Truecrypt 5.0 Released (now with system partition encryption)

nemo_outis wrote:


> Yes, Sebastian, exactly as I said: you can only do it if you hack
> Windows.


Just ignoring the fact that this is all documented, and even implemented
with Microsoft's very own preinstall kit.

> However, what I said above is irrefragably true: Truecrypt v5, as it now
> stands, provides ALL the core functionality necessary for complete OTFE
> protection of both the Windows OS and all data on all drives.

Doesn't make it any more true: When using pre-boot authentication, the
partition table is unencrypted.

Anonymous wrote:


>> Nonsense. Microsoft has only disabled this option by default, since
>> they don't want to support such configurations.
>
> Maybe you can explain teh difference between "crippled" and "disabled"?


Documentation and partial support.

George Orwell <nobody@mixmaster.it> wrote in
news:6cb67025e78b69b29b7578cf72c420f4@mixmaster.it :

> nemo_outis wrote:
>
> Did you think nobody would check this "cite", ya' pathetic lying worm?
>
>> Bestcrypt Volume Encryption for Windows is among the most advanced
>> full-HD OTFE encryption systems. Not only can it encrypt all HD
>> partitions on all HDs (including the boot/system one) it supports
>> complete encyption of spanned, mirrored, and striped volumes, as well
>> as RAID 5 volumes. It also supports physical tokens in addition to a
>> password/passphrase for additional security.
>>
>> http://www.jetico.com/bcve.htm
>
> That paragraph doesn't exist at all on that page. Or anywhere else on
> Jetico's site that I can find.


Of course, you fucking moron, that paragraph is mine, in my words - there
are no quotation marks, no "Jeticos says" in it. It's a simple
description and characterization of the program clearly provided by me,
the author of the post, the fellow with his name in the "From" header -
just as anyone who wasn't a moron like you would expect. You've just
failed to comprehend plain English - yet again.

The cite was provided for convenience to allow readers to check for
themselves what Bestcrypt says about its product. And the cite was set
off in a completely separate paragraph specifically so as not to directly
link it to my words above.

As for what Bestcrypt says about the term "volume," you would understand,
if you weren't such a colossal moron, that Bestcrypt uses the term in a
broader sense than Truecrypt to refer to "high-level storage entities"
that can, inter alia, extend across multiple hard drives (such as spanned
volumes or RAID 5). Jetico makes the distinction between "volume" and
"whole-disk" encryption because its product can support seamless
"volumes" which may be stored across several physical HDs.

Now do be a good moron and fuck off.

Regards,

"Sebastian G." <seppi@seppig.de> wrote in
news:613hfiF1tqd2kU2@mid.dfncis.de:

> nemo_outis wrote:
>
>
>> Yes, Sebastian, exactly as I said: you can only do it if you hack
>> Windows.

> Just ignoring the fact that this is all documented, and even
> implemented with Microsoft's very own preinstall kit.

No, Sebastian, you're dead wrong. But as I said in the previous post, I
don't have time to follow you into every thicket of misunderstanding you
fall into to disentangle you.

>> However, what I said above is irrefragably true: Truecrypt v5, as it
>> now stands, provides ALL the core functionality necessary for
>> complete OTFE protection of both the Windows OS and all data on all
>> drives.
>
> Doesn't make it any more true: When using pre-boot authentication, the
> partition table is unencrypted.

And it doesn't matter a whit! Truecrypt can completely protect the OS and
all data.

Regards,

nemo_outis wrote:

> Are you usually this thick? Yes, even though you have a whole-disk
> encryption program you can choose not to encrypt some partitions - or any
> of them for that matter. However, choosing not to use the program's
> capability for whole-disk encryption doesn't make it one whit less a
> whole-disk encryption program.

"We call encryption software working with volumes Volume Encryption
software. Note that if Volume Encryption software encrypts a volume
consisting of a single partition, for the user it will give the same
result as Partition Encryption software. If a single partition occupies
the whole hard drive, Volume Encryption will be equal both to Whole
Disk Encryption and Partition Encryption. Encrypting of basic partition
C: on Figure 3 below illustrates that."

http://www.jetico.com/bcve_web_help/...what_is_ve.htm

*snicker*

> As for an unencrypted partition table disclosing info, that trivial info
> is useless for decrypting the contents of the partitions or even
> inferring the nature of what is contained in them.

