This project has moved. For the latest updates, please go here.

Is there a way to speed up mounting of external HDD on a Windows XP desktop?

Topics: Technical Issues, Users Discussion
Apr 22, 2016 at 7:28 AM
Edited Apr 22, 2016 at 7:29 AM
Hi everyone:

I'm new to VeraCrypt so pardon if this is a silly question (been using mostly BitLocker but decided to try open source solution.)

So I have an old Windows XP desktop that I need to make daily backups on. (Mostly my emails -- nothing too important, but still I don't want to just copy it onto a plain-view external disk.)

I have a 1.8TB external HDD attached to it via USB-2. I installed VeraCrypt on that PC and set up full disk encryption on that external HDD (only.) The password to unlock it is 25 chars long (totally random gibberish stored in LastPass password manager.)

It works fine, copying files is a bit slower than if there was no encryption, but I can live with it.

What seems to be absolutely dreadfully slow is first mounting this drive. I just timed it, and it takes about 8-plus minutes. Moreover, during mounting the OS itself freezes up, even the mouse doesn't move. (Almost like a BSOD, except the blue screen.)

So I'm curious, what did I do wrong? And is there a way to speed up this mounting process?

PS. I understand that speed and encryption don't go hand-in-hand. Except in my case I'm not needing a very strong encryption (for Pete's sake, I'm using Windows XP on that desktop.) So will shortening my password to say, 12, 10 or 8 characters speed it up?
Apr 22, 2016 at 1:23 PM
VeraCrypt uses higher number of iterations for the hash when mounting a volume due to the security audits of TrueCrypt determine the number of iterations used was too weak for today's computing power.

You can control the mount time with lower iterations if you use a password of 20 more characters using the PIM feature.

https://veracrypt.codeplex.com/wikipage?title=Personal%20Iterations%20Multiplier%20%28PIM%29
Apr 23, 2016 at 10:00 PM
Awesome! Appreciate the info.

Experimentally, I was able to achieve a much faster mount by using AES with SHA-256, 25-character password of random LastPass generated gibberish and PIM=50. In this case the mount is done in less than a minute on that Windows XP machine.

I'm curious, am I "sacrificing" too much security with these settings?
Apr 26, 2016 at 8:50 AM
dc2016 wrote:
I'm curious, am I "sacrificing" too much security with these settings?
Some yes, but too much no, even with PIM 1 you have much more iterations than with truecrypt, which was not broken till today. Actually, I think that you are now more secure than before ;-) Long boot time leads people to sleep their machines / leave them running instead turning them off when they are not sitting in front of it and slept machine is mounted. If they will want your data and don't skimp surveillance, they will know you are using encryption. If they fail to see your password "over shoulder", they will probably wait for a good moment and sieze your laptop mounted, so with long time you are only making life harder for yourself...
Apr 26, 2016 at 8:37 PM
testoslav wrote:
Long boot time leads people to sleep their machines / leave them running instead turning them off...
Yeah, good point. Say, if I leave my machine running but locked up with a Windows account password. What could an attacker realistically do if I'm not around? (My encrypted drive is an external HDD connected via a USB cable.)

PS. I understand that there's a "Cold boot attack" but honestly, it sounds more plausible on paper than in reality. Obviously if I was an enemy of the state, then yes. But again, I'm talking about a "realistic" scenario.
Apr 27, 2016 at 4:39 AM
Edited Apr 27, 2016 at 5:23 AM
I understand that there's a "Cold boot attack" but honestly, it sounds more plausible on paper than in reality. Obviously if I was an enemy of the state, then yes. But again, I'm talking about a "realistic" scenario.
dc2016, for many many people who use VeraCrypt (not just for fun/for work), Cold boot attacks and others (which we don't even know!) - are INDEED very realistic scenarios!
Journalists, dissidents, activists etc - most of them are targets not of their pimply friends/average hackers, but they are targets OF THE STATE. And the State has got almost unlimited resources -> thus could perform the most "unrealistic"scenarios.

That's not a movie or some kind of paranoia in people's minds. That's the reality (it is the edge of it).
Security issues of VeraCrypt should not be judged from my/your personal measure of necessity. But from these people's measure.

So i would like to remind us all that when we talk about the Security of VeraCrypt (the cornerstone of this software), -> we should always think about THE WORST AND THE MOST "UNREALISTIC" SCENARIOS, because people's LIVES depend on it.
Apr 27, 2016 at 5:11 AM
algreider8 wrote:
That's not a movie or some kind of paranoia in people's minds. That's the reality (it is the edge of it).
Security issues of VeraCrypt should not be judged from my/your personal measure of necessity. But from these people's measure.

So i would like to remind us all that when we talk about the Security of VeraCrypt (the cornerstone of this software), -> we should always think about THE WORST AND THE MOST "UNREALISTIC" SCENARIOS, because people's LIVES depend on it.
OK. good point.