Linux/MacOSX: first dynamic mode implementation

src/Core/Core.h

@@ -69,16 +69,18 @@ namespace VeraCrypt
 		shared_ptr <VolumePath> m_volumePath;
 		bool m_preserveTimestamps;
 		shared_ptr <VolumePassword> m_password;
+		int m_pim;
 		shared_ptr <Pkcs5Kdf> m_kdf;
 		bool m_truecryptMode;
 		shared_ptr <KeyfileList> m_keyfiles;
 		shared_ptr <VolumePassword> m_newPassword;
+		int m_newPim;
 		shared_ptr <KeyfileList> m_newKeyfiles;
 		shared_ptr <Pkcs5Kdf> m_newPkcs5Kdf;
 		int m_wipeCount;
-		ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount)  {}
+		ChangePasswordThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) : m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles), m_newPassword(newPassword), m_newPim(newPim), m_newKeyfiles(newKeyfiles), m_newPkcs5Kdf(newPkcs5Kdf), m_wipeCount(wipeCount)  {}
 		virtual ~ChangePasswordThreadRoutine() { }
-		virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newKeyfiles, m_newPkcs5Kdf, m_wipeCount); }
+		virtual void ExecutionCode(void) { Core->ChangePassword(m_volumePath, m_preserveTimestamps, m_password, m_pim, m_kdf, m_truecryptMode, m_keyfiles, m_newPassword, m_newPim, m_newKeyfiles, m_newPkcs5Kdf, m_wipeCount); }
 	};
 
 	class OpenVolumeThreadRoutine : public WaitThreadRoutine
@@ -87,11 +89,13 @@ namespace VeraCrypt
 		shared_ptr <VolumePath> m_volumePath;
 		bool m_preserveTimestamps;
 		shared_ptr <VolumePassword> m_password;
+		int m_pim;
 		shared_ptr<Pkcs5Kdf> m_Kdf;
 		bool m_truecryptMode;
 		shared_ptr <KeyfileList> m_keyfiles;
 		VolumeProtection::Enum m_protection;
 		shared_ptr <VolumePassword> m_protectionPassword;
+		int m_protectionPim;
 		shared_ptr<Pkcs5Kdf> m_protectionKdf;
 		shared_ptr <KeyfileList> m_protectionKeyfiles;
 		bool m_sharedAccessAllowed;
@@ -100,14 +104,14 @@ namespace VeraCrypt
 		bool m_partitionInSystemEncryptionScope;
 		shared_ptr <Volume> m_pVolume;
 
-		OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):
+		OpenVolumeThreadRoutine(shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false):
-		m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_Kdf(Kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles),
+		m_volumePath(volumePath), m_preserveTimestamps(preserveTimestamps), m_password(password), m_pim(pim), m_Kdf(Kdf), m_truecryptMode(truecryptMode), m_keyfiles(keyfiles),
-		m_protection(protection), m_protectionPassword(protectionPassword), m_protectionKdf(protectionKdf), m_protectionKeyfiles(protectionKeyfiles), m_sharedAccessAllowed(sharedAccessAllowed), m_volumeType(volumeType),m_useBackupHeaders(useBackupHeaders),
+		m_protection(protection), m_protectionPassword(protectionPassword), m_protectionPim(protectionPim), m_protectionKdf(protectionKdf), m_protectionKeyfiles(protectionKeyfiles), m_sharedAccessAllowed(sharedAccessAllowed), m_volumeType(volumeType),m_useBackupHeaders(useBackupHeaders),
 		m_partitionInSystemEncryptionScope(partitionInSystemEncryptionScope) {}
 
 		~OpenVolumeThreadRoutine() {}
 
-		virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_Kdf,m_truecryptMode,m_keyfiles, m_protection,m_protectionPassword,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }
+		virtual void ExecutionCode(void) { m_pVolume = Core->OpenVolume(m_volumePath,m_preserveTimestamps,m_password,m_pim,m_Kdf,m_truecryptMode,m_keyfiles, m_protection,m_protectionPassword,m_protectionPim,m_protectionKdf, m_protectionKeyfiles,m_sharedAccessAllowed,m_volumeType,m_useBackupHeaders, m_partitionInSystemEncryptionScope); }
 
 	};
 
@@ -117,11 +121,12 @@ namespace VeraCrypt
 		const BufferPtr &m_newHeaderBuffer;
 		shared_ptr <VolumeHeader> m_header;
 		shared_ptr <VolumePassword> m_password;
+		int m_pim;
 		shared_ptr <KeyfileList> m_keyfiles;
-		ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles)
+		ReEncryptHeaderThreadRoutine(const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles)
-			: m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_keyfiles(keyfiles) {}
+			: m_newHeaderBuffer(newHeaderBuffer), m_header(header), m_password(password), m_pim(pim), m_keyfiles(keyfiles) {}
 		virtual ~ReEncryptHeaderThreadRoutine() { }
-		virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_keyfiles); }
+		virtual void ExecutionCode(void) { Core->ReEncryptVolumeHeaderWithNewSalt (m_newHeaderBuffer, m_header, m_password, m_pim, m_keyfiles); }
 	};
 
 	class DecryptThreadRoutine : public WaitThreadRoutine
@@ -130,16 +135,17 @@ namespace VeraCrypt
 		shared_ptr <VolumeHeader> m_pHeader;
 		const ConstBufferPtr &m_encryptedData;
 		const VolumePassword &m_password;
+		int m_pim;
 		shared_ptr <Pkcs5Kdf> m_kdf;
 		bool m_truecryptMode;
 		const Pkcs5KdfList &m_keyDerivationFunctions;
 		const EncryptionAlgorithmList &m_encryptionAlgorithms;
 		const EncryptionModeList &m_encryptionModes;
 		bool m_bResult;
-		DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
+		DecryptThreadRoutine(shared_ptr <VolumeHeader> header, const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
-			: m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){}
+			: m_pHeader(header), m_encryptedData(encryptedData), m_password(password), m_pim(pim), m_kdf(kdf), m_truecryptMode(truecryptMode), m_keyDerivationFunctions(keyDerivationFunctions), m_encryptionAlgorithms(encryptionAlgorithms), m_encryptionModes(encryptionModes), m_bResult(false){}
 		virtual ~DecryptThreadRoutine() { }
-		virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_kdf, m_truecryptMode, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); }
+		virtual void ExecutionCode(void) { m_bResult = m_pHeader->Decrypt(m_encryptedData, m_password, m_pim, m_kdf, m_truecryptMode, m_keyDerivationFunctions, m_encryptionAlgorithms, m_encryptionModes); }
 	};
 
 	class WaitThreadUI

src/Core/CoreBase.cpp

@@ -23,7 +23,7 @@ namespace VeraCrypt
 	{
 	}
 
-	void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+	void CoreBase::ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
 	{
 		if ((!newPassword || newPassword->Size() < 1) && (!newKeyfiles || newKeyfiles->empty()))
 			throw PasswordEmpty (SRC_POS);
@@ -63,7 +63,7 @@ namespace VeraCrypt
 				else
 					RandomNumberGenerator::GetDataFast (newSalt);
 
-				newPkcs5Kdf->DeriveKey (newHeaderKey, *password, newSalt);
+				newPkcs5Kdf->DeriveKey (newHeaderKey, *password, newPim, newSalt);
 
 				openVolume->ReEncryptHeader (backupHeader, newSalt, newHeaderKey, newPkcs5Kdf);
 				openVolume->GetFile()->Flush();
@@ -76,10 +76,10 @@ namespace VeraCrypt
 		}
 	}
 		
