since it was mounted is displayed in the Volume Properties window.

• Preserving container timestamps can now disabled in the Preferences (Settings -> Preferences).

• Command line usage:
  
  if ’/silent’ is specified, interaction with user (prompts, error messages, warnings, etc.) is suppressed.
  
  If '/m timestamp' is specified, volume/keyfile timestamps are not preserved.
  
  ’/keyfile’ may be used to specify a keyfile or a keyfile search path.
  
  ’/auto favorites’ may be used to mount favorite volumes.
  
  ’/auto’ is implicit if ’/quit’ and ’/volume’ are specified.
  
  If ’/q preferences’ is specified, TrueCrypt loads/saves settings.

• Auto-Mount Devices keeps prompting for a password until a volume is successfully mounted or until cancelled. Warning is displayed after each unsuccessful mount.

• If the Shift key is down when clicking 'Auto-Mount Devices' and if there are cached passwords, then password prompt will be bypassed (mounting will be attempted only with cached passwords).

• It is now possible to run multiple instances of the TrueCrypt application simultaneously.
  

Improvements:

• Mounting of fragmented file-hosted volumes (containers) takes significantly less time.

• New SHA-1 routines by Brian Gladman, which are approx. three times faster than the original ones (speeds up mounting).

• Enhancements to the random number generator:
  
  Hash function output is XORed into the pool (in E4M and the previous versions of TrueCrypt the values produced by a hash function replaced the original values in the pool).
  
  Input to hash function will always be the entire pool.
  
  Position of the pool cursor does not change when the FastPoll function is applied. This ensures that mouse coordinates are always evenly distributed in the pool (significant particularly when moving the mouse uninterruptedly).
  
  Event delta/absolute time will be added modulo 2 32 to the pool at the same position as the event data. (In the previous versions, event delta times were added separately modulo 2 32 to the pool. Delta times provide only a small amount of entropy, particularly when moving the mouse uninterruptedly.)
  
  For more information see the chapter Technical Details, section Random Number Generator in the documentation.
  
  Important: That we made these enhancements to the random number generator does NOT mean that volumes created using previous versions of TrueCrypt are insecure.

• File-hosted volumes are pre-allocated before they are formatted. Therefore, containers are created faster and less fragmented.

• When TrueCrypt re-encrypts a volume header (for example, when changing a password), the original volume header is first overwritten 35 times with random data to prevent adversaries from using techniques such as magnetic force microscopy to recover the overwritten header.

• Traveller disk can be created when TrueCrypt is running in traveller mode.

• TrueCrypt warns if automatic mounting of new volumes is disabled in Windows and informs the user how to enable this functionality.

• Other minor improvements

Bug fixes:

• Hidden volume password can now be changed on all types of removable media (e.g., all types of USB memory sticks).

• When changing a password and an error occurs during the creation of a new volume header, the header will not be written and the error will be reported.

• FAT file system created by TrueCrypt will have the same properties as FAT file system created by Windows.

• Drive list will be updated whenever drive letter assignments change.

• If an error occurs, TrueCrypt returns exit code 1, otherwise it returns 0 (command line usage).

• Password specified on command line (/p ) now works with ‘/a devices’ as well (command line usage).

• Other minor bug fixes

Miscellaneous:

• Size of the random number generator pool increased from 256 to 320 bytes

• The command line option ‘/quiet’ has been renamed to ‘/quit’

• The Serpent routines written in assembly have been replaced with routines written in C, so that the whole source code is more portable.

• Released under TrueCrypt License 2.0