VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc/html/Header Key Derivation.html
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2022-03-21 00:14:33 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2022-03-21 01:18:48 +0100
commita57a79c61da52b84236a4641ac23b2924fff88b6 (patch)
treed8bdd1252f784c59f011994c9146dfaa413104a2 /doc/html/Header Key Derivation.html
parent4a1be156f78f7c8bdfe3908a8b21a00fbe53f4f2 (diff)
downloadVeraCrypt-a57a79c61da52b84236a4641ac23b2924fff88b6.tar.gz
VeraCrypt-a57a79c61da52b84236a4641ac23b2924fff88b6.zip
Update documentation to add Blake2s-256 and remove RIPEMD-160
Diffstat (limited to 'doc/html/Header Key Derivation.html')
-rw-r--r--doc/html/Header Key Derivation.html21
1 files changed, 11 insertions, 10 deletions
diff --git a/doc/html/Header Key Derivation.html b/doc/html/Header Key Derivation.html
index 860c85e0..d8896904 100644
--- a/doc/html/Header Key Derivation.html
+++ b/doc/html/Header Key Derivation.html
@@ -52,21 +52,22 @@ Modes of Operation</a>). The method that VeraCrypt uses to generate the header k
512-bit salt is used, which means there are 2<sup style="text-align:left; font-size:85%">512</sup> keys for each password. This significantly decreases vulnerability to 'off-line' dictionary/'rainbow table' attacks (pre-computing all the keys for a dictionary
of passwords is very difficult when a salt is used) [7]. The salt consists of random values generated by the
<a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none.html">
-VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, or HMAC-Whirlpool (see [8, 9, 20, 22]) &ndash; the user selects which. The length of the derived
- key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-RIPEMD-160 is used (in XTS mode, an additional 256-bit secondary header key is used; hence,
+VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool or HMAC-Streebog (see [8, 9, 20, 22]) &ndash; the user selects which. The length of the derived
+ key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-SHA-512 is used (in XTS mode, an additional 256-bit secondary header key is used; hence,
two 256-bit keys are used for AES-256 in total). For more information, refer to [7]. A large number of iterations of the key derivation function have to be performed to derive a header key, which increases the time necessary to perform an exhaustive search
for passwords (i.e., brute force attack)&nbsp;[7].</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations depending on the volume type and the derivation algorithm used:</p>
-<ul>
-<li>For system partition encryption (boot encryption), <strong>200000</strong> iterations are used for the HMAC-SHA-256 derivation function and
-<strong>327661</strong> iterations are used for HMAC-RIPEMD-160. </li><li>For standard containers and other partitions, <strong>655331</strong> iterations are used for HMAC-RIPEMD-160 and
-<strong>500000</strong> iterations are used for HMAC-SHA-512,&nbsp;HMAC-SHA-256 and HMAC-Whirlpool.
-</li></ul>
-<p>Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
+<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations That depended only on the volume type and the derivation algorithm used.
+Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
PIM </a>field (<a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">Personal Iterations Multiplier</a>) enables users to have more control over the number of iterations used by the key derivation function.</p>
+<p>
<p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
-PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed above.</p>
+PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed below:<br/>
+<ul>
+<li>For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, <strong>200000</strong> iterations are used.</li>
+<li>For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers, <strong>500000</strong> iterations are used.
+</li></ul>
+</p>
<p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
PIM </a>value is given by the user, the number of iterations of the key derivation function is calculated as follows:</p>
<ul>