-	void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
+	void CoreBase::ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf, int wipeCount) const
 	{
-		shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, kdf, truecryptMode, keyfiles);
+		shared_ptr <Volume> volume = OpenVolume (volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
-		ChangePassword (volume, newPassword, newKeyfiles, newPkcs5Kdf, wipeCount);
+		ChangePassword (volume, newPassword, newPim, newKeyfiles, newPkcs5Kdf, wipeCount);
 	}
 
 	void CoreBase::CoalesceSlotNumberAndMountPoint (MountOptions &options) const
@@ -250,10 +250,10 @@ namespace VeraCrypt
 		return GetMountedVolume (volumePath);
 	}
 
-	shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const
+	shared_ptr <Volume> CoreBase::OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr<Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope) const
 	{
 		make_shared_auto (Volume, volume);
-		volume->Open (*volumePath, preserveTimestamps, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+		volume->Open (*volumePath, preserveTimestamps, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf, protectionKeyfiles, sharedAccessAllowed, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
 		return volume;
 	}
 	
@@ -268,7 +268,7 @@ namespace VeraCrypt
 		encryptionAlgorithm->GetMode()->SetKey (modeKey);
 	}
 
-	void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles) const
+	void CoreBase::ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) const
 	{
 		shared_ptr <Pkcs5Kdf> pkcs5Kdf = header->GetPkcs5Kdf();
 
@@ -280,7 +280,7 @@ namespace VeraCrypt
 		shared_ptr <VolumePassword> passwordKey (Keyfile::ApplyListToPassword (keyfiles, password));
 
 		RandomNumberGenerator::GetData (newSalt);
-		pkcs5Kdf->DeriveKey (newHeaderKey, *passwordKey, newSalt);
+		pkcs5Kdf->DeriveKey (newHeaderKey, *passwordKey, pim, newSalt);
 
 		header->EncryptNew (newHeaderBuffer, newSalt, newHeaderKey, pkcs5Kdf);
 	}

src/Core/CoreBase.h

@@ -29,8 +29,8 @@ namespace VeraCrypt
 	public:
 		virtual ~CoreBase ();
 
-		virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+		virtual void ChangePassword (shared_ptr <Volume> openVolume, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
-		virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
+		virtual void ChangePassword (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Pkcs5Kdf> newPkcs5Kdf = shared_ptr <Pkcs5Kdf> (), int wipeCount = PRAND_HEADER_WIPE_PASSES) const;
 		virtual void CheckFilesystem (shared_ptr <VolumeInfo> mountedVolume, bool repair = false) const = 0; 
 		virtual void CoalesceSlotNumberAndMountPoint (MountOptions &options) const;
 		virtual void CreateKeyfile (const FilePath &keyfilePath) const;
@@ -65,9 +65,9 @@ namespace VeraCrypt
 		virtual bool IsVolumeMounted (const VolumePath &volumePath) const;
 		virtual VolumeSlotNumber MountPointToSlotNumber (const DirectoryPath &mountPoint) const = 0;
 		virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options) = 0;
-		virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;
+		virtual shared_ptr <Volume> OpenVolume (shared_ptr <VolumePath> volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr<Pkcs5Kdf> Kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr<Pkcs5Kdf> protectionKdf = shared_ptr<Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false) const;
 		virtual void RandomizeEncryptionAlgorithmKey (shared_ptr <EncryptionAlgorithm> encryptionAlgorithm) const;
-		virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, shared_ptr <KeyfileList> keyfiles) const;
+		virtual void ReEncryptVolumeHeaderWithNewSalt (const BufferPtr &newHeaderBuffer, shared_ptr <VolumeHeader> header, shared_ptr <VolumePassword> password, int pim, shared_ptr <KeyfileList> keyfiles) const;
 		virtual void SetAdminPasswordCallback (shared_ptr <GetStringFunctor> functor) { }
 		virtual void SetApplicationExecutablePath (const FilePath &path) { ApplicationExecutablePath = path; }
 		virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;

src/Core/MountOptions.cpp

@@ -26,6 +26,7 @@ namespace VeraCrypt
 		TC_CLONE (NoHardwareCrypto);
 		TC_CLONE (NoKernelCrypto);
 		TC_CLONE_SHARED (VolumePassword, Password);
+		TC_CLONE (Pim);
 		if (other.Kdf)
 		{
 			Kdf.reset(other.Kdf->Clone());
@@ -37,6 +38,7 @@ namespace VeraCrypt
 		TC_CLONE (PreserveTimestamps);
 		TC_CLONE (Protection);
 		TC_CLONE_SHARED (VolumePassword, ProtectionPassword);
+		TC_CLONE (ProtectionPim);
 		if (other.ProtectionKdf)
 			ProtectionKdf.reset(other.ProtectionKdf->Clone());
 		else
@@ -116,6 +118,9 @@ namespace VeraCrypt
 			}
 		}
 		catch(...) {}
+		
+		sr.Deserialize ("Pim", Pim);
+		sr.Deserialize ("ProtectionPim", ProtectionPim);
 	}
 
 	void MountOptions::Serialize (shared_ptr <Stream> stream) const
@@ -167,6 +172,9 @@ namespace VeraCrypt
 		sr.Serialize ("ProtectionKdfNull", ProtectionKdf == nullptr);
 		if (ProtectionKdf)
 			sr.Serialize ("ProtectionKdf", ProtectionKdf->GetName());
+		
+		sr.Serialize ("Pim", Pim);
+		sr.Serialize ("ProtectionPim", ProtectionPim);
 	}
 
 	TC_SERIALIZER_FACTORY_ADD_CLASS (MountOptions);

src/Core/MountOptions.h

@@ -25,9 +25,11 @@ namespace VeraCrypt
 			NoFilesystem (false),
 			NoHardwareCrypto (false),
 			NoKernelCrypto (false),
+			Pim (-1),
 			PartitionInSystemEncryptionScope (false),
 			PreserveTimestamps (true),
 			Protection (VolumeProtection::None),
+			ProtectionPim (-1),
 			Removable (false),
 			SharedAccessAllowed (false),
 			SlotNumber (0),
@@ -52,12 +54,14 @@ namespace VeraCrypt
 		bool NoHardwareCrypto;
 		bool NoKernelCrypto;
 		shared_ptr <VolumePassword> Password;
+		int Pim;
 		shared_ptr <Pkcs5Kdf> Kdf;
 		bool PartitionInSystemEncryptionScope;
 		shared_ptr <VolumePath> Path;
 		bool PreserveTimestamps;
 		VolumeProtection::Enum Protection;
 		shared_ptr <VolumePassword> ProtectionPassword;
+		int ProtectionPim;
 		shared_ptr <Pkcs5Kdf> ProtectionKdf;
 		shared_ptr <KeyfileList> ProtectionKeyfiles;
 		bool Removable;

src/Core/Unix/CoreUnix.cpp

@@ -409,11 +409,13 @@ namespace VeraCrypt
 					options.Path,
 					options.PreserveTimestamps,
 					options.Password,
+					options.Pim,
 					options.Kdf,
 					options.TrueCryptMode,
 					options.Keyfiles,
 					options.Protection,
 					options.ProtectionPassword,
+					options.ProtectionPim,
 					options.ProtectionKdf,
 					options.ProtectionKeyfiles,
 					options.SharedAccessAllowed,

src/Core/VolumeCreator.cpp

@@ -136,7 +136,7 @@ namespace VeraCrypt
 				SecureBuffer backupHeaderSalt (VolumeHeader::GetSaltSize());
 				RandomNumberGenerator::GetData (backupHeaderSalt);
 
-				Options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, backupHeaderSalt);
+				Options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, Options->Pim, backupHeaderSalt);
 
 				Layout->GetHeader()->EncryptNew (backupHeader, backupHeaderSalt, HeaderKey, Options->VolumeHeaderKdf);
 
@@ -276,7 +276,7 @@ namespace VeraCrypt
 			// Header key
 			HeaderKey.Allocate (VolumeHeader::GetLargestSerializedKeySize());
 			PasswordKey = Keyfile::ApplyListToPassword (options->Keyfiles, options->Password);
-			options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, salt);
+			options->VolumeHeaderKdf->DeriveKey (HeaderKey, *PasswordKey, options->Pim, salt);
 			headerOptions.HeaderKey = HeaderKey;
 
 			header->Create (headerBuffer, headerOptions);

src/Core/VolumeCreator.h

@@ -22,6 +22,7 @@ namespace VeraCrypt
 		VolumeType::Enum Type;
 		uint64 Size;
 		shared_ptr <VolumePassword> Password;
+		int Pim;
 		shared_ptr <KeyfileList> Keyfiles;
 		shared_ptr <Pkcs5Kdf> VolumeHeaderKdf;
 		shared_ptr <EncryptionAlgorithm> EA;

src/Main/CommandLineInterface.cpp

@@ -20,7 +20,9 @@ namespace VeraCrypt
 	CommandLineInterface::CommandLineInterface (int argc, wchar_t** argv, UserInterfaceType::Enum interfaceType) :
 		ArgCommand (CommandId::None),
 		ArgFilesystem (VolumeCreationOptions::FilesystemType::Unknown),
+		ArgNewPim (-1),
 		ArgNoHiddenVolumeProtection (false),
+		ArgPim (-1),
 		ArgSize (0),
 		ArgVolumeType (VolumeType::Unknown),
 		ArgTrueCryptMode (false),
@@ -63,12 +65,15 @@ namespace VeraCrypt
 		parser.AddOption (L"m", L"mount-options",		_("VeraCrypt volume mount options"));
 		parser.AddOption (L"",	L"new-keyfiles",		_("New keyfiles"));
 		parser.AddOption (L"",	L"new-password",		_("New password"));
+		parser.AddOption (L"",	L"new-pim",				_("New PIM"));
 		parser.AddSwitch (L"",	L"non-interactive",		_("Do not interact with user"));
 		parser.AddOption (L"p", L"password",			_("Password"));
+		parser.AddOption (L"",  L"pim",					_("PIM"));
 		parser.AddOption (L"",	L"protect-hidden",		_("Protect hidden volume"));
 		parser.AddOption (L"",	L"protection-hash",		_("Hash algorithm for protected hidden volume"));
 		parser.AddOption (L"",	L"protection-keyfiles",	_("Keyfiles for protected hidden volume"));
 		parser.AddOption (L"",	L"protection-password",	_("Password for protected hidden volume"));
+		parser.AddOption (L"",	L"protection-pim",		_("PIM for protected hidden volume"));
 		parser.AddOption (L"",	L"random-source",		_("Use file as source of random data"));
 		parser.AddSwitch (L"",  L"restore-headers",		_("Restore volume headers"));
 		parser.AddSwitch (L"",	L"save-preferences",	_("Save user preferences"));
@@ -368,6 +373,20 @@ namespace VeraCrypt
 		if (parser.Found (L"new-password", &str))
 			ArgNewPassword.reset (new VolumePassword (wstring (str)));
 		
+		if (parser.Found (L"new-pim", &str))
+		{
+			try
+			{
+				ArgNewPim = StringConverter::ToInt32 (wstring (str));
+				if (ArgNewPim < 0)
+					throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
+			}
+			catch (...)
+			{
+				throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
+			}
+		}
+		
 		if (parser.Found (L"non-interactive"))
 		{
 			if (interfaceType != UserInterfaceType::Text)
@@ -379,6 +398,20 @@ namespace VeraCrypt
 		if (parser.Found (L"password", &str))
 			ArgPassword.reset (new VolumePassword (wstring (str)));
 		
+		if (parser.Found (L"pim", &str))
+		{
+			try
+			{
+				ArgPim = StringConverter::ToInt32 (wstring (str));
+				if (ArgPim < 0)
+					throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
+			}
+			catch (...)
+			{
+				throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
+			}
+		}
+
 		if (parser.Found (L"protect-hidden", &str))
 		{
 			if (str == L"yes")
@@ -404,6 +437,23 @@ namespace VeraCrypt
 			ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly;
 		}
 		
+		if (parser.Found (L"protection-pim", &str))
+		{
+			int pim = -1;
+			try
+			{
+				pim = StringConverter::ToInt32 (wstring (str));
+				if (pim < 0)
+					throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
+			}
+			catch (...)
+			{
+				throw_err (LangString["PARAMETER_INCORRECT"] + L": " + str);
+			}
+			ArgMountOptions.ProtectionPim = pim;
+			ArgMountOptions.Protection = VolumeProtection::HiddenVolumeReadOnly;
+		}
+
 		if (parser.Found (L"protection-hash", &str))
 		{
 			bool bHashFound = false;

src/Main/CommandLineInterface.h

@@ -67,8 +67,10 @@ namespace VeraCrypt
 		shared_ptr <DirectoryPath> ArgMountPoint;
 		shared_ptr <KeyfileList> ArgNewKeyfiles;
 		shared_ptr <VolumePassword> ArgNewPassword;
+		int ArgNewPim;
 		bool ArgNoHiddenVolumeProtection;
 		shared_ptr <VolumePassword> ArgPassword;
+		int ArgPim;
 		bool ArgQuick;
 		FilesystemPath ArgRandomSourcePath;
 		uint64 ArgSize;

src/Main/Forms/ChangePasswordDialog.cpp

@@ -90,20 +90,44 @@ namespace VeraCrypt
 			}
 			
 			shared_ptr <VolumePassword> newPassword;
+			int newPim = 0;
 			if (DialogMode == Mode::ChangePasswordAndKeyfiles)
 			{
 				newPassword = NewPasswordPanel->GetPassword();
+				newPim = NewPasswordPanel->GetVolumePim();
 				newPassword->CheckPortability();
 
-				if (newPassword->Size() > 0 && newPassword->Size() < VolumePassword::WarningSizeThreshold
+				if (newPassword->Size() > 0)
-					&& !Gui->AskYesNo (LangString ["PASSWORD_LENGTH_WARNING"], false, true))
 				{
-					NewPasswordPanel->SetFocusToPasswordTextCtrl();
+					if (newPassword->Size() < VolumePassword::WarningSizeThreshold)
-					return;
+					{
+						if (newPim < 485)
+						{
+							Gui->ShowError ("PIM_REQUIRE_LONG_PASSWORD");						
+							return;
+						}
+
+						if (!Gui->AskYesNo (LangString ["PASSWORD_LENGTH_WARNING"], false, true))
+						{
+							NewPasswordPanel->SetFocusToPasswordTextCtrl();
+							return;
+						}
+					}
+					else if (newPim < 485)
+					{
+						if (!Gui->AskYesNo (LangString ["PIM_SMALL_WARNING"], false, true))
+						{
+							NewPasswordPanel->SetFocusToPimTextCtrl();
+							return;
+						}
+					}
 				}
 			}
 			else
+			{
 				newPassword = CurrentPasswordPanel->GetPassword();
+				newPim = CurrentPasswordPanel->GetVolumePim();
+			}
 
