This project has moved. For the latest updates, please go here.

Encrypting Entire Drive / Hashing Algorithms

Topics: Users Discussion
Sep 4, 2015 at 2:06 AM
Edited Sep 4, 2015 at 2:07 AM
When choosing to encrypt the entire drive there are only two hashing algorithms available, SHA-256 and RIPEMD-160.

Why isn't SHA-512 and Whirlpool available? I would like to use one of these as they're more secure.

Note: I'm using VeraCrypt 1.13.
Sep 4, 2015 at 6:08 AM
Edited Sep 4, 2015 at 6:10 AM
Mounir will need to answer why the Whirlpool hash is not available in the system encryption.

You can read the Mounir's explanation in this thread regarding SHA-512 currently not being included in system encryption.
http://sourceforge.net/p/veracrypt/discussion/features/thread/5bd9aa86/#22b4
Sep 4, 2015 at 4:45 PM
Edited Sep 4, 2015 at 4:56 PM
Thanks for the reply, I see that Mounir's explanation is that it was not possible to implement SHA-512 for boot encryption because of the 16-bit constraints of the bootloader.

What I don't understand though is why both SHA-512 and Whirpool are available in TrueCrypt for system / full drive encryption but not in VeraCrypt. VeraCrypt is based on TrueCrypt so if these hashing algorithms were available in TrueCrypt then why not in VeraCrypt? I want to trust VeraCrypt, but I can't help having the feeling that this decision to remove the stronger hashing algorithms is a deliberate attempt to weaken the security for authorities.

Can anyone explain this?
Sep 4, 2015 at 5:10 PM
Edited Sep 4, 2015 at 5:44 PM
Only the RIPEMD-160 hash is available in TrueCrypt for system encryption. You will see the options to select RIPEMD-160, SHA-512 or Whirlpool, however you will get an error message if you attempt to select SHA-512 or Whirlpool as the hash algorithm for system encryption.

This leads to confusion for system encryption. The program should only list available hash algorithms for system encryption.

VeraCrypt only shows the available hash algorithms for system encryption instead of all hash algorithms in TrueCrypt.

EDIT
You should trust VeraCrypt more than TrueCrypt. Unlike the TrueCrypt developers who remain anonymous, Mounir has put his professional security reputation on the line and has outed himself to the public.

I would appreciate if you would refrain from insinuations that Mounir is deliberately weakening VeraCrypt based on your lack of knowledge of how the TrueCrypt and VeraCrypt programs work. Please choose your words more carefully.
Sep 4, 2015 at 5:36 PM
Ahh, Enigma2Illusion is correct. I tried selecting SHA-512 and Whirlpool in TrueCrypt and received an error that it was not supported. I had never bothered actually checking if they work before.

Thank you Enigma2Illusion for clearing this up.