This project has moved. For the latest updates, please go here.

Custom msg in pre-boot authentication screen (missing)

Topics: Technical Issues
May 16 at 10:07 AM
Hello,
i have two dell laptops, both encrytped with VeraCrypt 1.19.
When i`am in VeraCrypt settings of "System encryption" at Settings tag i see possibility too set custom msg in pre-boot authentication screen , check screenshot: Image but on second laptop there is no such a possibility to choose.......why...how to do it? On first laptop there is also 1.19 but i installed it quite long time ago maybe it was just updated to 1.19 from older version, not sure...
or maybe in 1.19 it is not possible anymore and i should search for older version? :/

Can anyone help me? Becauase i also want to use that function to hide pre-boot authentication screen on second one. :/

HELP ME PLEASE :)
Developer
May 16 at 1:49 PM
new laptop is EFI. EFi pre-boot auth is more flexible. Edit DcsProp on ESP.
Details:
https://sourceforge.net/projects/dc5/files/beta/
in DCS-2017_03_28.zip
May 16 at 4:29 PM
Thank you for your answer. Iam sorry i need more detaily what i have to do. Iam not so good in computers :/
File is downloaded and unpacked, what now? :)
Developer
May 16 at 5:16 PM
Install VeraCrypt update 1.20b2p2.

Settings dialog will have button "Edit DcsProp". Modify key "PasswordMsg".

e.g.
<config key="PasswordMsg">Enter Password: </config>
to
<config key="PasswordMsg">Press enter... </config>

Other keys details are in "DcsPkg\DcsProp.example"
May 17 at 7:40 AM
Thanks again. I changed "Enter Password" to "Missing operating system".
But when computer starts and i use keyboard there are stars ******** when iam writing....also information:
"Authorizing...
Authorization failed. Wrong password, PIM or hash." -if i put wrong pass ofcourse

Is there possibility to hide it same as at old computer? There is nothing happend when i write or do anything.

Now is better that "Enter password" is hidden under "Missing operating system" but it is still not perfect becauase messages shows that there is password set on that computer.

Please help me in easy way and language to hide it all same as at old one :)
Developer
May 17 at 9:19 AM
Edited May 17 at 9:21 AM
See config keys details in "DcsPkg\DcsProp.example"
<!-- Number of authorization retries -->
<config key="AuthorizeRetry">10</config>
<!-- Timeout in seconds before <ESC> from password prompt -->
<config key="PasswordTimeout">0</config>

<!-- authorization start message -->
<config key="AuthStartMsg">Authorizing...</config>
<!-- authorization error message -->
<config key="AuthErrorMsg">Authorization failed. Wrong password, PIM or hash.</config>

<!-- Show "*" on each key pressed or picture zone touched -->
<config key="AuthorizeProgress">1</config>
change to
<config key="AuthorizeRetry">1</config>
<config key="PasswordTimeout">60</config>
<config key="AuthStartMsg"></config>
<config key="AuthErrorMsg"></config>
<config key="AuthorizeProgress">0</config>
May 17 at 11:31 AM
Okey I will do it and check in moment. Can you tell me what is PIM in for eg. "Do not request PIM in the pre-boot" ?
I never set it so if i will check it to not request in the pre-boot my main password will be safe? (after i click this option set i got information that if PIM was set it will be stored unencrypted. Just want to have sure that main password will be safe with that option ON.

Also maybe you know...on my old laptop with "System is missing" info on start after i enter correct main password i have to wait almost 1minute to authorise and to windows can start...do you know why it wait so long? This is why i ask what is PIM..i thought maybe it slow down autorisation...but there was no PIM set.
May 17 at 11:40 AM
Edited May 17 at 5:38 PM
kavsrf wrote:
See config keys details in "DcsPkg\DcsProp.example"
<!-- Number of authorization retries -->
<config key="AuthorizeRetry">10</config>
<!-- Timeout in seconds before <ESC> from password prompt -->
<config key="PasswordTimeout">0</config>

<!-- authorization start message -->
<config key="AuthStartMsg">Authorizing...</config>
<!-- authorization error message -->
<config key="AuthErrorMsg">Authorization failed. Wrong password, PIM or hash.</config>

<!-- Show "*" on each key pressed or picture zone touched -->
<config key="AuthorizeProgress">1</config>
change to
<config key="AuthorizeRetry">1</config>
<config key="PasswordTimeout">60</config>
<config key="AuthStartMsg"></config>
<config key="AuthErrorMsg"></config>
<config key="AuthorizeProgress">0</config>

THANKS! DONE!
May 17 at 6:58 PM
mrleo wrote:
Okey I will do it and check in moment. Can you tell me what is PIM in for eg. "Do not request PIM in the pre-boot" ?
I never set it so if i will check it to not request in the pre-boot my main password will be safe? (after i click this option set i got information that if PIM was set it will be stored unencrypted. Just want to have sure that main password will be safe with that option ON.
Yes this is safe, it just means that everyone will know what your PIM is, like it was in Truecrypt too and most use the default PIM anyways.
Also maybe you know...on my old laptop with "System is missing" info on start after i enter correct main password i have to wait almost 1minute to authorise and to windows can start...do you know why it wait so long? This is why i ask what is PIM..i thought maybe it slow down autorisation...but there was no PIM set.
Yes, this is most likely the high PIM. You could set it to a lower one, so the mounting will be faster for slow devices, but this will also decrease the security against bruteforcing attacks. Read this article for an explanation about what it is and how to change it: https://veracrypt.codeplex.com/wikipage?title=personal%20iterations%20multiplier%20%28pim%29
As far as i know the default PIM is 98, if you want to set it to a lower value you have to use a password with more than 20 characters, then play around with it and choose the highest PIM you can bear.