 			shared_ptr <KeyfileList> newKeyfiles;
 			if (DialogMode == Mode::ChangePasswordAndKeyfiles || DialogMode == Mode::ChangeKeyfiles)
@@ -134,8 +158,8 @@ namespace VeraCrypt
 #endif
 				wxBusyCursor busy;
 				ChangePasswordThreadRoutine routine(Path,	Gui->GetPreferences().DefaultMountOptions.PreserveTimestamps,
-					CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetTrueCryptMode(),CurrentPasswordPanel->GetKeyfiles(),
+					CurrentPasswordPanel->GetPassword(), CurrentPasswordPanel->GetVolumePim(), CurrentPasswordPanel->GetPkcs5Kdf(), CurrentPasswordPanel->GetTrueCryptMode(),CurrentPasswordPanel->GetKeyfiles(),
-					newPassword, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount());
+					newPassword, newPim, newKeyfiles, NewPasswordPanel->GetPkcs5Kdf(), NewPasswordPanel->GetHeaderWipeCount());
 				Gui->ExecuteWaitThreadRoutine (this, &routine);
 			}
 

src/Main/Forms/Forms.cpp

@@ -3206,50 +3206,62 @@ VolumePasswordPanelBase::VolumePasswordPanelBase( wxWindow* parent, wxWindowID i
 	
 	GridBagSizer->Add( ConfirmPasswordTextCtrl, wxGBPosition( 2, 1 ), wxGBSpan( 1, 2 ), wxBOTTOM|wxALIGN_CENTER_VERTICAL|wxEXPAND, 5 );
 	
+	VolumePimStaticText = new wxStaticText( this, wxID_ANY, _("Volume PIM:"), wxDefaultPosition, wxDefaultSize, 0 );
+	VolumePimStaticText->Wrap( -1 );
+	GridBagSizer->Add( VolumePimStaticText, wxGBPosition( 3, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxRIGHT, 5 );
+	
+	VolumePimTextCtrl = new wxTextCtrl( this, wxID_ANY, wxEmptyString, wxDefaultPosition, wxDefaultSize, 0 );
+	VolumePimTextCtrl->SetMaxLength( 10 ); 
+	GridBagSizer->Add( VolumePimTextCtrl, wxGBPosition( 3, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxEXPAND, 5 );
+	
+	VolumePinHelpStaticText = new wxStaticText( this, wxID_ANY, _("(Empty or 0 for default iterations)"), wxDefaultPosition, wxDefaultSize, 0 );
+	VolumePinHelpStaticText->Wrap( -1 );
+	GridBagSizer->Add( VolumePinHelpStaticText, wxGBPosition( 3, 2 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxLEFT|wxRIGHT, 5 );
+	
 	CacheCheckBox = new wxCheckBox( this, wxID_ANY, _("Cach&e passwords and keyfiles in memory "), wxDefaultPosition, wxDefaultSize, 0 );
-	GridBagSizer->Add( CacheCheckBox, wxGBPosition( 3, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 );
+	GridBagSizer->Add( CacheCheckBox, wxGBPosition( 4, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 );
 	
 	DisplayPasswordCheckBox = new wxCheckBox( this, wxID_ANY, _("&Display password"), wxDefaultPosition, wxDefaultSize, 0 );
-	GridBagSizer->Add( DisplayPasswordCheckBox, wxGBPosition( 4, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 );
+	GridBagSizer->Add( DisplayPasswordCheckBox, wxGBPosition( 5, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL, 5 );
 	
 	UseKeyfilesCheckBox = new wxCheckBox( this, wxID_ANY, _("U&se keyfiles"), wxDefaultPosition, wxDefaultSize, 0 );
-	GridBagSizer->Add( UseKeyfilesCheckBox, wxGBPosition( 5, 1 ), wxGBSpan( 1, 1 ), wxTOP|wxRIGHT|wxLEFT, 5 );
+	GridBagSizer->Add( UseKeyfilesCheckBox, wxGBPosition( 6, 1 ), wxGBSpan( 1, 1 ), wxTOP|wxRIGHT|wxLEFT, 5 );
 	
 	KeyfilesButton = new wxButton( this, wxID_ANY, _("&Keyfiles..."), wxDefaultPosition, wxDefaultSize, 0 );
-	GridBagSizer->Add( KeyfilesButton, wxGBPosition( 5, 2 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_BOTTOM|wxLEFT, 5 );
+	GridBagSizer->Add( KeyfilesButton, wxGBPosition( 6, 2 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_BOTTOM|wxLEFT, 5 );
 	
 	Pkcs5PrfSizer = new wxBoxSizer( wxVERTICAL );
 	
 	
-	GridBagSizer->Add( Pkcs5PrfSizer, wxGBPosition( 6, 1 ), wxGBSpan( 1, 1 ), wxEXPAND|wxTOP|wxBOTTOM, 5 );
+	GridBagSizer->Add( Pkcs5PrfSizer, wxGBPosition( 7, 1 ), wxGBSpan( 1, 1 ), wxEXPAND|wxTOP|wxBOTTOM, 5 );
 	
 	Pkcs5PrfStaticText = new wxStaticText( this, wxID_ANY, _("PKCS-5 PRF:"), wxDefaultPosition, wxDefaultSize, 0 );
 	Pkcs5PrfStaticText->Wrap( -1 );
-	GridBagSizer->Add( Pkcs5PrfStaticText, wxGBPosition( 7, 0 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
+	GridBagSizer->Add( Pkcs5PrfStaticText, wxGBPosition( 8, 0 ), wxGBSpan( 1, 1 ), wxALIGN_RIGHT|wxALIGN_CENTER_VERTICAL|wxRIGHT, 5 );
 	
 	wxString Pkcs5PrfChoiceChoices[] = { _("Unchanged") };
 	int Pkcs5PrfChoiceNChoices = sizeof( Pkcs5PrfChoiceChoices ) / sizeof( wxString );
 	Pkcs5PrfChoice = new wxChoice( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, Pkcs5PrfChoiceNChoices, Pkcs5PrfChoiceChoices, 0 );
 	Pkcs5PrfChoice->SetSelection( 0 );
-	GridBagSizer->Add( Pkcs5PrfChoice, wxGBPosition( 7, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 );
+	GridBagSizer->Add( Pkcs5PrfChoice, wxGBPosition( 8, 1 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 );
 	
 	TrueCryptModeCheckBox = new wxCheckBox( this, wxID_ANY, _("TrueCrypt Mode"), wxDefaultPosition, wxDefaultSize, 0 );
-	GridBagSizer->Add( TrueCryptModeCheckBox, wxGBPosition( 7, 2 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 );
+	GridBagSizer->Add( TrueCryptModeCheckBox, wxGBPosition( 8, 2 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxLEFT, 5 );
 	
 	HeaderWipeCountText = new wxStaticText( this, wxID_ANY, _("Header Wipe:"), wxDefaultPosition, wxDefaultSize, 0 );
 	HeaderWipeCountText->Wrap( -1 );
-	GridBagSizer->Add( HeaderWipeCountText, wxGBPosition( 8, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxRIGHT, 5 );
+	GridBagSizer->Add( HeaderWipeCountText, wxGBPosition( 9, 0 ), wxGBSpan( 1, 1 ), wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxRIGHT, 5 );
 	
 	wxString HeaderWipeCountChoices[] = { _("1-pass"), _("3-pass"), _("7-pass"), _("35-pass"), _("256-pass") };
 	int HeaderWipeCountNChoices = sizeof( HeaderWipeCountChoices ) / sizeof( wxString );
 	HeaderWipeCount = new wxChoice( this, wxID_ANY, wxDefaultPosition, wxDefaultSize, HeaderWipeCountNChoices, HeaderWipeCountChoices, 0 );
 	HeaderWipeCount->SetSelection( 1 );
-	GridBagSizer->Add( HeaderWipeCount, wxGBPosition( 8, 1 ), wxGBSpan( 1, 1 ), wxALL, 5 );
+	GridBagSizer->Add( HeaderWipeCount, wxGBPosition( 9, 1 ), wxGBSpan( 1, 1 ), wxALL, 5 );
 	
