From a57a79c61da52b84236a4641ac23b2924fff88b6 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 21 Mar 2022 00:14:33 +0100 Subject: Update documentation to add Blake2s-256 and remove RIPEMD-160 --- doc/html/Header Key Derivation.html | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'doc/html/Header Key Derivation.html') diff --git a/doc/html/Header Key Derivation.html b/doc/html/Header Key Derivation.html index 860c85e0..d8896904 100644 --- a/doc/html/Header Key Derivation.html +++ b/doc/html/Header Key Derivation.html @@ -52,21 +52,22 @@ Modes of Operation). The method that VeraCrypt uses to generate the header k 512-bit salt is used, which means there are 2512 keys for each password. This significantly decreases vulnerability to 'off-line' dictionary/'rainbow table' attacks (pre-computing all the keys for a dictionary of passwords is very difficult when a salt is used) [7]. The salt consists of random values generated by the -VeraCrypt random number generator during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-RIPEMD-160, or HMAC-Whirlpool (see [8, 9, 20, 22]) – the user selects which. The length of the derived - key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-RIPEMD-160 is used (in XTS mode, an additional 256-bit secondary header key is used; hence, +VeraCrypt random number generator during the volume creation process. The header key derivation function is based on HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool or HMAC-Streebog (see [8, 9, 20, 22]) – the user selects which. The length of the derived + key does not depend on the size of the output of the underlying hash function. For example, a header key for the AES-256 cipher is always 256 bits long even if HMAC-SHA-512 is used (in XTS mode, an additional 256-bit secondary header key is used; hence, two 256-bit keys are used for AES-256 in total). For more information, refer to [7]. A large number of iterations of the key derivation function have to be performed to derive a header key, which increases the time necessary to perform an exhaustive search for passwords (i.e., brute force attack) [7].
-

Prior to version 1.12, VeraCrypt always used a fixed number of iterations depending on the volume type and the derivation algorithm used:

- -

Starting from version 1.12, the +

Prior to version 1.12, VeraCrypt always used a fixed number of iterations That depended only on the volume type and the derivation algorithm used. +Starting from version 1.12, the PIM field (Personal Iterations Multiplier) enables users to have more control over the number of iterations used by the key derivation function.

+

When a -PIM value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed above.

+PIM value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed below:
+ +

When a PIM value is given by the user, the number of iterations of the key derivation function is calculated as follows: