This project has moved and is read-only. For the latest updates, please go here.

Provide means to reduce the utterly LUDICROUS delay logging in after encryption.

Topics: Feature Requests
Sep 29, 2016 at 3:30 AM
Edited Sep 29, 2016 at 3:52 AM
I fully understand the reasoning behind increasing the iteration count for key derivation over what TrueCrypt used if one is interested in ultimate security.

However, SOME of us run OLD HARDWARE, and have a threat model that amounts to casual laptop thieves putting the hard drive in an external enclosure.

We should have an option to mitigate the stupidly long delay, until such time as one is implemented I'm likely to uninstall and install TrueCrypt from GRC or somewhere, VeraCrypt is simply unacceptably unusable.

I can quite literally enter my password, go make coffee, drink that coffee, and on my return verification has STILL not completed, A short delay would be acceptable, with TC there was no perceptible delay.

If you can't manage that, then AT LEAST provide a means to back out of encryption altogether, without having to sit through the entire process to encrypt, then decrypt and uninstall.. it was painfully obvious this was unuseable software right at the point that the pretest passed, I'd have appreciated being able to get rid of this junk right then, without that longwinded process.
Sep 29, 2016 at 3:20 PM
Edited Sep 29, 2016 at 3:42 PM
VeraCrypt has an option called PIM, Personal Iterations Multiplier that you can use to adjust the number of iterations performed for mounting the volume when your password is 20 or more characters.
With version 1.18, you can benchmark the estimated delay to mount/boot on your PC for both system encryption (there is a check box called Pre-boot) and non-system encryption for the hash (PKCS-5 PRF). This will provide you with the estimated delay for mounting/booting.
Sep 30, 2016 at 12:16 AM
Edited Sep 30, 2016 at 12:23 AM
Well, calling it a multiplier is a bit silly if it is useable to reduce the iterations, as it gives the impression that the time can only be adjusted upward, the exact reverse of what's needed. Had the documentation heading referred to it as a modifier then perhaps I'd have read the section before charging in.
Perhaps the benchmarking you mention should also be offered by default (with an option to cancel), otherwise people like myself who are familiar with TC, will simply zip through, and then be left with mount times that actively encourage leaving their machine unattended during the looooong delay for mounting. I respectfully suggest leaving a machine unattended is a far bigger security problem than a shorter per-try delay for someone brute-forcing, which would take years in any case for a decent quality password, even with NO delay. With such long delays as I've witnessed, people WILL get up and go do something else during the delay, inevitably they'll occasionally forget to lock a machine while doing so. Human nature is a far bigger problem than slightly weaker but still strong enough crypto.

Frankly faced with the default delays, I'd choose not to encrypt at all, and simply take my chances. Which is worse security still.
Nov 1, 2016 at 12:21 AM
Why would you possibly think that a multiplier can't be reduced?
Sometimes it helps to read the documentation instead of flaming the developers who have graciously made available an awesome piece of software and accompanying documentation free of charge.
Based on your comment, it might be best if you avoid encryption software.
Nov 15, 2016 at 11:03 PM
Anyone who understands English, will understand a "multiplier" results in a multiple of the default. a "divisor" results in a fraction of the default, and a "modifier" results in a change to the default.

Sometimes it helps if the documentation is clearly written.

Sloppy documentation is, of course, not proof of sloppy code... but that's not the smart way to bet.

Perhaps it would be better if you refrained from posting on topics that have been dormant for a long time, and instead devoted your efforts to learning English.
Nov 23, 2016 at 12:08 PM
Bearded_Blunder, the amount of fail you manage to pack into your 3 short posts is astounding. What compression algorithm did you use for that? No wonder you use encryption, you could be sitting on a gold mine if you patent it!

First you spout derision with whiny, puerile comments about a feature that is already available and documented.

When you get a clear, factual response informing you of this, instead of graciously acknowledging that you didn't RTFM and leaving it at that, you suddenly decide to give birth to your own branch of mathematics where a multiplier is 'a bit silly' if it is able to reduce a value. Wow. Is that also true if you use different colored pencils to do the math?

Then the first line of your last post ... seriously, a Picard quadruple face-palm doesn't even suffice. It reads like a finely crafted line of great poetry - one that would make a Vogon spontaneously combust with envy.

"Definition of multiplier: a number by which another number is multiplied". Write that one down. Feel free to use a magenta crayon.

You need to multiply your self-centered, negative attitude by minus one. And if you can't work that one out, just multiply your presence on these forums by zero.
Dec 1, 2016 at 1:43 PM
Edited Dec 1, 2016 at 1:44 PM
Dear Bearded Blunder, I think you have picked the right nick. You actually don't need to understand English to know how math works. You can multiple any numbers, so 10 * 0.5, will get you (surprise surprise) 5, which is actually less, also you can call it division by 2. But that's off topic and this is not how number of iterations work, which is clearly explained in manual. If you would have asked nicely, someone would quote that from manual and explain. Maybe someone really patient would even explain you how math works.

I think, that LimeCharlie is pretty correct, get your attitude multiplied by -1 and do no forget to repeat math from the grammar school.

Btw. I use veracrypt on one of the first netbooks (really slow machine), full disk encryption, which is known to be quite slow even on fast computers, and with PIM 1 the delay is OK.
Dec 1, 2016 at 6:59 PM
Why so aggressive.... i dont think BB made such a bad comments after all. Who cares what a multiplier is... I dont suffer from the long delays as i am using more or less fast computer and i dont use full encryption....
However, thinking of it.... my moms home security system has 6 digit code, which she has difficulties to enter. I have just found out that shes not activating it at all anymore... so yes, it reminds me of the situation with the PIMs.... if her code was 3 digits only, even 2, i m sure mom would be still arming up her system when leaving home....