 	PasswordPlaceholderSizer = new wxBoxSizer( wxVERTICAL );
 	
 	
-	GridBagSizer->Add( PasswordPlaceholderSizer, wxGBPosition( 9, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxEXPAND, 5 );
+	GridBagSizer->Add( PasswordPlaceholderSizer, wxGBPosition( 10, 1 ), wxGBSpan( 1, 2 ), wxTOP|wxEXPAND, 5 );
 	
 	
 	GridBagSizer->AddGrowableCol( 1 );
@@ -3264,6 +3276,7 @@ VolumePasswordPanelBase::VolumePasswordPanelBase( wxWindow* parent, wxWindowID i
 	// Connect Events
 	PasswordTextCtrl->Connect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this );
 	ConfirmPasswordTextCtrl->Connect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this );
+	VolumePimTextCtrl->Connect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnPimChanged ), NULL, this );
 	DisplayPasswordCheckBox->Connect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnDisplayPasswordCheckBoxClick ), NULL, this );
 	UseKeyfilesCheckBox->Connect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnUseKeyfilesCheckBoxClick ), NULL, this );
 	KeyfilesButton->Connect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnKeyfilesButtonClick ), NULL, this );
@@ -3276,6 +3289,7 @@ VolumePasswordPanelBase::~VolumePasswordPanelBase()
 	// Disconnect Events
 	PasswordTextCtrl->Disconnect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this );
 	ConfirmPasswordTextCtrl->Disconnect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnTextChanged ), NULL, this );
+	VolumePimTextCtrl->Disconnect( wxEVT_COMMAND_TEXT_UPDATED, wxCommandEventHandler( VolumePasswordPanelBase::OnPimChanged ), NULL, this );
 	DisplayPasswordCheckBox->Disconnect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnDisplayPasswordCheckBoxClick ), NULL, this );
 	UseKeyfilesCheckBox->Disconnect( wxEVT_COMMAND_CHECKBOX_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnUseKeyfilesCheckBoxClick ), NULL, this );
 	KeyfilesButton->Disconnect( wxEVT_COMMAND_BUTTON_CLICKED, wxCommandEventHandler( VolumePasswordPanelBase::OnKeyfilesButtonClick ), NULL, this );

src/Main/Forms/Forms.h

@@ -959,6 +959,9 @@ namespace VeraCrypt
 			wxTextCtrl* PasswordTextCtrl;
 			wxStaticText* ConfirmPasswordStaticText;
 			wxTextCtrl* ConfirmPasswordTextCtrl;
+			wxStaticText* VolumePimStaticText;
+			wxTextCtrl* VolumePimTextCtrl;
+			wxStaticText* VolumePinHelpStaticText;
 			wxCheckBox* CacheCheckBox;
 			wxCheckBox* DisplayPasswordCheckBox;
 			wxCheckBox* UseKeyfilesCheckBox;
@@ -973,6 +976,7 @@ namespace VeraCrypt
 			
 			// Virtual event handlers, overide them in your derived class
 			virtual void OnTextChanged( wxCommandEvent& event ) { event.Skip(); }
+			virtual void OnPimChanged( wxCommandEvent& event ) { event.Skip(); }
 			virtual void OnDisplayPasswordCheckBoxClick( wxCommandEvent& event ) { event.Skip(); }
 			virtual void OnUseKeyfilesCheckBoxClick( wxCommandEvent& event ) { event.Skip(); }
 			virtual void OnKeyfilesButtonClick( wxCommandEvent& event ) { event.Skip(); }

src/Main/Forms/MountOptionsDialog.cpp

@@ -85,6 +85,7 @@ namespace VeraCrypt
 		TransferDataFromWindow();
 
 		Options.Password = PasswordPanel->GetPassword();
+		Options.Pim = PasswordPanel->GetVolumePim();
 		Options.Kdf = PasswordPanel->GetPkcs5Kdf();
 		Options.TrueCryptMode = PasswordPanel->GetTrueCryptMode();
 		Options.Keyfiles = PasswordPanel->GetKeyfiles();
@@ -97,6 +98,7 @@ namespace VeraCrypt
 		{
 			Options.Protection = VolumeProtection::HiddenVolumeReadOnly;
 			Options.ProtectionPassword = ProtectionPasswordPanel->GetPassword();
+			Options.ProtectionPim = ProtectionPasswordPanel->GetVolumePim();
 			Options.ProtectionKdf = ProtectionPasswordPanel->GetPkcs5Kdf();
 			Options.ProtectionKeyfiles = ProtectionPasswordPanel->GetKeyfiles();
 		}