I see. So now you believe you're smarter than all the encryption
and cryptanalysis experts that ever lived, combined.

You've already had your ears boxed with one cite you couldn't even find
the courage to reply to. Care to try for some more?

> As for Truecrypt supposedly not being a whole-disk encryption program,
> that's just plain wrong.

"Volume Encryption software works with volume as with a single portion
of data. Volume is always in one of the two definite states: if
password is not entered, the whole volume is not accessible. If the
user enters the proper password and opens the volume, all its parts,
even stored on different hard drives, become accessible. In our
opinion, working with volumes is more native both for the user and
computer, because it is a volume that stores a complete filesystem
structure and a complete tree of the user's files. As in the modern
world single volume stores data scattered on a number of physical
disks, it is more convenient and safe to manage a volume, rather than
work with every physical drive separately."

http://www.jetico.com/bcve_web_help/...what_is_ve.htm

*snicker*

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

is Nomen Nescio <nobody@dizum.com> wrote in
news:1d77e939150828e3747369f16981a543@dizum.com:

....
> I don't think it's ever going to be 100% possible to guarantee that
> any software running atop and operating system can successfully keep
> that host from storing information about what that program does,
> somewhere the program isn't aware of. It is, after all, the operating
> system that's running the show.

Absolutely correct. In fact, I posted several years ago how, in principle,
how a rogue OS could leak the key of an OTFE program into the very HD
storage it is protecting - and do it while not corrupting that OTFE program
in any way but using it completely according to Hoyle.

I'll be happy to post the method again if anyone cares.

Regards,

George Orwell <nobody@mixmaster.it> wrote in
news:bf6ea79edec361e1aad589185e7d1167@mixmaster.it :

> nemo_outis wrote:
....
>> As for an unencrypted partition table disclosing info, that trivial
>> info is useless for decrypting the contents of the partitions or even
>> inferring the nature of what is contained in them.

> I see. So now you believe you're smarter than all the encryption
> and cryptanalysis experts that ever lived, combined.


You see little and comprehend less.

If you have some argument to show how an unencrypted partition table would
permit decrypting the contents of of an encrypted partition, then make it.
If not, then, as I have repeatedly suggested: Do be a good little moron and
fuck off.

Regards,

Sebastian G. wrote:

> Anonymous wrote:
>
>
> >> Nonsense. Microsoft has only disabled this option by default, since
> >> they don't want to support such configurations.
> >
> > Maybe you can explain teh difference between "crippled" and "disabled"?
>
>
> Documentation and partial support.

Telling someone their leg is irreparably broken and handing the a set
of crutches doesn't make them any less crippled or disabled.

You're engaging in a semantics quibble that doesn't even exist, but
then you seem to enjoy that sort of thing. Never have to admit you were
wrong about something if you just make up the rules as you go, now do
you? :(

nospamatall wrote:

> Anonymous wrote:
> > nospamatall wrote:
> >
> >> Casper wrote:
> >>>> No, it's not. With a two partition setup and both encrypted
> >>>> you can still see partition information booting from a LiveCD
> >>>>
> >>>> It's NOT whole disk encryption. It was never advertised as
> >>>> such.
> >>> Thank you for the info, I am glad you understand the
> >>> difference between asking for a password on boot up and
> >>> having the whole thing encrypted, too many people confuse
> >>> these terms.
> >>>
> >>>
> >> I can see that there is a difference, but why would it be
> >> important? If the entire disk is encrypted, how could you do
> >> anything with it?
> >
> > We were just discussing the issue of plausible deniability, and
> > determining if individual encrypted devices/volumes existed at
> > all. If you need to hide the fact that certain volumes exist
> > then it becomes an issue.
>
> I would have thought that this is not an issue with TrueCrypt,
> because the hidden partition is within the free space of another
> encrypted partition and thus doesn't show up anywhere else?

except maybe in caches, swap space, histories and logs, last
modified fields, etc...........

with whole disk nothing can ever be leaked to another partition or
anywhere else that anyone can see without owning the keys.
partition encryption can leak like a sieve.

nemo_outis wrote:

> There must - necessarily! - be a small amount of unencrypted code on the
> boot/system volume. This is invariably located on track 0.

Nope! I fact with *true* whole disk encryption there is absolutely no
unencrypted information on a device at all.

