When mounting a TrueCrypt volume (assume there are no cached passwords/keyfiles) or when performing pre-boot authentication, the following steps are performed:
HMAC-SHA-512, HMAC-RIPEMD-160, HMAC-Whirlpool.
A password entered by the user (to which one or more keyfiles may have been applied – see the section Keyfiles) and the salt read in (1) are passed to the header key derivation function, which produces a sequence of values (see the section Header Key Derivation, Salt, and Iteration Count) from which the header encryption key and secondary header key (XTS mode) are formed. (These keys are used to decrypt the volume header.)
See also section Modes of Operation and section Header Key Derivation, Salt, and Iteration Count and also the chapter Security Model.
* If the size of the active partition is less than 256 MB, then the data is read from the second partition behind the active one (Windows 7 and later, by default, do not boot from the partition on which they are installed).
† These parameters are kept secret not in order to increase the complexity of an attack, but primarily to make TrueCrypt volumes unidentifiable (indistinguishable from random data), which would be difficult to achieve if these parameters were stored unencrypted within the volume header. Also note that if a non-cascaded encryption algorithm is used for system encryption, the algorithm is known (it can be determined by analyzing the contents of the unencrypted TrueCrypt Boot Loader stored in the first logical drive track or on the TrueCrypt Rescue Disk).
** The master keys were generated during the volume creation and cannot be changed later. Volume password change is accomplished by re-encrypting the volume header using a new header key (derived from a new password).
By Andrew Y. (@andryou) - no affiliation with TrueCrypt - fair use - site for non-monetary, reference purposes only