PIM?

Topics: Technical Issues
Dec 24, 2015 at 2:02 PM
Hi,

I just recently switched from Truecrypt to Veracrypt, but after re-encrypting my system drive (Windows 10), I am now getting a "PIM" field in addition to the already fairly complex password I am entering.

I tried to read up on this, but couldn't find enough information to fully make sense of it. I read somewhere that not entering a value would disable PIM, but that doesn't seem to be the case: I am still forced to hit "return" on a feature I do not want and need.

Don't get me wrong - this is probably very cool for people who have a need for it, it is just that I am not one of those people. So: How do I turn it off completely?

I know I can change PIM settings via the "change password" menu ( https://veracrypt.codeplex.com/wikipage?title=Personal%20Iterations%20Multiplier%20%28PIM%29 ), but it appears like this will reencrypt the entire hard drive (taking 12-24 hours) and I'm afraid I don't really understand my best options and would rather not want to do this several times based on trial & error.

Secondly, after hitting return on the PIM field, it takes about a minute before even starting to boot up. I am hoping that, by disabling PIM, I will get the same quick, responsive, and safe-enough encrypted system drive I used to have for many years using Truecrypt.

Thanks a bunch, and keep up the good work!
Dec 24, 2015 at 7:33 PM
Hello,

You are confusing PIM with the program default iterations performed on the hash algorithm when you boot-up for system encryption and mounting a non-system volumes.

Entering no value or 0 (the number zero) for PIM uses the program defaults which is in the documentation which you reference in your post above.

Changing the PIM does not require re-encrypting your system drive nor non-system volumes. It merely changes the header. For system encryption, anytime you change the password and/or PIM, you need to create a new Rescue Disk. For non-system encrypted volumes, you need to recreate the external header key backups.

To lower the PIM from the program defaults, you have to use a password that is 20 or more characters. Using a PIM value of 1 will closely match the very low hash iteration performed in TrueCrypt based on the audit that was performed.

Adjust the PIM to your security needs and delay in boot times that you are willing to tolerate.

Kind Regards.
Dec 24, 2015 at 8:11 PM
Hi and thanks for the reply,

So if I understand correctly, there is no way to actually turn PIM off - my best bet is to set it to 1? But then I have to enter that value additionally every time I boot up my system?

Things that add to my confusion:
  • I never actively chose to use PIM for my encryption
  • The "change password" screen has a "use PIM" box both for the current and for the new password. If I leave it unchecked and just re-enter the current password, I will still be asked for a PIM upon bootup. What is the purpose of NOT choosing to use PIM, when I'm forced to use it anyway?
  • Afterwards I am told that my old rescue disk will actually continue to work just fine, but that I should destroy it anyway and create a new one. Since the disk is a physical object (like a key) there is really no imaginable reason why someone who has a key that will work, should destroy it and replace it with a key that will also work. What am I missing?
Thanks again!
Dec 25, 2015 at 3:19 AM
Hello,

Sorry, my mistake. The program defaults are explained in the following link which includes the program default iterations for the hash which is not always the same values as the PIM calculations.

https://veracrypt.codeplex.com/wikipage?title=Header%20Key%20Derivation

Regarding the Rescue Disk, you are correct that the old Rescue Disk will work using the old password and/or PIM combination. I would recommend destroying the old Rescue Disk and create a new Rescue Disk.

Perhaps this thread will help you with your questions.

https://veracrypt.codeplex.com/discussions/644084

Kind Regards.
Dec 25, 2015 at 4:23 AM
Please take a few minutes and read the links and review the discussions. Questions about PIM have been answered various times throughout this site.
Dec 25, 2015 at 11:10 AM
All I want to know, really, is if I can turn this "feature" off. If I can't, I will, after using Truecrypt for almost a decade, regretfully move on to Bitlocker.

As for recommending or even forcing users to destroy disks and create new ones, please take a moment to realize that you have the power to create a LOT of trash out there, much more than you could ever create on your own. (How many people were using Truecrypt when development was halted - 30-40 million? So that's 30-40 million CDs/DVDs or 500 tons of trash, for every single time you ask users to "create a new disk"). For the sake of your own children, please use that power wisely. Posting explicit and reliable information under which circumstances the old Rescue Disk can still be used would be a step in the right direction. Another step in the right direction would be to allow users to reuse the previous Rescue Disk/Hash/Password when they need to recrypt their drives, rather than forcing them to create new stuff each and every time, even though using the existing material would be equally safe. Thank you.
Dec 25, 2015 at 11:59 PM
Edited Dec 26, 2015 at 12:03 AM
The short answer is no. You are either using the program defaults for hash iteration or PIM to increase/decrease hash iteration. On the bootloader screen, you must press enter on the blank PIM field when using program defaults to precede to boot or enter your custom value for PIM followed by pressing the enter key.

If you use RW-CD/DVD, you can re-record the Rescue Disk which will lower cost of ownership and save the Earth's resources.
Dec 26, 2015 at 12:18 AM
Thanks for the short answer.

