PBKDF2
PBKDF2 (Password-Based Key Derivation Function 2) is a widely used KDF that applies a pseudorandom function (HMAC) repeatedly to slow down password guessing. In VeraCrypt, PBKDF2 is available with several HMAC hash functions and is used to derive the keys that decrypt a volume header.
PBKDF2-HMAC Variants Supported in VeraCrypt
Parameters in VeraCrypt
Salt
A 512-bit random salt (stored in the volume header) is mixed into the password to prevent precomputation and rainbow-table attacks.
Iteration Count
The number of PBKDF2 iterations depends on the selected HMAC hash, the context (e.g., system vs. non-system encryption), and the
PIM value. Increasing PIM increases the iteration count and thus the time required to derive keys. For exact values and formulas, see
Header Key Derivation, Salt, and Iteration Count.
Output Length
The amount of derived header key material consumed depends on the selected encryption algorithm(s). For current XTS volumes, VeraCrypt uses both primary and secondary header keys; for example, AES-256-XTS uses 512 bits in total (two 256-bit keys), and an AES-Twofish-Serpent-XTS cascade uses 1536 bits in total (six 256-bit keys).
Advantages and Considerations
- Broad compatibility: PBKDF2 is widely supported across platforms and environments.
- Low memory requirements: Suitable for constrained systems.
- Not memory-hard: Compared to Argon2id, PBKDF2 offers less resistance to attacks using massively parallel hardware (GPUs/ASICs). Consider raising PIM if you must use PBKDF2.
Related Topics