src/Main/Forms/TrueCrypt.fbp

@@ -25834,11 +25834,277 @@
                             </object>
                         </object>
                         <object class="gbsizeritem" expanded="1">
+                            <property name="border">5</property>
+                            <property name="colspan">1</property>
+                            <property name="column">0</property>
+                            <property name="flag">wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxRIGHT</property>
+                            <property name="row">3</property>
+                            <property name="rowspan">1</property>
+                            <object class="wxStaticText" expanded="0">
+                                <property name="BottomDockable">1</property>
+                                <property name="LeftDockable">1</property>
+                                <property name="RightDockable">1</property>
+                                <property name="TopDockable">1</property>
+                                <property name="aui_layer"></property>
+                                <property name="aui_name"></property>
+                                <property name="aui_position"></property>
+                                <property name="aui_row"></property>
+                                <property name="best_size"></property>
+                                <property name="bg"></property>
+                                <property name="caption"></property>
+                                <property name="caption_visible">1</property>
+                                <property name="center_pane">0</property>
+                                <property name="close_button">1</property>
+                                <property name="context_help"></property>
+                                <property name="context_menu">1</property>
+                                <property name="default_pane">0</property>
+                                <property name="dock">Dock</property>
+                                <property name="dock_fixed">0</property>
+                                <property name="docking">Left</property>
+                                <property name="enabled">1</property>
+                                <property name="fg"></property>
+                                <property name="floatable">1</property>
+                                <property name="font"></property>
+                                <property name="gripper">0</property>
+                                <property name="hidden">0</property>
+                                <property name="id">wxID_ANY</property>
+                                <property name="label">Volume PIM:</property>
+                                <property name="max_size"></property>
+                                <property name="maximize_button">0</property>
+                                <property name="maximum_size"></property>
+                                <property name="min_size"></property>
+                                <property name="minimize_button">0</property>
+                                <property name="minimum_size"></property>
+                                <property name="moveable">1</property>
+                                <property name="name">VolumePimStaticText</property>
+                                <property name="pane_border">1</property>
+                                <property name="pane_position"></property>
+                                <property name="pane_size"></property>
+                                <property name="permission">protected</property>
+                                <property name="pin_button">1</property>
+                                <property name="pos"></property>
+                                <property name="resize">Resizable</property>
+                                <property name="show">1</property>
+                                <property name="size"></property>
+                                <property name="style"></property>
+                                <property name="subclass"></property>
+                                <property name="toolbar_pane">0</property>
+                                <property name="tooltip"></property>
+                                <property name="window_extra_style"></property>
+                                <property name="window_name"></property>
+                                <property name="window_style"></property>
+                                <property name="wrap">-1</property>
+                                <event name="OnChar"></event>
+                                <event name="OnEnterWindow"></event>
+                                <event name="OnEraseBackground"></event>
+                                <event name="OnKeyDown"></event>
+                                <event name="OnKeyUp"></event>
+                                <event name="OnKillFocus"></event>
+                                <event name="OnLeaveWindow"></event>
+                                <event name="OnLeftDClick"></event>
+                                <event name="OnLeftDown"></event>
+                                <event name="OnLeftUp"></event>
+                                <event name="OnMiddleDClick"></event>
+                                <event name="OnMiddleDown"></event>
+                                <event name="OnMiddleUp"></event>
+                                <event name="OnMotion"></event>
+                                <event name="OnMouseEvents"></event>
+                                <event name="OnMouseWheel"></event>
+                                <event name="OnPaint"></event>
+                                <event name="OnRightDClick"></event>
+                                <event name="OnRightDown"></event>
+                                <event name="OnRightUp"></event>
+                                <event name="OnSetFocus"></event>
+                                <event name="OnSize"></event>
+                                <event name="OnUpdateUI"></event>
+                            </object>
+                        </object>
+                        <object class="gbsizeritem" expanded="0">
+                            <property name="border">5</property>
+                            <property name="colspan">1</property>
+                            <property name="column">1</property>
+                            <property name="flag">wxALIGN_CENTER_VERTICAL|wxBOTTOM|wxEXPAND</property>
+                            <property name="row">3</property>
+                            <property name="rowspan">1</property>
+                            <object class="wxTextCtrl" expanded="0">
+                                <property name="BottomDockable">1</property>
+                                <property name="LeftDockable">1</property>
+                                <property name="RightDockable">1</property>
+                                <property name="TopDockable">1</property>
+                                <property name="aui_layer"></property>
+                                <property name="aui_name"></property>
+                                <property name="aui_position"></property>
+                                <property name="aui_row"></property>
+                                <property name="best_size"></property>
+                                <property name="bg"></property>
+                                <property name="caption"></property>
+                                <property name="caption_visible">1</property>
+                                <property name="center_pane">0</property>
+                                <property name="close_button">1</property>
+                                <property name="context_help"></property>
+                                <property name="context_menu">1</property>
+                                <property name="default_pane">0</property>
+                                <property name="dock">Dock</property>
+                                <property name="dock_fixed">0</property>
+                                <property name="docking">Left</property>
+                                <property name="enabled">1</property>
+                                <property name="fg"></property>
+                                <property name="floatable">1</property>
+                                <property name="font"></property>
+                                <property name="gripper">0</property>
+                                <property name="hidden">0</property>
+                                <property name="id">wxID_ANY</property>
+                                <property name="max_size"></property>
+                                <property name="maximize_button">0</property>
+                                <property name="maximum_size"></property>
+                                <property name="maxlength">10</property>
+                                <property name="min_size"></property>
+                                <property name="minimize_button">0</property>
+                                <property name="minimum_size"></property>
+                                <property name="moveable">1</property>
+                                <property name="name">VolumePimTextCtrl</property>
+                                <property name="pane_border">1</property>
+                                <property name="pane_position"></property>
+                                <property name="pane_size"></property>
+                                <property name="permission">protected</property>
+                                <property name="pin_button">1</property>
+                                <property name="pos"></property>
+                                <property name="resize">Resizable</property>
+                                <property name="show">1</property>
+                                <property name="size"></property>
+                                <property name="style"></property>
+                                <property name="subclass"></property>
+                                <property name="toolbar_pane">0</property>
+                                <property name="tooltip"></property>
+                                <property name="validator_data_type"></property>
+                                <property name="validator_style">wxFILTER_NUMERIC</property>
+                                <property name="validator_type">wxDefaultValidator</property>
+                                <property name="validator_variable"></property>
+                                <property name="value"></property>
+                                <property name="window_extra_style"></property>
+                                <property name="window_name"></property>
+                                <property name="window_style"></property>
+                                <event name="OnChar"></event>
+                                <event name="OnEnterWindow"></event>
+                                <event name="OnEraseBackground"></event>
+                                <event name="OnKeyDown"></event>
+                                <event name="OnKeyUp"></event>
+                                <event name="OnKillFocus"></event>
+                                <event name="OnLeaveWindow"></event>
+                                <event name="OnLeftDClick"></event>
+                                <event name="OnLeftDown"></event>
+                                <event name="OnLeftUp"></event>
+                                <event name="OnMiddleDClick"></event>
+                                <event name="OnMiddleDown"></event>
+                                <event name="OnMiddleUp"></event>
+                                <event name="OnMotion"></event>
+                                <event name="OnMouseEvents"></event>
+                                <event name="OnMouseWheel"></event>
+                                <event name="OnPaint"></event>
+                                <event name="OnRightDClick"></event>
+                                <event name="OnRightDown"></event>
+                                <event name="OnRightUp"></event>
+                                <event name="OnSetFocus"></event>
+                                <event name="OnSize"></event>
+                                <event name="OnText">OnPimChanged</event>
+                                <event name="OnTextEnter"></event>
+                                <event name="OnTextMaxLen"></event>
+                                <event name="OnTextURL"></event>
+                                <event name="OnUpdateUI"></event>
+                            </object>
+                        </object>
+                        <object class="gbsizeritem" expanded="0">
+                            <property name="border">5</property>
+                            <property name="colspan">1</property>
+                            <property name="column">2</property>
+                            <property name="flag">wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxBOTTOM|wxLEFT|wxRIGHT</property>
+                            <property name="row">3</property>
+                            <property name="rowspan">1</property>
+                            <object class="wxStaticText" expanded="0">
+                                <property name="BottomDockable">1</property>
+                                <property name="LeftDockable">1</property>
+                                <property name="RightDockable">1</property>
+                                <property name="TopDockable">1</property>
+                                <property name="aui_layer"></property>
+                                <property name="aui_name"></property>
+                                <property name="aui_position"></property>
+                                <property name="aui_row"></property>
+                                <property name="best_size"></property>
+                                <property name="bg"></property>
+                                <property name="caption"></property>
+                                <property name="caption_visible">1</property>
+                                <property name="center_pane">0</property>
+                                <property name="close_button">1</property>
+                                <property name="context_help"></property>
+                                <property name="context_menu">1</property>
+                                <property name="default_pane">0</property>
+                                <property name="dock">Dock</property>
+                                <property name="dock_fixed">0</property>
+                                <property name="docking">Left</property>
+                                <property name="enabled">1</property>
+                                <property name="fg"></property>
+                                <property name="floatable">1</property>
+                                <property name="font"></property>
+                                <property name="gripper">0</property>
+                                <property name="hidden">0</property>
+                                <property name="id">wxID_ANY</property>
+                                <property name="label">(Empty or 0 for default iterations)</property>
+                                <property name="max_size"></property>
+                                <property name="maximize_button">0</property>
+                                <property name="maximum_size"></property>
+                                <property name="min_size"></property>
+                                <property name="minimize_button">0</property>
+                                <property name="minimum_size"></property>
+                                <property name="moveable">1</property>
+                                <property name="name">VolumePinHelpStaticText</property>
+                                <property name="pane_border">1</property>
+                                <property name="pane_position"></property>
+                                <property name="pane_size"></property>
+                                <property name="permission">protected</property>
+                                <property name="pin_button">1</property>
+                                <property name="pos"></property>
+                                <property name="resize">Resizable</property>
+                                <property name="show">1</property>
+                                <property name="size"></property>
+                                <property name="style"></property>
+                                <property name="subclass"></property>
+                                <property name="toolbar_pane">0</property>
+                                <property name="tooltip"></property>
+                                <property name="window_extra_style"></property>
+                                <property name="window_name"></property>
+                                <property name="window_style"></property>
+                                <property name="wrap">-1</property>
+                                <event name="OnChar"></event>
+                                <event name="OnEnterWindow"></event>
+                                <event name="OnEraseBackground"></event>
+                                <event name="OnKeyDown"></event>
+                                <event name="OnKeyUp"></event>
+                                <event name="OnKillFocus"></event>
+                                <event name="OnLeaveWindow"></event>
+                                <event name="OnLeftDClick"></event>
+                                <event name="OnLeftDown"></event>
+                                <event name="OnLeftUp"></event>
+                                <event name="OnMiddleDClick"></event>
+                                <event name="OnMiddleDown"></event>
+                                <event name="OnMiddleUp"></event>
+                                <event name="OnMotion"></event>
+                                <event name="OnMouseEvents"></event>
+                                <event name="OnMouseWheel"></event>
+                                <event name="OnPaint"></event>
+                                <event name="OnRightDClick"></event>
+                                <event name="OnRightDown"></event>
+                                <event name="OnRightUp"></event>
+                                <event name="OnSetFocus"></event>
+                                <event name="OnSize"></event>
+                                <event name="OnUpdateUI"></event>
+                            </object>
+                        </object>
+                        <object class="gbsizeritem" expanded="0">
                             <property name="border">5</property>
                             <property name="colspan">2</property>
                             <property name="column">1</property>
                             <property name="flag">wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL</property>
-                            <property name="row">3</property>
+                            <property name="row">4</property>
                             <property name="rowspan">1</property>
                             <object class="wxCheckBox" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -25929,7 +26195,7 @@
                             <property name="colspan">2</property>
                             <property name="column">1</property>
                             <property name="flag">wxTOP|wxBOTTOM|wxLEFT|wxALIGN_CENTER_VERTICAL</property>
-                            <property name="row">4</property>
+                            <property name="row">5</property>
                             <property name="rowspan">1</property>
                             <object class="wxCheckBox" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26020,7 +26286,7 @@
                             <property name="colspan">1</property>
                             <property name="column">1</property>
                             <property name="flag">wxTOP|wxRIGHT|wxLEFT</property>
-                            <property name="row">5</property>
+                            <property name="row">6</property>
                             <property name="rowspan">1</property>
                             <object class="wxCheckBox" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26111,7 +26377,7 @@
                             <property name="colspan">1</property>
                             <property name="column">2</property>
                             <property name="flag">wxALIGN_RIGHT|wxALIGN_BOTTOM|wxLEFT</property>
-                            <property name="row">5</property>
+                            <property name="row">6</property>
                             <property name="rowspan">1</property>
                             <object class="wxButton" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26202,7 +26468,7 @@
                             <property name="colspan">1</property>
                             <property name="column">1</property>
                             <property name="flag">wxEXPAND|wxTOP|wxBOTTOM</property>
-                            <property name="row">6</property>
+                            <property name="row">7</property>
                             <property name="rowspan">1</property>
                             <object class="wxBoxSizer" expanded="1">
                                 <property name="minimum_size"></property>
@@ -26216,7 +26482,7 @@
                             <property name="colspan">1</property>
                             <property name="column">0</property>
                             <property name="flag">wxALIGN_RIGHT|wxALIGN_CENTER_VERTICAL|wxRIGHT</property>
-                            <property name="row">7</property>
+                            <property name="row">8</property>
                             <property name="rowspan">1</property>
                             <object class="wxStaticText" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26302,7 +26568,7 @@
                             <property name="colspan">1</property>
                             <property name="column">1</property>
                             <property name="flag">wxALIGN_CENTER_VERTICAL|wxLEFT</property>
-                            <property name="row">7</property>
+                            <property name="row">8</property>
                             <property name="rowspan">1</property>
                             <object class="wxChoice" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26393,7 +26659,7 @@
                             <property name="colspan">1</property>
                             <property name="column">2</property>
                             <property name="flag">wxALIGN_CENTER_VERTICAL|wxLEFT</property>
-                            <property name="row">7</property>
+                            <property name="row">8</property>
                             <property name="rowspan">1</property>
                             <object class="wxCheckBox" expanded="0">
                                 <property name="BottomDockable">1</property>
@@ -26484,7 +26750,7 @@
                             <property name="colspan">1</property>
                             <property name="column">0</property>
                             <property name="flag">wxALIGN_CENTER_VERTICAL|wxALIGN_RIGHT|wxRIGHT</property>
-                            <property name="row">8</property>
+                            <property name="row">9</property>
                             <property name="rowspan">1</property>
                             <object class="wxStaticText" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26570,7 +26836,7 @@
                             <property name="colspan">1</property>
                             <property name="column">1</property>
                             <property name="flag">wxALL</property>
-                            <property name="row">8</property>
+                            <property name="row">9</property>
                             <property name="rowspan">1</property>
                             <object class="wxChoice" expanded="1">
                                 <property name="BottomDockable">1</property>
@@ -26661,7 +26927,7 @@
                             <property name="colspan">2</property>
                             <property name="column">1</property>
                             <property name="flag">wxTOP|wxEXPAND</property>
-                            <property name="row">9</property>
+                            <property name="row">10</property>
                             <property name="rowspan">1</property>
                             <object class="wxBoxSizer" expanded="1">
                                 <property name="minimum_size"></property>

