Truecrypt is a very handy tool for disk encryption, but it lacks for an enterprise use the capacity to have a remote rescue mode. It's a kind of second very complicated password that you will dictate to the user when he was s****** enough to forgot his boot password.

Well the good news with free software it's that you can always do something as you have the source code. And in the case of Truecrypt it turns out that it seems not so complicated. Here are my notes for someone (maybe me) who wants to add this option.

In Boot/Windows/BootMain.cppBoot/Windows/BootMain.cpp (to support dual password that's all that is needed)

  • Make OpenVolume read 2 sector instead of 1
  • Try to read each sector to see if the entered password correspond to one of the two sector
  • In repair menu define the offset for the second sector holding rescue/admin encoded key

In Common/BootEncryption.cpp (so that when creating the volume a second password can be added)

  • Make Prepare installation create two volume header (one with the normal password and one for rescue/admin)
  • Make InstallVolumeHeader install the two volume header

And a few things for password but I didn't investigated much (yet).