diff options
Diffstat (limited to 'doc/html/Header Key Derivation.html')
-rw-r--r-- | doc/html/Header Key Derivation.html | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/doc/html/Header Key Derivation.html b/doc/html/Header Key Derivation.html index b9454cd0..f922d676 100644 --- a/doc/html/Header Key Derivation.html +++ b/doc/html/Header Key Derivation.html @@ -10,8 +10,8 @@ </head> <body> -<div> -<a href="https://www.veracrypt.fr/en/Home.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a> +<div> +<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a> </div> <div id="menu"> @@ -27,7 +27,7 @@ <div> <p> -<a href="Documentation.html">Documentation</a> +<a href="Documentation.html">Documentation</a> <img src="arrow_right.gif" alt=">>" style="margin-top: 5px"> <a href="Technical%20Details.html">Technical Details</a> <img src="arrow_right.gif" alt=">>" style="margin-top: 5px"> @@ -52,26 +52,29 @@ Modes of Operation</a>). The method that VeraCrypt uses to generate the header k 512-bit salt is used, which means there are 2<sup style="text-align:left; font-size:85%">512</sup> keys for each password. This significantly decreases vulnerability to 'off-line' dictionary/'rainbow table' attacks (pre-computing all the keys for a dictionary of passwords is very difficult when a salt is used) [7]. The salt consists of random values generated by the <a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none.html"> -VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, or HMAC-Whirlpool (see [8, 9, 20, 22]) – the user selects which. The length of the derived - key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-RIPEMD-160 is used (in XTS mode, an additional 256-bit secondary header key is used; hence, +VeraCrypt random number generator</a> during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool or HMAC-Streebog (see [8, 9, 20, 22]) – the user selects which. The length of the derived + key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-SHA-512 is used (in XTS mode, an additional 256-bit secondary header key is used; hence, two 256-bit keys are used for AES-256 in total). For more information, refer to [7]. A large number of iterations of the key derivation function have to be performed to derive a header key, which increases the time necessary to perform an exhaustive search for passwords (i.e., brute force attack) [7].</div> <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px"> -<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations depending on the volume type and the derivation algorithm used:</p> -<ul> -<li>For system partition encryption (boot encryption), <strong>200000</strong> iterations are used for the HMAC-SHA-256 derivation function and -<strong>327661</strong> iterations are used for HMAC-RIPEMD-160. </li><li>For standard containers and other partitions, <strong>655331</strong> iterations are used for HMAC-RIPEMD-160 and -<strong>500000</strong> iterations are used for HMAC-SHA-512, HMAC-SHA-256 and HMAC-Whirlpool. -</li></ul> -<p>Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> +<p>Prior to version 1.12, VeraCrypt always used a fixed number of iterations That depended only on the volume type and the derivation algorithm used. +Starting from version 1.12, the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> PIM </a>field (<a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">Personal Iterations Multiplier</a>) enables users to have more control over the number of iterations used by the key derivation function.</p> +<p> <p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> -PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed above.</p> +PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed below:<br/> +<ul> +<li>For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, <strong>200000</strong> iterations are used.</li> +<li>For system encryption that uses SHA-512 or Whirlpool, <strong>500000</strong> iterations are used.</li> +<li>For non-system encryption and file containers, all derivation algorithms will use <strong>500000</strong> iterations. +</li></ul> +</p> <p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html"> PIM </a>value is given by the user, the number of iterations of the key derivation function is calculated as follows:</p> <ul> <li>For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = <strong>PIM x 2048</strong> -</li><li>For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers: Iterations = <strong>15000 + (PIM x 1000)</strong> +</li><li>For system encryption that uses SHA-512 or Whirlpool: Iterations = <strong>15000 + (PIM x 1000)</strong> +</li><li>For non-system encryption and file containers: Iterations = <strong>15000 + (PIM x 1000)</strong> </li></ul> </div> <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px"> @@ -83,4 +86,4 @@ Header keys used by ciphers in a cascade are mutually independent, even though t method to determine the password from which the key was derived (except for brute force attack mounted on a weak password).</div> <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px"> <a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold.html">Next Section >></a></div> -</div><div class="ClearBoth"></div></body></html>
\ No newline at end of file +</div><div class="ClearBoth"></div></body></html> |