src/Main/Forms/VolumeCreationWizard.cpp

@@ -276,6 +276,7 @@ namespace VeraCrypt
 				MountOptions mountOptions;
 				mountOptions.Keyfiles = Keyfiles;
 				mountOptions.Password = Password;
+				mountOptions.Pim = Pim;
 				mountOptions.Path = make_shared <VolumePath> (SelectedVolumePath);
 
 				try
@@ -436,6 +437,7 @@ namespace VeraCrypt
 					mountOptions.NoFilesystem = true;
 					mountOptions.Protection = VolumeProtection::None;
 					mountOptions.Password = Password;
+					mountOptions.Pim = Pim;
 					mountOptions.Keyfiles = Keyfiles;
 					mountOptions.Kdf = Kdf;
 					mountOptions.TrueCryptMode = false;
@@ -706,6 +708,7 @@ namespace VeraCrypt
 			{
 				VolumePasswordWizardPage *page = dynamic_cast <VolumePasswordWizardPage *> (GetCurrentPage());
 				Password = page->GetPassword();
+				Pim = page->GetVolumePim();
 				Kdf = page->GetPkcs5Kdf();
 				Keyfiles = page->GetKeyfiles();
 
@@ -721,13 +724,29 @@ namespace VeraCrypt
 						return GetCurrentStep();
 					}
 
-					if (Password->Size() < VolumePassword::WarningSizeThreshold
+					if (Password->Size() < VolumePassword::WarningSizeThreshold)
-						&& !Gui->AskYesNo (LangString["PASSWORD_LENGTH_WARNING"], false, true))
 					{
-						return GetCurrentStep();
+						if (Pim < 485)
+						{
+							Gui->ShowError ("PIM_REQUIRE_LONG_PASSWORD");
+							return GetCurrentStep();							
+						}
+						
+						if (!Gui->AskYesNo (LangString["PASSWORD_LENGTH_WARNING"], false, true))
+						{
+							return GetCurrentStep();
+						}
+					}
+					else if (Pim < 485)
+					{
+						if (!Gui->AskYesNo (LangString["PIM_SMALL_WARNING"], false, true))
+						{
+							return GetCurrentStep();
+						}
 					}
 				}
 				
