Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 02:58:02 -06:00
Code Activity

Documentation: Add entry about KDF, PBKDF2.

Browse Source
This commit is contained in:
Mounir IDRASSI
2025-08-31 23:11:06 +09:00
parent 1326844065
commit 10c4d30312
7 changed files with 154 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
doc/chm/VeraCrypt User Guide.chm
View File

Binary file not shown.

14
doc/chm/en/VeraCrypt.hhc
View File

@@ -207,6 +207,20 @@
<param name="Local" value="Streebog.html"> <param name="Local" value="Streebog.html">
</OBJECT> </OBJECT>
</UL> </UL>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Key Derivation Algorithms">
<param name="Local" value="Key Derivation Algorithms.html">
</OBJECT>
<UL>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="Argon2id">
<param name="Local" value="Argon2id.html">
</OBJECT>
<LI> <OBJECT type="text/sitemap">
<param name="Name" value="PBKDF2">
<param name="Local" value="pbkdf2.html">
</OBJECT>
</UL>
<LI> <OBJECT type="text/sitemap"> <LI> <OBJECT type="text/sitemap">
<param name="Name" value="Supported Operating Systems"> <param name="Name" value="Supported Operating Systems">
<param name="Local" value="Supported Operating Systems.html"> <param name="Local" value="Supported Operating Systems.html">

3
doc/chm/en/VeraCrypt.hhp
View File

@@ -13,6 +13,7 @@ Title=VeraCrypt User Guide
Acknowledgements.html Acknowledgements.html
Additional Security Requirements and Precautions.html Additional Security Requirements and Precautions.html
AES.html AES.html
Argon2id.html
arrow_right.gif arrow_right.gif
Authenticity and Integrity.html Authenticity and Integrity.html
Authors.html Authors.html
@@ -90,6 +91,7 @@ Incompatibilities.html
Introduction.html Introduction.html
Issues and Limitations.html Issues and Limitations.html
Journaling File Systems.html Journaling File Systems.html
Key Derivation Algorithms.html
Keyfiles in VeraCrypt.html Keyfiles in VeraCrypt.html
Keyfiles in VeraCrypt_Image_040.gif Keyfiles in VeraCrypt_Image_040.gif
Keyfiles.html Keyfiles.html
@@ -111,6 +113,7 @@ Notation.html
Paging File.html Paging File.html
Parallelization.html Parallelization.html
paypal_30x30.png paypal_30x30.png
pbkdf2.html
Personal Iterations Multiplier (PIM).html Personal Iterations Multiplier (PIM).html
Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step1.png Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step1.png
Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step2.png Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step2.png

3
doc/html/en/Argon2.html → doc/html/en/Argon2id.html
View File

@@ -28,7 +28,7 @@
<p> <p>
<a href="Documentation.html">Documentation</a> <a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px"> <img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Hash%20Algorithms.html">Hash Algorithms</a> <a href="Key%20Derivation%20Algorithms.html">Key Derivation Algorithms</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px"> <img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Argon2id.html">Argon2id</a> <a href="Argon2id.html">Argon2id</a>
</p></div> </p></div>
@@ -171,5 +171,4 @@ For more information about PIM values and their effect on Argon2id parameters, s
Personal Iterations Multiplier (PIM)</a> section. Personal Iterations Multiplier (PIM)</a> section.
</div> </div>
<p><a href="SHA-256.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section &gt;&gt;</a></p>
</div><div class="ClearBoth"></div></body></html> </div><div class="ClearBoth"></div></body></html>

5
doc/html/en/Documentation.html
View File

@@ -84,6 +84,11 @@
<li><a href="BLAKE2s-256.html">BLAKE2s-256</a> <li><a href="BLAKE2s-256.html">BLAKE2s-256</a>
</li><li><a href="SHA-256.html">SHA-256</a> </li><li><a href="SHA-512.html">SHA-512</a> </li><li><a href="Whirlpool.html">Whirlpool</a> </li><li><a href="SHA-256.html">SHA-256</a> </li><li><a href="SHA-512.html">SHA-512</a> </li><li><a href="Whirlpool.html">Whirlpool</a>
</li><li><a href="Streebog.html">Streebog</a></li></ul> </li><li><a href="Streebog.html">Streebog</a></li></ul>
</li><li><strong><a href="Key%20Derivation%20Algorithms.html">Key Derivation Algorithms</a></strong>
<ul>
<li><a href="Argon2id.html">Argon2id</a></li>
<li><a href="PBKDF2.html">PBKDF2</a></li>
</ul>
</li><li><strong><a href="Supported%20Operating%20Systems.html">Supported Operating Systems</a></strong> </li><li><strong><a href="Supported%20Operating%20Systems.html">Supported Operating Systems</a></strong>
</li><li><strong><a href="Command%20Line%20Usage.html">Command Line Usage</a></strong> </li><li><strong><a href="Command%20Line%20Usage.html">Command Line Usage</a></strong>
</li><li><strong><a href="Security%20Model.html">Security Model</a></strong> </li><li><strong><a href="Security%20Model.html">Security Model</a></strong>