Puzzle over it a while and then I'll do the nose rubbing thing some
more. :)

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it

nemo_outis wrote:


> And it doesn't matter a whit! Truecrypt can completely protect the OS and
> all data.


And this was never disputed. Disputed was the claim that the entire disk was
encrypted whereas the partition table and the boot sector is obviously not.
And sadly since TrueCrypt does not offer any mechanism so store the boot
sector on another media, both are mutually exclusive.

And it does matter, since it disallows for plausible deniability.

nemo_outis wrote:


> If you have some argument to show how an unencrypted partition table would
> permit decrypting the contents of of an encrypted partition, then make it.


It doesn't. What it permits is to differ the encrypted disc from random
data, and it permits knowledge about the partitioning of the volume inside
the encrypted container.

Cyberiade.it Anonymous Remailer wrote:


> On the contrary. FDE can't possibly exist without some sort of pre-boot
> authentication.


It can, if you stop insisting that the encrypted disc must contain the
operating system.

> The very definition of "full disk" precludes any access at all without it.


Obviously wrong.

>> But well, why should I discuss with someone who is even too stupid to create
>> a technically valid posting?
>
> Says you, whose entire arsenal consists of calling everyone else stupid
> and spewing made up nonsense.

No, that would be you.

Anonymous wrote:

> Sebastian G. wrote:
>
>> Anonymous wrote:
>>
>>
>>>> Nonsense. Microsoft has only disabled this option by default, since
>>>> they don't want to support such configurations.
>>> Maybe you can explain teh difference between "crippled" and "disabled"?
>>
>> Documentation and partial support.
>
> Telling someone their leg is irreparably broken and handing the a set
> of crutches doesn't make them any less crippled or disabled.


Making bad analogies doesn't make your point any less moot.

> You're engaging in a semantics quibble that doesn't even exist, but
> then you seem to enjoy that sort of thing. Never have to admit you were
> wrong about something if you just make up the rules as you go, now do
> you? :(


Well, then tell me just one thing: If it was really crippled, then why was I
able to unleash this functionality with nothing but a text editor and an
archiver (for unpacking and optionally repacking the CABinet archives)?

Anonymous wrote:


> except maybe in caches, swap space, histories and logs, last
> modified fields, etc...........
>
> with whole disk nothing can ever be leaked to another partition or
> anywhere else that anyone can see without owning the keys.
> partition encryption can leak like a sieve.


Which is wrong again. For all those FDE products which use CBC mode, the
swap file is likely to contain an IV, which leaks the first block of data
for every CBC block. For LRW, swapping out an empty page with the LRW tweak
key at the beginning or the end will allow an attacker to retrieve the LRW
tweak, and therefore distinguishing the encrypted volume from random data.
For ESSIV it's the same.

Lucky you that TrueCrypt 5.0 introduced XTS as the only mode for creating
new encrypted volumes.

nemo_outis wrote:

> George Orwell <nobody@mixmaster.it> wrote in
> news:6cb67025e78b69b29b7578cf72c420f4@mixmaster.it :
>
> > nemo_outis wrote:
> >
> > Did you think nobody would check this "cite", ya' pathetic
> > lying worm?
> >
> >> Bestcrypt Volume Encryption for Windows is among the most
> >> advanced full-HD OTFE encryption systems. Not only can it
> >> encrypt all HD partitions on all HDs (including the
> >> boot/system one) it supports complete encyption of spanned,
> >> mirrored, and striped volumes, as well as RAID 5 volumes. It
> >> also supports physical tokens in addition to a
> >> password/passphrase for additional security.
> >> http://www.jetico.com/bcve.htm
> >
> > That paragraph doesn't exist at all on that page. Or anywhere
> > else on Jetico's site that I can find.
>
>
> Of course, you fucking moron, that paragraph is mine, in my words
> - there are no quotation marks, no "Jeticos says" in it. It's a

ROTFL!

What is was, asshole, was you getting caught playing your little
kid games and showing everyone just what a fucking liar you can be
when you're wrong.

What is was, asshole, was you making up a cite then giving a link
that said exactly the opposite.

> As for what Bestcrypt says about the term "volume," you would
> understand, if you weren't such a colossal moron, that Bestcrypt

God you're a fucking jerk. Bestcrypt fucking well states in no
uncertain terms that volume and whole disk are different things,
that their product is volume encryption, and that nemo_retardus is
wrong. But never one to let something like obvious facts get in
your way, here you are telling someone ELSE they don't understand
something.

