This project has moved and is read-only. For the latest updates, please go here.

PIM setting clarification

Topics: Technical Issues
Aug 23, 2015 at 9:10 PM
Edited Aug 23, 2015 at 9:46 PM
Hello idrassi
After reading the PIM and Header Key Derivation documentation, I just wanted to make sure I understood something regarding the strength of a custom vers default setting . I'm wondering if I'm doing the math right.

So if say you are using SHA-512 which has a default of 500,000 iterations for system encryption. If a user specifies a custom PIM setting, the default is calculated by the (PIM number X 2048). So a setting of 2 would be: 2 X 2048 = 4096 iterations?

So if VeraCrypt uses 500,000 iterations for SHA-512, Can I assume that the default setting of 500,000 would be equal to a custom user PIM setting of 122? Example: 500,000 / 4096 = a PIM setting of 122? (the default)

So if I wanted to add more security, any PIM setting over 122 for SHA-512 would be stronger than the default?
Aug 24, 2015 at 2:51 AM
Edited Aug 24, 2015 at 2:52 AM
Hello,

You have the wrong default iterations for system encryption.

https://veracrypt.codeplex.com/wikipage?title=Header%20Key%20Derivation
For system partition encryption (boot encryption), 200000 iterations are used for the HMAC-SHA-256 derivation function and 327661 iterations are used for HMAC-RIPEMD-160.

For standard containers and other partitions, 655331 iterations are used for HMAC-RIPEMD-160 and 500000 iterations are used for HMAC-SHA-512, HMAC-SHA-256 and HMAC-Whirlpool.
.
https://veracrypt.codeplex.com/wikipage?title=Personal%20Iterations%20Multiplier%20%28PIM%29
The PIM minimal value for short passwords is 98 for system encryption and 485 for non-system encryption and files containers. For password with 20 characters and more, the PIM minimal value is 1. In all cases, leaving the PIM empty or setting its value to 0 will make VeraCrypt use the default high number of iterations.
.
User minimum PIMs and iterations when the password is less than 20 characters are (not the program's default iterations which may not be the same as PIM iteration calculations) :
  • System encryption: 98 x 2048 = 200704
  • Non-system encryption: 15000 + (485 x 1000) = 500000
movingkey wrote:
So if I wanted to add more security, any PIM setting over 122 for SHA-512 would be stronger than the default?
.
Therefore any custom PIM to create an iteration count higher than the program default iterations are:
System Encryption:
  • HMAC-SHA-256 would be a PIM greater than 98.
  • HMAC-RIPEMD-160 would be a PIM greater than 160.
Non-system Encryption:
  • HMAC-SHA-512, HMAC-SHA-256 and HMAC-Whirlpool would be a PIM greater than 485.
  • HMAC-RIPEMD-160 would be a PIM greater than 640.
I hope this clarify the relationship between PIM and iterations for system and non-system encryption.

Kind Regards.
Aug 24, 2015 at 5:53 AM
Edited Aug 24, 2015 at 12:53 PM
Thank you for your response Enigma2Illusion!
Yes, you're explanation clarified a lot. I guess it was all in the documentation but I just wasn't getting it till I read your explanation and the docs a few times. On a side note:

Q: Why is the formula different between system and none system volumes? Isn't a system volume the same as a none system volume/container with regard to cluster size and file system? Or does it have more to do with the architecture of the cypher themselves.
Aug 24, 2015 at 2:53 PM
movingkey wrote:
Thank you for your response Enigma2Illusion!
Yes, you're explanation clarified a lot. I guess it was all in the documentation but I just wasn't getting it till I read your explanation and the docs a few times. On a side note:

Q: Why is the formula different between system and none system volumes? Isn't a system volume the same as a none system volume/container with regard to cluster size and file system? Or does it have more to do with the architecture of the cypher themselves.
.
Great question. I will have to defer to Mounir for an explanation.
Aug 24, 2015 at 4:51 PM
Edited Aug 24, 2015 at 4:52 PM
I think there are probably 2 main reasons for the different iteration count between system and non-system partition:
  1. When using system partition with bootloader, one can not specify in the VC GUI the default cashing algorithm (i think it can not be done, though have not tried it myself). In that way, it is assumed that if system partition is encrypted, the attacker has to cycle through all available hash functions.... Using non system partitions implies the possibility the default hashing algorithm to be specified in the GUI thereby decreasing the strength of the security, hence more iterations.
  2. In my opinion, non-system partitions contain more confidential data in general. I believe the majority of us create and use non system partitions and file containers to store their secret data there, while the system encryption is used only to avoid data leakage (swap file, hibernation, temp files, mem dums, etc.) to it. Now that i wrote that, i doubt that this qualifies as a reason to decrease the iteration count for system partitions, but still, this might be another reason... :)