51
doc/html/en/Key Derivation Algorithms.html Normal file
View File

@@ -0,0 +1,51 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="Code.html">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Key%20Derivation%20Algorithms.html">Key Derivation Algorithms</a>
</p></div>
<div class="wikidoc">
<h1>Key Derivation Algorithms</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
A key derivation function (KDF) transforms your password (and optional keyfiles) into cryptographic keys used to decrypt a VeraCrypt volume header. KDFs slow down brute-force attacks and protect against precomputation by incorporating a large random salt and a tunable work factor (e.g., iterations, memory).
</div>
<h3>Available Algorithms in VeraCrypt</h3>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
<li style="text-align:left; margin-top:0px; margin-bottom:8px; padding:0px">
<strong><a href="Argon2id.html" style="color:#0080c0; text-decoration:none">Argon2id</a>:</strong> A modern, memory-hard KDF (based on BLAKE2b internally). Recommended for new volumes. No separate hash selection is required.
</li>
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding:0px">
<strong><a href="PBKDF2.html" style="color:#0080c0; text-decoration:none">PBKDF2-HMAC</a>:</strong> A widely deployed KDF that uses HMAC with a selectable hash function. Supported HMAC hashes in VeraCrypt:
<a href="SHA-512.html" style="color:#0080c0; text-decoration:none">SHA-512</a>, <a href="SHA-256.html" style="color:#0080c0; text-decoration:none">SHA-256</a>, <a href="Whirlpool.html" style="color:#0080c0; text-decoration:none">Whirlpool</a>, <a href="BLAKE2s-256.html" style="color:#0080c0; text-decoration:none">BLAKE2s-256</a>, and <a href="Streebog.html" style="color:#0080c0; text-decoration:none">Streebog</a>.
</li>
</ul>
</div>
</div><div class="ClearBoth"></div></body></html>

80
doc/html/en/pbkdf2.html Normal file
View File

@@ -0,0 +1,80 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
<meta name="keywords" content="encryption, security"/>
<link href="styles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div>
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
</div>
<div id="menu">
<ul>
<li><a href="Home.html">Home</a></li>
<li><a href="Code.html">Source Code</a></li>
<li><a href="Downloads.html">Downloads</a></li>
<li><a class="active" href="Documentation.html">Documentation</a></li>
<li><a href="Donation.html">Donate</a></li>
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
</ul>
</div>
<div>
<p>
<a href="Documentation.html">Documentation</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="Key%20Derivation%20Algorithms.html">Key Derivation Algorithms</a>
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
<a href="PBKDF2.html">PBKDF2</a>
</p></div>
<div class="wikidoc">
<h1>PBKDF2</h1>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding:0px">
PBKDF2 (Password-Based Key Derivation Function 2) is a widely used KDF that applies a pseudorandom function (HMAC) repeatedly to slow down password guessing. In VeraCrypt, PBKDF2 is available with several HMAC hash functions and is used to derive the keys that decrypt a volume header.
</div>
<h3>PBKDF2-HMAC Variants Supported in VeraCrypt</h3>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding:0px">
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><strong>PBKDF2-HMAC-<a href="SHA-512.html" style="color:#0080c0; text-decoration:none">SHA-512</a></strong></li>
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><strong>PBKDF2-HMAC-<a href="SHA-256.html" style="color:#0080c0; text-decoration:none">SHA-256</a></strong></li>
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><strong>PBKDF2-HMAC-<a href="Whirlpool.html" style="color:#0080c0; text-decoration:none">Whirlpool</a></strong></li>
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><strong>PBKDF2-HMAC-<a href="BLAKE2s-256.html" style="color:#0080c0; text-decoration:none">BLAKE2s-256</a></strong></li>
<li style="text-align:left; margin:0px 0px 0px 0px; padding:0px"><strong>PBKDF2-HMAC-<a href="Streebog.html" style="color:#0080c0; text-decoration:none">STREEBOG</a></strong></li>
</ul>
<h3>Parameters in VeraCrypt</h3>
<h4>Salt</h4>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding:0px">
A 512-bit random salt (stored in the volume header) is mixed into the password to prevent precomputation and rainbow-table attacks.
</div>
<h4>Iteration Count</h4>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding:0px">
The number of PBKDF2 iterations depends on the selected HMAC hash, the context (e.g., system vs. non-system encryption), and the <a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html" style="color:#0080c0; text-decoration:none">PIM</a> value. Increasing PIM increases the iteration count and thus the time required to derive keys. For exact values and formulas, see <a href="Header%20Key%20Derivation.html" style="color:#0080c0; text-decoration:none">Header Key Derivation, Salt, and Iteration Count</a>.
</div>
<h4>Output Length</h4>
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding:0px">
The derived key length depends on the selected encryption algorithm(s) (e.g., 256 bits for AES-256, 768 bits for AES-Twofish-Serpent cascades).
</div>
<h3>Advantages and Considerations</h3>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding:0px">
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><strong>Broad compatibility:</strong> PBKDF2 is widely supported across platforms and environments.</li>
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><strong>Low memory requirements:</strong> Suitable for constrained systems.</li>
<li style="text-align:left; margin:0px 0px 0px 0px; padding:0px"><strong>Not memory-hard:</strong> Compared to <a href="Argon2id.html" style="color:#0080c0; text-decoration:none">Argon2id</a>, PBKDF2 offers less resistance to attacks using massively parallel hardware (GPUs/ASICs). Consider raising PIM if you must use PBKDF2.</li>
</ul>
<h3>Related Topics</h3>
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding:0px">
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><a href="Key%20Derivation%20Algorithms.html" style="color:#0080c0; text-decoration:none">Key Derivation Algorithms (overview)</a></li>
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><a href="Argon2id.html" style="color:#0080c0; text-decoration:none">Argon2id</a></li>
<li style="text-align:left; margin:0px 0px 6px 0px; padding:0px"><a href="Header%20Key%20Derivation.html" style="color:#0080c0; text-decoration:none">Header Key Derivation, Salt, and Iteration Count</a></li>
<li style="text-align:left; margin:0px 0px 0px 0px; padding:0px"><a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html" style="color:#0080c0; text-decoration:none">Personal Iterations Multiplier (PIM)</a></li>
</ul>
</div><div class="ClearBoth"></div></body></html>