You really managed to display your spots today liar, and they're
looking like you shit all over yourself.

> uses the term in a broader sense than Truecrypt to refer to
> "high-level storage entities" that can, inter alia, extend across
> multiple hard drives (such as spanned volumes or RAID 5). Jetico
> makes the distinction between "volume" and "whole-disk"
> encryption because its product can support seamless "volumes"
> which may be stored across several physical HDs.
>
> Now do be a good moron and fuck off.
>
> Regards,
>

Sebastian G. wrote:
> Anonymous wrote:
>
>
>>> Maybe you're just stupid. Why do you narrow your views to one
>>> drive? You can have two or more. One contains the operating
>>> system, does the pre-boot stuff and has an identifyable partition
>>> table. The second drive is meant to store data, and is fully
>>> encrypted, including the partition table.
>>
>> Maybe you're just a lying sack, desperately trying to change the
>> rules to try and win a point.
>>
>> Can you install an OS to ANY device that's been encrypted by
>> Truecrypt? No.
>
>
> That has never been a requirement.

You can install an OS and then encrypt the whole drive. Maybe you can do
the other thing too, but I doubt we would find out anything useful from
these folks!

Casper wrote:
>>
>> Who cares for installing an OS? This drive only contains data, the OS
>> is on another media.
>
> LOL LOL LOL >:|
>
> You will never understand what we are talking about.
> Maybe your posts should not appear in alt.privacy at all
> I am putting up a filter.
Maybe if you elucidated what the fuck you're talking about instead of
being a smug bastard with no info to offer...

Phil Carmody wrote:
> Casper <spam@spam.spam> writes:
>>> Who cares for installing an OS? This drive only contains data, the
>>> OS is on another media.
>> LOL LOL LOL >:|
>>
>> You will never understand what we are talking about.
>> Maybe your posts should not appear in alt.privacy at all
>> I am putting up a filter.
>
> Anything which separates alt.privacy from sci.crypt is
> a good thing. Keeping your ill-thought-out gibberings
> off sci.crypt would in particular be appreciated.
>
> Phil
You're welcome to kill the thread and then anyone who wants to read it
still can. You think usenet is just for you?

nemo_outis wrote:
> "Sebastian G." <seppi@seppig.de> wrote in
> news:612qppF1tk96tU4@mid.dfncis.de:
>
>> Cyberiade.it Anonymous Remailer wrote:
>>
>>
>>>> Are you usually this thick? Yes, even though you have a
>>>> whole-disk encryption program you can choose not to encrypt some
>>>> partitions - or any of them for that matter. However, choosing
>>>> not to use the program's capability for whole-disk encryption
>>>> doesn't make it one whit less a whole-disk encryption program.
>>> Problem is, with Truecrypt you don't have that choice.
>>
>> So then my fully encrypted harddisk with even an encrypted partition
>> table is pure imagination?
>>
>>> Go ahead and try it. Encrypt an entire drive and see if you can
>>> install an OS to it.
>>
>> Who cares for installing an OS? This drive only contains data, the OS
>> is on another media.
>
>
> Yep, Sebastian, you've got it entirely right.
>
> Yes, Truecrypt in addition to file-based and partition-based encrypted
> storage, also supports device-based OTFE storage. The device-based
> versions do not have a partition table and are essentially
> "floppy/superfloppy-ish." Device-based encrypted storage is primarily
> useful for floppy disks, USB pendrives, and such but the Truecrypt docs
> say a HD can also be be used this way.
>
> Superfloppyish-based encrypted storage is only suitable for data storage,
> not for a bootable Windows system. In fact, independent of any
> encryption aspects, Windows has been deliberately crippled so it can NOT
> boot/run from removable media such as superfloppies (Microsoft says it's
> a licencing issue). (Some folks have crafted end-runs around this
> limitation of Windows, using tricks such as RAM drives.)
>
> But all this is beside the point. With Truecrypt 5 one can now encrypt
> *any and all partitions* on any drive, including the boot/system
> partition. This is all that is needed for complete OTFE protected
> storage for both the Windows system itself and all data on it.
>
> Regards,

Thank you. Why is cryptography inhabited by such obnoxious anti-social
twats?

