This project has moved. For the latest updates, please go here.

Randomise Default Hashing

Topics: Feature Requests
Nov 25, 2014 at 2:34 PM
I think it might be a good idea for VeraCrypt to randomise the default hash selection every time a user creates a new WDE or file volume.

Most people not familiar with encryption will probably use default settings. This information is very useful to an attacker, as they can safely assume most WDE or volumes will be the default hash type.

By randomising the hash type we remove any assumptions the attacker may have. Removing probability that the hash type is a known default leaves the attacker with the nightmare of not knowing which hash type to attack first.

I believe adding this feature will increase VeraCrypt's security tremendously. It will take us one step closer to an attacker seeing a VeraCrypt WDE or volume and thinking "Forget it, I'm not even going to try" :)

I would still allow manual settings of the hash type for experienced users. I would also NOT randomise the encryption algorithm but still allow manual selection.

If you like this suggestion and think it is worth adding can you please update the progress thread here...

Thank you.
Nov 29, 2014 at 7:28 PM
I'm a little skeptical about this. The supported hash algorithms don't have the same strength : SHA512 and Whirlpool are 512-bit, SHA-256 is 256bit and RIPEMD160 is 160-bit. It makes non sens to randomize algorithms that don't offer the same security level.
The only left option is to randomize the choice between SHA512 and Whirlpool but I'm reserved about it because the user must know which algorithm was chosen either by selecting it explicitly and by leaving VeraCrypt pickup the default which is the same (SHA512 in the next version).
Nov 29, 2014 at 8:58 PM
Thank you for sharing your thoughts, I may not have explained myself very well in my original post.

My aim was not to "force" the user to have a random hash imposed on them. There would still be the option for the user to set a hash type manually.

The idea was to make the attacker have to try all hash types as there was no obvious default for VeraCrypt. Even though RIPEMD160 is weaker it still means an attacker has to spend time and energy testing it.

As RIPEMD160 is the odd one out in the hash options how about removing it altogether from VeraCrypt ?

I was going to suggest scrypt .... it requires RAM so defeating CPU and GPU attacks. However I just read this...

.... which is an interesting read and made me think again.

However scrypt is better than RIPEMD160.

Thank you for updating the progress thread :)