Documentation: clearer description of how number of iterations are calculated

This commit is contained in:
Mounir IDRASSI 2022-03-27 16:33:40 +02:00
parent 540fb52aca
commit a077eb94ef
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
3 changed files with 7 additions and 3 deletions

Binary file not shown.

View File

@ -65,14 +65,16 @@ <h1>Header Key Derivation, Salt, and Iteration Count</h1>
PIM </a>value is not specified or if it is equal to zero, VeraCrypt uses the default values expressed below:<br/>
<ul>
<li>For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, <strong>200000</strong> iterations are used.</li>
<li>For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers, <strong>500000</strong> iterations are used.
<li>For system encryption that uses SHA-512 or Whirlpool, <strong>500000</strong> iterations are used.</li>
<li>For non-system encryption and file containers, all derivation algorithms will use <strong>500000</strong> iterations.
</li></ul>
</p>
<p>When a <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html">
PIM </a>value is given by the user, the number of iterations of the key derivation function is calculated as follows:</p>
<ul>
<li>For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = <strong>PIM x 2048</strong>
</li><li>For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li><li>For system encryption that uses SHA-512 or Whirlpool: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li><li>For non-system encryption and file containers: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li></ul>
</div>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">

View File

@ -44,7 +44,9 @@ <h1>PIM</h1>
Header Key Derivation</a>).</p>
<p>When a PIM value is specified, the number of iterations is calculated as follows:</p>
<ul>
<li>For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = <strong>PIM x 2048</strong> </li><li>For system encryption that uses SHA-512 or Whirlpool, non-system encryption and file containers: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
<li>For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = <strong>PIM x 2048</strong>
</li><li>For system encryption that uses SHA-512 or Whirlpool: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li><li>For non-system encryption and file containers: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li></ul>
<p>Prior to version 1.12, the security of a VeraCrypt volume was only based on the password strength because VeraCrypt was using a fixed number of iterations.<br>
With the introduction of PIM, VeraCrypt has a 2-dimensional security space for volumes based on the couple (Password, PIM). This provides more flexibility for adjusting the desired security level while also controlling the performance of the mount/boot operation.</p>