In article <613oc6F1taan2U4@mid.dfncis.de>
"Sebastian G." <seppi@seppig.de> wrote:
>
> Cyberiade.it Anonymous Remailer wrote:
>
<snip>
>
> > The very definition of "full disk" precludes any access at all without it.
>
>
> Obviously wrong.
>
<snip>

Can you explain what happens when the OS is encrypted and
the computer is turned on? How can booting the OS
take place if the OS is encrypted?

Isn't the function of "pre-boot authentication" in this
instance to allow decryption and proceed with booting
the OS?

IOW, if you didn't have the pre-boot authentication, the
computer would blank screen and not go any further.

Are you making a distinction that is misleading? Like
"Full disk doesn't necessarily include the OS." But
the previous poster(s) are all talking about encrypting
the C: drive WITH the OS (whether other drives are encrypted
or not).

George Orwell <nobody@mixmaster.it> wrote in
news:cfba7ec8f8b207e0a1bd089fe3255024@mixmaster.it :

> nemo_outis wrote:
>
>> There must - necessarily! - be a small amount of unencrypted code on
>> the boot/system volume. This is invariably located on track 0.
>
> Nope! I fact with *true* whole disk encryption there is absolutely no
> unencrypted information on a device at all.

Uhh, doofus, Windows cannot boot from a completely encrypted disk because
there's nothing to decrypt those first bytes to even get the process
started. Oddly enough, encrypted code is not executable. So if a system
does not have a storage medium (i.e., boot drive) with some unencrypted
boot loader on it, the system can't boot to HD. QED

Those unencrypted bytes must be stored somewhere, and the BIOS looks at
each storage device (MPTs and GPTs for HDs) to see which one is active to
pass continuation of booting off to it. No unencrypted boot code stub,
no boot from HD.

Of course, if all you want to do is store data then Truecrypt can encrypt
an entire drive in "superfloppy-ish" mode. But such a drive cannot boot
Windows - this is a limitation of Windows, not full HD OTFE systems.

As for an the unencrypted boot stub making it plain yyou are using
encryption - yep, it does.

And I hgave the workaround for that problem several posts back:
overwrite track zeo with random junk after a session and restore the
track 0 (most convenioently using the OTFE recovery disk) before each new
session. This results in a drive being completely filled with ostensibly
random data between uses.

Regards,

"Sebastian G." <seppi@seppig.de> wrote in
news:613o4rF1taan2U2@mid.dfncis.de:

> nemo_outis wrote:
>
>
>> And it doesn't matter a whit! Truecrypt can completely protect the OS
>> and all data.
>
>
> And this was never disputed. Disputed was the claim that the entire
> disk was encrypted whereas the partition table and the boot sector is
> obviously not. And sadly since TrueCrypt does not offer any mechanism
> so store the boot sector on another media, both are mutually
> exclusive.
>
> And it does matter, since it disallows for plausible deniability.

If that "other media" is permanently attached to the system (i.e.,
"fixed") then plausible deniability is still shot. Since Microsoft only
supports booting normal Windows (not PE, not embedded) from fixed media,
what you want is unachievable with Windows as the OS (without violating
the licence).

However, if you are still worried about plausible deniability (although
there being a good reason for having a system that contains only disks
with random data strikes me as the epitome of implausible) then do as I
suggested several posts earlier in this thread: overwrite track 0 with
random junk after each session and restore it again at the start of the
next session (most conveniently, by using the OTFE recovery disk/CD).

Now be sure to post again, Sebastian, with more of your nonsensical
attempts to complicate and obfuscate the straighfoprward.

Regards,

"Sebastian G." <seppi@seppig.de> wrote in
news:613o84F1taan2U3@mid.dfncis.de:

> nemo_outis wrote:
>
>
>> If you have some argument to show how an unencrypted partition table
>> would permit decrypting the contents of of an encrypted partition,
>> then make it.
>
>
> It doesn't. What it permits is to differ the encrypted disc from
> random data, and it permits knowledge about the partitioning of the
> volume inside the encrypted container.

But it is a limitation of Windows, not of Truecrypt or any other whole-disk
OTFE program, that causes the difficulty. Go give old Bill Gates a call
and leave the rest of us in peace to contentedly use the magnificent new
Truecrypt 5.

Regards,

Nomen Nescio <nobody@dizum.com> wrote in
news:b37ff94e4b489cb0606a73458d64d04b@dizum.com:

>> Of course, you fucking moron, that paragraph is mine, in my words
>> - there are no quotation marks, no "Jeticos says" in it. It's a

I would suggest that you enroll in a reading comprehension course.
However, your problem is far more deep-seated than that: not an inability
to read for understanding, but the mental incapability to understand at
all.