As for the Earth's resources, I'm afraid that is beyond my powers, as I can only decide over one disk more or less. The power over the other 29,999,999 discs is in your hands. And as a footnote, "use RW" may not really be such good advice, as the data degrades much faster. May the force be with you.
Dec 27, 2015 at 9:04 AM
Dear Pimmel, I like your attitude to resources, but you are very wrong. If you happen to have data that could sentence you for 25 to life or even death in some countries, you will not worry about one medium, because physical destruction is a way to be sure. Ask your doctor if he will reuse the needle and gloves from his previous patitent. He would not do that, but would YOU really risk your health? Ask you military and government what they do with sensitive data every day.

People who are responsible to resources do not use one use disposables where they can. The others do not care anyway. How many percent of TC users are backing up their headers? One from hundert? My best bet... Many people do not have DVDs in their system at all. I use TC from version 2 and never needed header backups, because I prefer backing up the valuable data.

Every one of us can save the earth by himself if he really wants, but we have to do it by ourselves. Try to be good example for other people, but do not blame anyone for destroying the evidence.
Dec 27, 2015 at 1:52 PM
Sorry to say, but your statement just doesn't make sense whatsoever. I was criticizing the fact that Veracrypt tells you your previous key will work just fine, but that you should destroy it anyway and create a new one. 25 to life or even death in some countries? Please. That applies to my statement in which way?

Also, the example with the doctor is just ridiculous. If your front door had a problem with the hinges that you needed to adjust, would you replace the lock and key after you're done, just to be "safe"?! That's a much better analogy, really.

What pisses me off about free software these days is that people seem so obsessed to force their approach - exactly their approach, and no other - on to the world. Reason is tossed out of the window early on: Things are immunized against any kind of external logic right from the start, and after that, all that remains is one single correct approach, not because of feasibility, but simply because it's right by definition. Last time I checked, however, freedom was about choice. Even Microsoft and Apple seem to be more flexible these days.

The religious dogmatism by which PIM is enforced almost makes you wonder if it really serves security or actually some other purpose. Because like somebody pointed out in another thread, adding a couple of extra characters to the password would get you just the same level of extra safety, and the fact that password complexity isn't even considered when forcing different levels of PIM onto the user (JohnathanSwift123456 vs. j&Kdf,Zi§"!lpweq#X) honestly just leaves you scratching your head.

"Every one of us can save the earth by himself if he really wants, but we have to do it by ourselves."

Um, no. You're making this too easy for yourself. If you make a mass product, you have a responsibility. But even better, you have power. By typing a line more or less, you can either prevent hundreds of tons of trash from being created, or create an extra hundreds of tons of trash. And I am not talking about legal responsiblity - I am talking about what you CAN do. This is factual - a consequence of your actions that can be easily measured.

And hey, we're talking about a program that will FORCE you to burn a new CD/DVD every time you reencrypt your drive, even though the data already on the disc in your shelf/vault/whatsoever isn't any less safe (and if it is, you really have other things to worry about). What every one can do clearly isn't the issue here, as long as users are denied the possibility to make an informed decision in the first place.
Dec 27, 2015 at 6:37 PM
You unfortunately cannot disable PIM, you must use it with VC. I suggest you just use a value of "1" like the rest of us. PIM was designed for people who use short passwords (like 8 chars long), as it has no security effect on people who use longer passwords such as yourself.
Dec 27, 2015 at 7:10 PM
To those who do not understand the PIM function or require the sort of security VeraCrypt offers, I suggest you spend a little time looking for other products.

Actually, for your security requirements, TrueCrypt is more than sufficient.

VeraCrypt is "security for the paranoid" you do not posses the required paranoia, knowledge or threat model to justify using VeraCrypt.

Constant nagging to cripple VeraCrypt is akin to buying a Ferrari to use in 20 zones, for shopping trips etc. Then only to complain there is not enough boot space and the fuel economy is not what you hoped for.

Guys, you are using the wrong product !
Dec 27, 2015 at 9:26 PM
This is a false dichotomy. VeraCrypt can easily, very easily, with a 60 second adjustment to the source code, alter PIM to be optional. On top of that, key stretching is voodoo cryptography, it is not real and provides no tangible benefit compared to the very real and provable security of simply appending a few additional characters to your password. Every 18 months computational power doubles. So every 18 months, someone needs to double their iteration count to match the same security they previously enjoyed. After 30 years, the iteration count only provides 5% of the original security. Here is some very real math: A password of length 20 and an iteration count of 250,000 provides significantly less security than a 23 length password and just a single iteration. Key stretching is voodoo security. It's not real. Why is it used in cryptography? Because we can. At small iteration counts, such as TC's 1,000, the common CPU can easily computer this is negligible time. So there is no real reason not to use it at appropriate iteration counts. It's like having a lock on your house that is better than a traditional lock and it costs the same and takes the same time to lock & unlock. There's no reason NOT to use this new lock, even if you do not need the extra security for your house.
  • With an iteration count of 5,000 you can remove 2 characters off of your password and enjoy roughly the same security.
  • With an iteration count of 375,000 you can remove 3 characters off of your password and enjoy roughly the same security.
  • With an iteration count of 27,000,000 you can remove 4 characters off of your password and enjoy roughly the same security.
See how quickly iteration count becomes useless? Never rely on it for your security.
Dec 27, 2015 at 11:51 PM
brett_

It is clear by your post, you have no comprehension of the importance of optional iteration lengths. Something you must repeat to yourself many times is "iterations = work + determination + time + electricity + money".

