VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/doc/html/Encryption Scheme.html
diff options
context:
space:
mode:
Diffstat (limited to 'doc/html/Encryption Scheme.html')
-rw-r--r--doc/html/Encryption Scheme.html4
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/html/Encryption Scheme.html b/doc/html/Encryption Scheme.html
index 67d669a2..88c586a2 100644
--- a/doc/html/Encryption Scheme.html
+++ b/doc/html/Encryption Scheme.html
@@ -54,7 +54,7 @@ Hidden Operating System</a>). If there is a hidden volume within this volume (or
<li>PRF used by the header key derivation function (as specified in PKCS #5 v2.0; see the section
<a href="Header%20Key%20Derivation.html">
<em>Header Key Derivation, Salt, and Iteration Count</em></a>), which can be one of the following:
-<p>HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, HMAC-Whirlpool. If a PRF is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
+<p>HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool. If a PRF is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
<p>A password entered by the user (to which one or more keyfiles may have been applied &ndash; see the section
<a href="Keyfiles%20in%20VeraCrypt.html">
<em>Keyfiles</em></a>), a PIM value (if specified) and the salt read in (1) are passed to the header key derivation function, which produces a sequence of values (see the section
@@ -81,7 +81,7 @@ Hidden Operating System</a>). If there is a hidden volume within this volume (or
<p>* If the size of the active partition is less than 256 MB, then the data is read from the
<em>second</em> partition behind the active one (Windows 7 and later, by default, do not boot from the partition on which they are installed).</p>
<p>&dagger; These parameters are kept secret <em>not</em> in order to increase the complexity of an attack, but primarily to make VeraCrypt volumes unidentifiable (indistinguishable from random data), which would be difficult to achieve if these parameters
- were stored unencrypted within the volume header. Also note that if a non-cascaded encryption algorithm is used for system encryption, the algorithm
+ were stored unencrypted within the volume header. Also note that in the case of legacy MBR boot mode, if a non-cascaded encryption algorithm is used for system encryption, the algorithm
<em>is</em> known (it can be determined by analyzing the contents of the unencrypted VeraCrypt Boot Loader stored in the first logical drive track or on the VeraCrypt Rescue Disk).</p>
<p>** The master keys were generated during the volume creation and cannot be changed later. Volume password change is accomplished by re-encrypting the volume header using a new header key (derived from a new password).</p>
<p>&nbsp;</p>