Now fuck off, 'tard.

nospamatall <nospamatall@iol.ie> wrote in news:foigij$461$4@aioe.org:

....
> Thank you. Why is cryptography inhabited by such obnoxious anti-social
> twats?

Oh, I've embarrassed them multiple times in the past with their silly
errors, so they now keep coming back with childish attempts to catch me out
with their stupid cavils and quibbles every time I post. And so I have to
crush them yet again. Quite tiresome after the first few times, really.

Regards,

nemo_outis wrote:


> If that "other media" is permanently attached to the system (i.e.,
> "fixed") then plausible deniability is still shot. Since Microsoft only
> supports booting normal Windows (not PE, not embedded) from fixed media,
> what you want is unachievable with Windows as the OS (without violating
> the licence).


Once again: You can modify an normal Windows installation CD to allow
installation and booting from USB mass storage, FireWire Mass Storage and SD
Cards. Without any license violation. With a text editor and cabarc (which
is free to download from Microsoft).

> However, if you are still worried about plausible deniability (although
> there being a good reason for having a system that contains only disks
> with random data strikes me as the epitome of implausible)


Implausible? Heck, every media I buy is throughly tested by a very simple
yet highly effective scheme:

dd if=/dev/urandom bs=1m count=X | tee /dev/hdX | sha1sum
sync
dd if=/dev/hdX | sha1sum

If I never start using these media, then they will remain being filled with
pseudorandom data.

Ugh, and do you know what I do if I want to securely wipe media because I
plan to sell them? You can guess:

dd if=/dev/urandom bs=1m of=/dev/hdX

nemo_outis wrote:

> "Sebastian G." <seppi@seppig.de> wrote in
> news:613o84F1taan2U3@mid.dfncis.de:
>
>> nemo_outis wrote:
>>
>>
>>> If you have some argument to show how an unencrypted partition table
>>> would permit decrypting the contents of of an encrypted partition,
>>> then make it.
>>
>> It doesn't. What it permits is to differ the encrypted disc from
>> random data, and it permits knowledge about the partitioning of the
>> volume inside the encrypted container.
>
> But it is a limitation of Windows, not of Truecrypt or any other whole-disk
> OTFE program, that causes the difficulty.


Actually it is a limitation of TrueCrypt: It could actually encrypt the
partition table and decrypt it on the fly, it would just require a special
check for block 0 to not trying decrypt the MBR part and start decrypting at
the location of the partition table.

Additionally, if you do the pre-boot stuff, the MBR containing this code
would also differ from random data. But TrueCrypt does not permit storing
the MBR on another media and do some redirection.

On Fri, 08 Feb 2008 17:40:22 GMT, nemo_outis wrote:

> I'll be happy to post the method again if anyone cares.
>
> Regards,

I do.

I love you and you know that.
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19

"Sebastian G." <seppi@seppig.de> wrote in
news:61496qF1smtekU1@mid.dfncis.de:

> nemo_outis wrote:
>
>
>> If that "other media" is permanently attached to the system (i.e.,
>> "fixed") then plausible deniability is still shot. Since Microsoft
>> only supports booting normal Windows (not PE, not embedded) from
>> fixed media, what you want is unachievable with Windows as the OS
>> (without violating the licence).

> Once again: You can modify an normal Windows installation CD to allow
> installation and booting from USB mass storage, FireWire Mass Storage
> and SD Cards. Without any license violation. With a text editor and
> cabarc (which is free to download from Microsoft).


No, Sebastian, such a modification of Windows is not authorized by
Microsoft. But, if you are determined to do it anyway, then who am I to
stop you. Take the bit in your teeth, charge madly off, and behave as
rashly as you wish.

However, none of this reflects one bit on Truecrypt. Since you now have
your (unauthorized) USB boot drive, every other HD on the system could be
encrypted as a Truecrypt "superfloppy" that has absolutely everything
encrypted.

May you live happily with your system configured this way and no longer
pester others with your inanities.

And BTW, Sebastian, it's still utterly implausible that someone has a
computer system with every HD completely filled with random junk.

Remmember, Sebastian, it's not whether you find such patent nonsense
plausible but whether a judge and jury do.

Regards,