Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 19:38:26 -06:00
Code Activity

Documentation: Use "KDF" instead of "PKCS-5 PRF". Add Argon2 related information.

Browse Source
This commit is contained in:
Mounir IDRASSI
2025-08-08 23:38:40 +09:00
parent 54c39e4eb2
commit 26a754b198
7 changed files with 255 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
doc/html/en/Personal Iterations Multiplier (PIM).html
View File

@@ -36,25 +36,56 @@
<div class="wikidoc">
<h1>PIM</h1>
<div>
<p>PIM stands for &quot;Personal Iterations Multiplier&quot;. It is a parameter that was introduced in VeraCrypt 1.12 and whose value controls the number of iterations used by the header key derivation function. This value can be specified through the password dialog
<p>PIM stands for &quot;Personal Iterations Multiplier&quot;. It is a parameter that was introduced in VeraCrypt 1.12 and whose value controls the computational parameters used by the header key derivation function. This value can be specified through the password dialog
or in the command line.</p>
<p>When a PIM value is specified, the number of iterations is calculated as follows:</p>
<p>The exact meaning of PIM depends on the key derivation function (KDF) being used:</p>
<h3>PBKDF2-HMAC Key Derivation</h3>
<p>When PBKDF2-HMAC is used, the PIM value controls the number of iterations as follows:</p>
<ul>
<li>For system encryption that doesn't use SHA-512 or Whirlpool: Iterations = <strong>PIM x 2048</strong>
</li><li>For system encryption that uses SHA-512 or Whirlpool: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li><li>For non-system encryption and file containers: Iterations = <strong>15000 &#43; (PIM x 1000)</strong>
</li></ul>
<p>If no PIM value is specified, VeraCrypt will use the default number of iterations used in versions prior to 1.12 (see
<a href="Header%20Key%20Derivation.html">
Header Key Derivation</a>). This can be summarized as follows:<br/>
<ul>
<li>For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, <strong>200000</strong> iterations are used which is equivalent to a PIM value of <strong>98</strong>.</li>
<li>For system encryption that uses SHA-512 or Whirlpool, <strong>500000</strong> iterations are used which is equivalent to a PIM value of <strong>485</strong>.</li>
<li>For non-system encryption and file containers, all derivation algorithms will use <strong>500000</strong> iterations which is equivalent to a PIM value of <strong>485</strong>.</li>
</ul>
<h3>Argon2id Key Derivation</h3>
<p>When Argon2id is used, the PIM value controls both memory cost and time cost parameters:</p>
<ul>
<li><strong>Memory Cost (m_cost) in MiB:</strong><br/>
m_cost(pim) = min(64 MiB + (pim - 1) * 32 MiB, 1024 MiB)<br/>
The memory cost increases by 32 MiB for each increment of PIM, starting from 64 MiB, and is capped at 1024 MiB when PIM reaches 31 or higher.
</li>
<li><strong>Time Cost (t_cost) in iterations:</strong><br/>
If PIM ≤ 31: t_cost(pim) = 3 + floor((pim - 1) / 3)<br/>
If PIM > 31: t_cost(pim) = 13 + (pim - 31)<br/>
The time cost increases by 1 iteration for every 3 increments of PIM when PIM ≤ 31, and by 1 iteration per PIM increment when PIM > 31.
</li>
<li><strong>Parallelism:</strong> Fixed at 1 thread for all cases.</li>
</ul>
<p><strong>Argon2id Examples:</strong></p>
<ul>
<li>For PIM = 12: Memory Cost = 416 MiB, Time Cost = 6 iterations</li>
<li>For PIM = 31: Memory Cost = 1024 MiB, Time Cost = 13 iterations</li>
<li>For PIM = 32: Memory Cost = 1024 MiB, Time Cost = 14 iterations</li>
</ul>
<p>If no PIM value is specified, VeraCrypt will use the default parameters used in versions prior to 1.12 for PBKDF2-HMAC (see
<a href="Header%20Key%20Derivation.html">
Header Key Derivation</a>). For Argon2id, default parameters are equivalent to PIM = 12:
</p>
<ul>
<li><strong>PBKDF2-HMAC defaults:</strong></li>
<ul>
<li>For system partition encryption (boot encryption) that uses SHA-256, BLAKE2s-256 or Streebog, <strong>200000</strong> iterations are used which is equivalent to a PIM value of <strong>98</strong>.</li>
<li>For system encryption that uses SHA-512 or Whirlpool, <strong>500000</strong> iterations are used which is equivalent to a PIM value of <strong>485</strong>.</li>
<li>For non-system encryption and file containers, all derivation algorithms will use <strong>500000</strong> iterations which is equivalent to a PIM value of <strong>485</strong>.</li>
</ul>
<li><strong>Argon2id defaults:</strong> Memory Cost = 416 MiB, Time Cost = 6 iterations (equivalent to PIM = 12)</li>
</ul>
<p>Prior to version 1.12, the security of a VeraCrypt volume was only based on the password strength because VeraCrypt was using a fixed number of iterations.<br>
With the introduction of PIM, VeraCrypt has a 2-dimensional security space for volumes based on the couple (Password, PIM). This provides more flexibility for adjusting the desired security level while also controlling the performance of the mount/boot operation.</p>
With the introduction of PIM, VeraCrypt has a multi-dimensional security space for volumes based on the combination (Password, PIM, Key Derivation Function). This provides more flexibility for adjusting the desired security level while also controlling the performance of the mount/boot operation.</p>
<h3>PIM Usage</h3>
It is not mandatory to specify a PIM.</div>
<div><br>