As I explained, it is the higher iterations performed on the hash algorithm as identified in the TrueCrypt audit reports that Mr. Mounir Idrassi has strengthened among other issues identified in both the audit reports and the discoveries Mr. Idrassi and
users reported to fixed in the VeraCrypt project. If you read the audit reports, you know that TrueCrypt was released in 2004 when computing power was much less than today. The TrueCrypt 1000 iterations for the system encryption's hash RIPEMD-160 for today's
computers is too low.
The PIM feature was added to allow users the option of faster boot/mount times versus the higher security of the default settings of VeraCrypt. Also with the PIM feature, you can increase the value beyond the defaults to have stronger header keys to help future
proof the volumes for long term storage.
If you are using cascades for your system encryption, then it will take longer to mount as the hash is performed for each header key in the cascade encryption algorithm. Therefore if you are using a cascade of three encryption algorithms, then the hash iterations
is performed for each of the three algorithms since the header keys are independent of each other in the cascade. Read the link below which has an example of the cascades and header keys.
Your goal of system encryption verification time of 30 seconds will be an estimate of 14 for the PIM value when using a single encryption cipher for system encryption. 14 x 2048 = 28672. This assumes the 1000 iterations on TrueCrypt is taking 1 second on your
You can vote-up the feature request for benchmarking hashes and PIM at the link below.
The password length will not alter the mount times. You are confusing the password length with the requirement in VeraCrypt to use a password of 20 or more characters to use a lower PIM. This is done to in the hopes that the user provides a stronger password
to offset the security reduction when using lower hash iterations.
Unlike the TrueCrypt developers that stayed anonymous, Mr. Idrassi has made himself public and placed his professional security reputation on-the-line. You can read about Mounir's motivations at the link below.
There are plans to seek funding for an audit to be performed on VeraCrypt once Mounir feels that he has completed the major changes to VeraCrypt.
Mounir has made many improvements to VeraCrypt that you can review at the link below. Then click on the History label.
Regarding backdoor, it comes down to trust. Many people used TrueCrypt with anonymous developers before an audit was performed to learn that no backdoors were discovered.