This project has moved. For the latest updates, please go here.

Lighter encryption / Faster Mount

Topics: Feature Requests
Mar 7, 2015 at 11:25 AM
Mounting encrypted file containers takes some time (maybe 1min) on my PC, and I was wondering if you could add an option to use a faster (possibly less secure) algorithm so that mounting would have better performance.

On my case, I don't really need the encrypted files to be NSA safe, just something that a regular person without advanced hacking knowledge couldn't get into; and that it would be practical enough that I can mount/unmount whenever I need to access the files.
I used to use Securstar's DriveCrypt which was pretty fast, although not free.

Another nice option on Hidden volumes, would be an option to have automatically protected Hidden volumes (or just support multiple (protected) volumes in the same container, selected based on the password) - I would guess this would imply that in this case it would be possible for an expert hacker to identify that the container contains multiple volumes, but I think for many people this feature might be worth the risk (otherwise they can use the current Hidden volume functionality and take care to select the protection option when mounting the container).
Mar 7, 2015 at 1:07 PM
Regarding the mount times, Mounir, the developer of VeraCrypt has stated that he will not compromise the security of VeraCrypt for faster mount times.

Instead, Mounir is planning to modify VeraCrypt to allow the user to select a lower iteration count for the hash when the password is 20 or more characters.

You can read Mounir's detailed explanation at this link:

http://tinyurl.com/kssfpvj


Your second suggestion to automatically protect the hidden volumes is not possible. See the documentation on Hidden Volume to understand how VeraCrypt uses the passwords to mount the outer and hidden volumes.


Mounir will need reply to the feasibility of your third request for multiple volumes in the same container.
Coordinator
Mar 8, 2015 at 9:10 PM
Concerning your mounting time (1 minute), it is more than what is observed by other users (1 minute for booting is normal but not for mounting normal volumes).

Did you select the correct PRF in the password dialog? What's your CPU.

I agree with Enigma2Illusion answers.

Concerning the idea of having multiple volumes (3 and more) on the same container, this would requires having some unencrypted information on the header in order to tell the software what it should look for and where. As you said, this may be acceptable by some users but it goes against the spirit of VeraCrypt design where an encrypted volume should not be distinguishable from random data. That's why there is no plan to go beyond two volumes (normal and hidden).
Mar 8, 2015 at 11:45 PM
Thanks for the answers.

My CPU is an I5 750 @ 2.67GHz with 4 cores, no hardware AES.
I tested mounting now and measured the time, and it takes 15s to mount a 4.7Gb volume in my PC (PRF on AutoDetection). If I put a wrong password, then it takes 30s to tell me that - not quite 1min, but it feels like it if you're just waiting for something to happen.
If I select the specific PRF option then it takes around 6s, so I'm a bit happier with it now :)
Still, DriveCrypt mounts a similar sized volume in less than a second - most likely using a less secure algorithm, but secure enough for me, hence my request.

I didn't mean to ask to reduce VeraCrypt default encryption, but merely to have an additional option to use a lighter algorithm, and the user should be warned that it's not as secure if he selects that option. That way the user could select the level of encryption that's more adequate to his security needs.
Mar 11, 2015 at 8:44 AM
I think I've read this before, but is it possible to set the default hashing algorithm? I use SHA-512 and want to set that as default for VeraCrypt to only try that algorithm. This is much faster to mount and only requires 1 thread (so the system remains responsive).
Having to everytime change the combo box is really annoying.
Mar 11, 2015 at 10:35 AM
Apologies if this has been proposed before......

One way forward is to have a configuration setting that sets a sequence for trying the hashing algorithms (including an option to try in random order).

That would leak some information about my set up -- the first in the try list is likely to be the algorithm that I have selected for use.

But it would allow those who prioritise speed over security to make their own choice in the matter.
Coordinator
Mar 11, 2015 at 11:41 AM
@SHBouwhuis: setting a default hash algorithm and the default TrueCrypt Mode has been implement and it is present on the 1.0f-2-Beta version available in the Nightly Builds folder in Sourceforge: https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds/. The associated entry in the issue tracker is here: https://veracrypt.codeplex.com/workitem/61

DefaultMenu DefaultDialog


@Mgks: On Windows, trying hash algorithms is already parallelized on all the Cores of the CPU and thanks to this the time taken by the mount operation is equal to the time of the slowest hash algorithm (which is RIPEMD-160). So Time(trying all hashes) = Time (RIPEMD-160).
On Linux and MacOSX, the parallelization algorithm is not implemented and instead to test all hashes sequentially. In this case, your proposal makes sens and it can be seen as a parameter to the auto-detection mode. That being said, for most users the default hash selection is enough and so for now I don't this will be implemented.
Mar 11, 2015 at 11:54 AM
Aha, perfect! Wonderful option. Now mounting will be much faster and only take 1 core (keeping the system responsive).

Thank you very much.