diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2022-03-21 00:14:33 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2022-03-21 01:18:48 +0100 |
| commit | a57a79c61da52b84236a4641ac23b2924fff88b6 (patch) | |
| tree | d8bdd1252f784c59f011994c9146dfaa413104a2 /doc/html/Header Key Derivation.html | |
| parent | 4a1be156f78f7c8bdfe3908a8b21a00fbe53f4f2 (diff) | |
| download | VeraCrypt-a57a79c61da52b84236a4641ac23b2924fff88b6.tar.gz VeraCrypt-a57a79c61da52b84236a4641ac23b2924fff88b6.zip | |
Update documentation to add Blake2s-256 and remove RIPEMD-160
Diffstat (limited to 'doc/html/Header Key Derivation.html')
| -rw-r--r-- | doc/html/Header Key Derivation.html | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/doc/html/Header Key Derivation.html b/doc/html/Header Key Derivation.html index 860c85e0..d8896904 100644 --- a/doc/html/Header Key Derivation.html +++ b/doc/html/Header Key Derivation.html @@ -52,21 +52,22 @@ Modes of Operation</a>). The method that VeraCrypt uses to generate the header k 512-bit salt is used, which means there are 2<sup style="text-align:left; font-size:85%">512</sup> keys for each password. This significantly decreases vulnerability to 'off-line' dictionary/'rainbow table' attacks (pre-computing all the keys for a dictionary of passwords is very difficult when a salt is used) [7]. The salt consists of random values generated by the <a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none.html"> -VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, or HMAC-Whirlpool (see [8, 9, 20, 22]) – the user selects which. The length of the derived - key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-RIPEMD-160 is used (in XTS mode, an additional 256-bit secondary header key is used; hence, +VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool or HMAC-Streebog (see [8, 9, 20, 22]) – the user selects which. The length of the derived + key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-SHA-512 is used (in XTS mode, an additional 256-bit secondary header key is used; hence, two 256-bit keys are used for AES-256 in total). For more information, refer to [7]. A large number of iterations of the key derivation function have to be performed to derive a header key, which increases the time necessary to perform an exhaustive search for passwords (i.e., brute force attack) [7].</div> <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px"> -<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations depending on the volume type and the derivation algorithm used:</p> -<ul> -<li>For system partition encryption (boot encryption), <strong>200000</strong> iterations are used for the HMAC-SHA-256 derivation function and -<strong>327661</strong> iterations are used for HMAC-RIPEMD-160. </li><li>For standard containers and other partitions, <strong>655331</strong> iterations are used for HMAC-RIPEMD-160 and -<strong>500000</strong> iterations are used for HMAC-SHA-512, HMAC-SHA-256 and HMAC-Whirlpool. -</li></ul> -<p>Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> +<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations That depended only on the volume type and the derivation algorithm used. +Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> PIM </a>field (<a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">Personal Iterations Multiplier</a>) enables users to have more control over the number of iterations used by the key derivation function.</p> +<p> <p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> -PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed above.</p> +PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed below:<br/> +<ul> +<li>For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, <strong>200000</strong> iterations are used.</li> +<li>For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers, <strong>500000</strong> iterations are used. +</li></ul> +</p> <p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> PIM </a>value is given by the user, the number of iterations of the key derivation function is calculated as follows:</p> <ul> |