This project has moved. For the latest updates, please go here.

Progressive delay?

Topics: Feature Requests
May 21, 2016 at 4:16 PM
Edited May 21, 2016 at 7:55 PM
I have no need to use VeraCrypt nowadays, but I like the concept, and sometimes ideas come to my head. This one maybe part of VC already, but I’m not acquainted with it to the extent I’m able to tell. Somebody here may set me straight.

Simply, seconds should be added to every password input during a session/instance. For somebody who knows the password, this will be a negligible inconvenience, but it will frustrate brute-force attacks.
May 22, 2016 at 5:33 AM
It is well understood and known that adding seconds will cause brute force time to increase from minutes and hours to years and decades.
Jun 5, 2016 at 6:22 PM
The strenght of VC is in the encryption algorithm(s) it uses. Noone will bruteforce using VC application as is, but will compile custom application with portions from veracrypt source code, with such delays removed of course. So this would only slow down the real user, not the attacker :-)
Jun 5, 2016 at 7:24 PM
I assumed as much, but the expectation is that VC has some delays already incorporated nevertheless; otherwise, delays in it are totally useless as it is. The idea is to place delays where they cannot be tampered with, if that is possible. If that’s not possible, then you have a point.
Jun 25, 2016 at 8:59 PM
There are no artificial delays; the only way delays occur are due to normal CPU processing work for the decryption process.... PIM is a factor in this. That is, it REALLY takes time to decrypt the password, it will not be made faster by snipping code and dropping portions of code because the code is not redundant.
Jun 28, 2016 at 8:31 PM
That makes sense. Thank you for contributing.