From a077eb94ef66dfdec545d176a34dc1e0e47e5da2 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI
Date: Sun, 27 Mar 2022 16:33:40 +0200
Subject: Documentation: clearer description of how number of iterations are
calculated
---
doc/html/Header Key Derivation.html | 6 ++++--
doc/html/Personal Iterations Multiplier (PIM).html | 4 +++-
2 files changed, 7 insertions(+), 3 deletions(-)
(limited to 'doc/html')
diff --git a/doc/html/Header Key Derivation.html b/doc/html/Header Key Derivation.html
index d8896904..f922d676 100644
--- a/doc/html/Header Key Derivation.html
+++ b/doc/html/Header Key Derivation.html
@@ -65,14 +65,16 @@ PIM field (Per
PIM value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed below:
- For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, 200000 iterations are used.
-- For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers, 500000 iterations are used.
+
- For system encryption that uses SHA-512 or Whirlpool, 500000 iterations are used.
+- For non-system encryption and file containers, all derivation algorithms will use 500000 iterations.
When a
PIM value is given by the user, the number of iterations of the key derivation function is calculated as follows:
- For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = PIM x 2048
-
- For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers: Iterations = 15000 + (PIM x 1000)
+
- For system encryption that uses SHA-512 or Whirlpool: Iterations = 15000 + (PIM x 1000)
+
- For non-system encryption and file containers: Iterations = 15000 + (PIM x 1000)
diff --git a/doc/html/Personal Iterations Multiplier (PIM).html b/doc/html/Personal Iterations Multiplier (PIM).html
index 5271ced2..02921072 100644
--- a/doc/html/Personal Iterations Multiplier (PIM).html
+++ b/doc/html/Personal Iterations Multiplier (PIM).html
@@ -44,7 +44,9 @@
Header Key Derivation).
When a PIM value is specified, the number of iterations is calculated as follows:
-- For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = PIM x 2048
- For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers: Iterations = 15000 + (PIM x 1000)
+
- For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = PIM x 2048
+
- For system encryption that uses SHA-512 or Whirlpool: Iterations = 15000 + (PIM x 1000)
+
- For non-system encryption and file containers: Iterations = 15000 + (PIM x 1000)
Prior to version 1.12, the security of a VeraCrypt volume was only based on the password strength because VeraCrypt was using a fixed number of iterations.
With the introduction of PIM, VeraCrypt has a 2-dimensional security space for volumes based on the couple (Password, PIM). This provides more flexibility for adjusting the desired security level while also controlling the performance of the mount/boot operation.
--
cgit v1.2.3