There are more important risk factors to take into account. VeraCrypt is designed for those who are wiling to make an effort to protect their data. It is well known the general public, or others new to cryptography, choose bad passwords.

Those length 20 characters you speak of are not likely to be truly random, they are likely to be passwords already on adversaries lists. Combined with mutilation rules, those 20 character passwords you speak of are easily broken with low iteration counts. Mounir is trying to protect both you and Pimmel from yourselves, by enforcing the bare minimum standards of password length and iteration count. A little knowledge is dangerous in cryptography, you and Pimmel do not know better than Mounir or most people on this forum. I would sit back and learn a little more before making your pronouncements.

VeraCrypt pro users need people like yourself and Pimmel to provide the low hanging fruit for our adversaries. However once you take more time up on the forum than you are worth as adversary distraction, then you become more of a hindrance than a help to the project. It is not right your comments could mislead and confuse others who are making a genuine effort to protect themselves.

In order to help you stop wasting our time and to guide you towards software more suitable for your needs, I will say again. You are using the wrong product, choose something less secure.

VeraCrypt is for pro-paranoid users with real, well funded adversaries and those users who choose security over all else. Users who are willing to take the time to learn and also wait to mount disks and volumes will benefit from VeraCrypt's features.
Dec 28, 2015 at 12:44 AM
Edited Dec 28, 2015 at 12:47 AM
Your post is laughably incorrect and filled with numerous assumptions about me and cryptography in itself. If VC is so concerned with protecting users from themselves then it shouldn't allow anyone to suggest a password rather it should just force it's users to use a randomly generated length 60 password. But it doesnt... thus proving your entire wall-of-text wrong. Good game, friend.

PS: Can you mathematically prove my post wrong? If not, shut the fuck up.
Dec 28, 2015 at 12:44 AM
Cipher1--I agree with you 100%. It's too bad that complainers who truly don't understand the purpose Veracrypt take up so much space.
Dec 28, 2015 at 4:31 AM
Edited Dec 28, 2015 at 4:38 AM
Cipher1, EstebanLopez - PLUS 1!
(it doesn't let me to post plus 1 with signs)

Thank you, cipher1 (and to Enigma2Illusion before you) for your time and patience explaining all those factors about PIM (and not only PIM).
Unfortunately, there are indeed too much people who do nоt care and/or do not want any serious security, complaining about many features. Convenience over security? It was discussed 1000 times. You won't get it here! There are dozens of products out there. Go, seek and use them. But please, please, leave alone Mounir and the serious backbone of this community with your periodic whining.

*As for Enigma2Illusion - I take this opportunity to tell you, my friend, that you deserve a statue for your patience and persistence. You are there in every conversation and in every place to defend Mounir and VeraCrypt and to explain all the niceties of the software.
Thank you very much from all the rest of the community.

With respect, algreider8.
Dec 28, 2015 at 1:40 PM
**brett_ wrote:**
Your post is laughably incorrect and filled with numerous assumptions about me and cryptography in itself. If VC is so concerned with protecting users from themselves then it shouldn't allow anyone to suggest a password rather it should just force it's users to use a randomly generated length 60 password. But it doesnt... thus proving your entire wall-of-text wrong. Good game, friend.

PS: Can you mathematically prove my post wrong? If not, shut the fuck up.
brett_

Considering your last post, I believe I have clearly exposed your lack of understanding and self control. When you resort to the low quality language you have stooped to, total misunderstanding of security, maths and cryptography in general, my case is proven. VeraCrypt is the wrong product for you !

EstebanLopez and algreider8, thank you for your support. I don't normally post here but I couldn't sit back and allow these chuckle-heads to continue to rehearse their tautology.

As I say, we need people like brett_ and Pimmel to fool our common adversaries into believing there is a chance some VeraCrypt users are likely to employ crippled settings. This forces attackers to start iterations from the lowest setting, adding a considerable workload, therefore providing the pros with greater security :)

What I / we cannot allow is the posting of misinformation, poorly understood maths and nagging to cripple VeraCrypt. As I am sure you both already understand, there are many other products more suitable for brett_ and Pimme to hide girlie pictures from their moms LOL.

For those who need REAL security, we have VeraCrypt.
Dec 28, 2015 at 2:29 PM
THANK YOU Cipher1

Cipher1 = Someone who says it like it is!!!

Enigma2Illusion, I also would like to thank you for your tolerance and patience with these people, however you should not go too far, you will end up encouraging these types.

brett_ You got p0wn3d, you could learn a lot from this forum, more reading required.

veracrypt is for pro use, those with real security needs, it isn't a toy!!