Dec 5, 2015 at 8:12 AM
Edited Dec 5, 2015 at 8:14 AM
Dear Veracrypt Admin and fellow users,
Thanks in advance for answering my questions.
I have been using Truecrypt for a long time and am now considering switching to Veracrypt. However, I am a little hesitated since I've read a few posts about the long wait for opening a container (e.g. a 20-sec wait for files with just a 10-digit password)
or even much longer for a partition. I've read the documentation already and this is mainly due to the new PIM feature in Veracrypt. The documenation says that if no PIM box is checked when creating a container or a partition but if the PIM entry space is
left empty or specified as "0", "for system partition encryption (boot encryption), a default 200000 iterations are used for the HMAC-SHA-256 derivation function and for standard containers and other partitions, 500000 iterations are used for
HMAC-SHA-512, HMAC-SHA-256 ".
My questions are:
1) The above are the default PIM iterations if the PIM box is checked but the input space is left empty or specified as "0". Is it possible to NOT check the PIM box at all when creating a container/partition? If this is possible, would the above default
no. of iterations still applied or actually none of those iterations above?
2) ==>>> If 1) above is possible (not checking the PIM box when creating a container/partition) and no default PIM iteration is applied, then, is a container or partition created this way using a 20-digit long password under Veracrypt as secure as
that created using Truecrypt (also with a 20-digit password)?
3) If the PIM box is checked and set to really low no. like 1 or 2, and a 20-digit password is used, how does the security of such encrypted container/partition compared to a 20-digit password container/partition created under Truecrypt? Is is more secure or
less secure? My concern here is that whehter the PIM is set too low here, even though the password is still 20 digits long.
4) When creating a hidden OS or decoy OS, I assume that the PIM feature does not apply. Is it true? Because when booting I don't think it's possible to input the PIM number. If PIM does not apply when creating a hidden/decoy OS, then I wonder why some users
complained about the longer wait time than TC during booting?
5) The PIM feature can be a concern here if one does not want to wait so long for the decryption, and so it's a decisive factor if a person wants to switch to VC or not. Other than this, is there anything extra I have to pay particular attention when using
Veracrypt that is very different from Truecrypt?
Looking forward to transiting from TC to VC and your help/assistance to the above questions is really appreciated.
1) You do not have to check the PIM box to use the program defaults.
2) As you have read from the documentation, VeraCrypt uses a higher hash iteration count than TrueCrypt as identified in the TrueCrypt audit reports. Therefore, VeraCrypt is more secure using the same 20 character password than TrueCrypt.
3) See the documentation and do the math for the system/non-system volume for the hash you are going to use on your volumes. Sorry if that blunt statement comes across wrong. That is not my intention. TrueCrypt uses 1000 or 2000 iterations for the hash iterations
depending on which hash is selected and volume type is system or non-system.
4) You can enter the PIM number in the bootloader screen.
5) There have been many changes to VeraCrypt. However the basic functionality is the same. You can install VeraCrypt with TrueCrypt installed on the same PC. I suggest you install VeraCrypt and create and play with some of the features using a test file container.
If you use Favorites and all your volumes use the same password, you may want to enable in Settings > Preferences the option "Temporary Cache password during Mount Favorite Volumes operations".
VeraCrypt made this an option due to user requests of having to wait too long to be prompted for the password dialog box between multiple volumes being mounted using Favorites that were not using the same password.
Dec 8, 2015 at 6:43 AM
Edited Dec 8, 2015 at 6:51 AM
Thanks for your reply. Appreciate it.
1) See the documentation and do the math for the system/non-system volume for the hash you are going to use on your volumes. Sorry if that blunt statement comes across wrong. That is not my intention. TrueCrypt uses 1000 or 2000 iterations for the
hash iterations depending on which hash is selected and volume type is system or non-system.
Don't worry it's not blunt at all. I would have done the calculations myself but I didn't know the default iterations of Truecrypt and so not sure how to do the comparisons objectively. Thanks for given the information above, and from this I make the following
i) For Truecrypt, the default no. of iterations are 1000 for system volume type and 2000 for non-system volume type.
ii) For Veracrypt, if no PIM box is checked (PIM entry space is left empty or specified as "0"), "for system partition encryption (boot encryption), a default 200000 iterations are used for the HMAC-SHA-256 derivation function and for standard
containers and other partitions, 500000 iterations are used for HMAC-SHA-512, HMAC-SHA-256 ".
iii) For Veracrypt, e.g. if a PIM value like 1 is specified, the number of for system encryption is PIM x 2048 = 1 x 2048 = 2048 iterations. For non-system encryption and file containers: Iterations = 15000 + (PIM x 1000) = 15000 + (1 x1000) = 16000 iterations
Comparing i) and iii) above, I think it's correct to assume that in Veracrypt, for a 20-digit password, a PIM of 1 is already more secure than a 20-digit password in Truecrypt for both system and non-system volumes as the no. of iterations between Veracrypt
and Truecrypt is 2048 vs 1000 for system, 16000 vs 2000 iterations for non-system and so it's still pretty safe to use only a PIM value of 1 for my system and non-system volume, while saving much loading time when compared to option ii) above.
I think this understanding is correct but if I still mistaken something, would you please point it out to me, thanks.
4) You can enter the PIM number in the bootloader screen.
With my current encrypted hidden OS (Truecrypt), when the OS is booted, a customised message is shown on screen and I will enter the password for the hidden OS there. From your quote above, it seems that if a PIM value is used when creating a hidden or decoy
OS, a bootloader screen must be shown on screen for me to enter the PIM value. If this is the case, does it mean that anyone booting into the system will know that there is encrypted OS on the harddrive because now it's not possible to just show a custom message
or blank screen just before the OS is booted? (since now a bootloader screen is there for you to enter the PIM value as well as the password for the hidden OS).
This is one consideration that I have to think about when creating a hidden/decoy OS using a PIM value or not.
Dec 8, 2015 at 10:41 AM
Edited Dec 8, 2015 at 10:43 AM
Well, a TC/VC bootloader does not mean that there is an encrypted file system.
It is however a strong indicator that there is an encrypted OS on the drive.
But I do not see how anyone could tell that there is a hidden OS just beacuse there is a password & PIM-message?
Lets us come clear about wording: A "hidden OS" from my understanding is an OS in a hidden TC/VC volume.
Maybe you mean by "hidden OS" that you have an encrypted and a non-encrypted OS, calling the encrypted OS your "hidden" OS?
About the security: It's hard to say whether VC is more secure - it depends on the vulnerability. If e.g. the AES-Key can be obtained by e.g. a side-channel-attack, the stronger protection of this key in the volume header does not help.
The complains about the boot time may also include the time of auto-mounting non-system volumes.