This project has moved. For the latest updates, please go here.

Default Selection / Command Line Support for Selecting PKCS-5 PRF

Topics: Feature Requests, Users Discussion
Jan 1, 2015 at 8:18 PM
Hi there, I don't believe there is currently a way to select a default PKCS-5 PRF or set it when mounting using the command line.
Coordinator
Jan 1, 2015 at 8:31 PM
Hi,

Under Windows, there is a new switch ("/hash") in the 1.0f version of VeraCrypt that enables the selection of a specific PRF. The syntax is "/hash prfName" where prfName is either sha256, sha512, whirlpool or ripemd160.

I'll have to update the documentation to include this new switch. Thank you for pointing this.
Marked as answer by Undesirable on 1/1/2015 at 2:54 PM
Jan 1, 2015 at 8:43 PM
When I enter that switch into the command line and the password prompt appears, my chosen prfname is not selected in the drop down menu. Is this normal behaviour?
Coordinator
Jan 1, 2015 at 9:49 PM
Currently, this switch only applied to the case where a volume is mounted through the command line with a password specified using /password. It doesn't affect the GUI selection of the PRF. The same applies to the /truecrypt switch.

Of course, it is possible to make this selection apply to the GUI also. It was just not implemented that way.
I'll implement this feature and also add the possibility to set the default PRF in the Preferences dialog while making the priority of the command line higher than what is set in VeraCrypt preferences.

Thank you for proposing this.
Marked as answer by Undesirable on 1/1/2015 at 2:52 PM
Jan 1, 2015 at 9:53 PM
That's great, thanks.
Jan 1, 2015 at 10:07 PM
Edited Jan 1, 2015 at 10:09 PM
There's something I've also noticed about PKCS-5 PRF selection. If the password is cached in memory and you re-mount a container, then of course you are not offered the hash algorithm selection dialog because the password is cached, however it appears to take longer to re-mount as if autodetect is selected.
Coordinator
Jan 2, 2015 at 9:33 AM
Yes, this is normal because we only cache the password but not the the PRF that was used with it. That's because there are cases where a user will use the same password for volumes that were created using different PRFs.

We can be tempted to add also an option for this. I'll have to weight between usability and complexity of use.