+
 				if (forward && OuterVolume)
 				{
 					// Use FAT to prevent problems with free space
@@ -864,6 +883,7 @@ namespace VeraCrypt
 						options->SectorSize = SectorSize;
 						options->EA = SelectedEncryptionAlgorithm;
 						options->Password = Password;
+						options->Pim = Pim;
 						options->Keyfiles = Keyfiles;
 						options->Path = SelectedVolumePath;
 						options->Quick = QuickFormatEnabled;
@@ -946,7 +966,7 @@ namespace VeraCrypt
 				});
 #endif
 
-				shared_ptr <Volume> outerVolume = Core->OpenVolume (make_shared <VolumePath> (SelectedVolumePath), true, Password, Kdf, false, Keyfiles, VolumeProtection::ReadOnly);
+				shared_ptr <Volume> outerVolume = Core->OpenVolume (make_shared <VolumePath> (SelectedVolumePath), true, Password, Pim, Kdf, false, Keyfiles, VolumeProtection::ReadOnly);
 				MaxHiddenVolumeSize = Core->GetMaxHiddenVolumeSize (outerVolume);
 
 				// Add a reserve (in case the user mounts the outer volume and creates new files

src/Main/Forms/VolumeCreationWizard.h

@@ -73,6 +73,7 @@ namespace VeraCrypt
 		VolumeHostType::Enum SelectedVolumeHostType;
 		VolumeType::Enum SelectedVolumeType;
 		shared_ptr <VolumePassword> Password;
+		int Pim;
 		shared_ptr <Pkcs5Kdf> Kdf;
 		uint32 SectorSize;
 		shared_ptr <Hash> SelectedHash;

src/Main/Forms/VolumePasswordPanel.cpp

@@ -55,6 +55,9 @@ namespace VeraCrypt
 		PasswordTextCtrl->Show (enablePassword);
 		DisplayPasswordCheckBox->Show (enablePassword);
 		
+		VolumePimTextCtrl->Show (enablePassword);
+		VolumePinHelpStaticText->Show (enablePassword);
+
 		ConfirmPasswordStaticText->Show (enableConfirmation);
 		ConfirmPasswordTextCtrl->Show (enableConfirmation);
 		
@@ -213,6 +216,18 @@ namespace VeraCrypt
 		}
 	}
 	
+	int VolumePasswordPanel::GetVolumePim () const
+	{
+		wxString pinStr (VolumePimTextCtrl->GetValue());
+		long pin = 0;
+		if (pinStr.IsEmpty())
+			return 0;
+		if (pinStr.ToLong (&pin))
+			return (int) pin;
+		else
+			return -1;
+	}
+	
 	bool VolumePasswordPanel::GetTrueCryptMode () const
 	{
 		return TrueCryptModeCheckBox->GetValue ();
@@ -352,4 +367,21 @@ namespace VeraCrypt
 		textCtrl->SetValue (wxString (L'X', textCtrl->GetLineLength(0)));
 		GetPassword (textCtrl);
 	}
+	
+	void VolumePasswordPanel::OnPimChanged  (wxCommandEvent& event)
+	{ 
+		if (ConfirmPasswordTextCtrl->IsShown())
+		{
+			if (GetVolumePim() != 0)
+			{
+				VolumePinHelpStaticText->SetForegroundColour(*wxRED);
+				VolumePinHelpStaticText->SetLabel(LangString["PIM_CHANGE_WARNING"]);
+			}
+			else
+			{
+				VolumePinHelpStaticText->SetForegroundColour(*wxBLACK);
+				VolumePinHelpStaticText->SetLabel(LangString["IDC_PIM_HELP"]);
+			}			
+		}
+	}
 }

src/Main/Forms/VolumePasswordPanel.h

@@ -25,10 +25,12 @@ namespace VeraCrypt
 		shared_ptr <KeyfileList> GetKeyfiles () const { return UseKeyfilesCheckBox->IsChecked() ? Keyfiles : shared_ptr <KeyfileList> (); }
 		shared_ptr <VolumePassword> GetPassword () const;
 		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const;
+		int GetVolumePim () const;
 		bool GetTrueCryptMode () const;
 		int GetHeaderWipeCount () const;
 		void SetCacheCheckBoxValidator (const wxGenericValidator &validator) { CacheCheckBox->SetValidator (validator); }
 		void SetFocusToPasswordTextCtrl () { PasswordTextCtrl->SetSelection (-1, -1); PasswordTextCtrl->SetFocus(); }
+		void SetFocusToPimTextCtrl () { VolumePimTextCtrl->SetSelection (-1, -1); VolumePimTextCtrl->SetFocus(); }
 		bool PasswordsMatch () const;
 
 		Event UpdateEvent;
@@ -44,6 +46,7 @@ namespace VeraCrypt
 		void OnKeyfilesButtonRightClick (wxMouseEvent& event);
 		void OnKeyfilesButtonRightDown (wxMouseEvent& event);
 		void OnTextChanged (wxCommandEvent& event) { OnUpdate(); }
+		void OnPimChanged  (wxCommandEvent& event);
 		void OnUpdate () { UpdateEvent.Raise(); }
 		void OnUseKeyfilesCheckBoxClick (wxCommandEvent& event) { OnUpdate(); }
 		void WipeTextCtrl (wxTextCtrl *textCtrl);

src/Main/Forms/VolumePasswordWizardPage.h

@@ -22,6 +22,7 @@ namespace VeraCrypt
 
 		shared_ptr <KeyfileList> GetKeyfiles () const { return PasswordPanel->GetKeyfiles(); }
 		shared_ptr <VolumePassword> GetPassword () const { return PasswordPanel->GetPassword(); }
+		int GetVolumePim () const { return PasswordPanel->GetVolumePim(); }
 		shared_ptr <Pkcs5Kdf> GetPkcs5Kdf () const { return PasswordPanel->GetPkcs5Kdf(); }
 		bool IsValid ();
 		void SetMaxStaticTextWidth (int width) { InfoStaticText->Wrap (width); }

src/Main/Forms/VolumePropertiesDialog.cpp

@@ -57,7 +57,10 @@ namespace VeraCrypt
 
 		AppendToList ("BLOCK_SIZE", blockSize.str() + L" " + LangString ["BITS"]);
 		AppendToList ("MODE_OF_OPERATION", volumeInfo.EncryptionModeName);
-		AppendToList ("PKCS5_PRF", volumeInfo.Pkcs5PrfName);
+		if (volumeInfo.Pim <= 0)
+			AppendToList ("PKCS5_PRF", volumeInfo.Pkcs5PrfName);
+		else
+			AppendToList ("PKCS5_PRF", StringFormatter (L"{0} (Dynamic)", volumeInfo.Pkcs5PrfName));
 
 #if 0
 		AppendToList ("PKCS5_ITERATIONS", StringConverter::FromNumber (volumeInfo.Pkcs5IterationCount));

src/Main/GraphicUserInterface.cpp

@@ -178,11 +178,13 @@ namespace VeraCrypt
 						options->Path,
 						options->PreserveTimestamps,
 						options->Password,
+						options->Pim,
 						options->Kdf,
 						false,
 						options->Keyfiles,
 						options->Protection,
 						options->ProtectionPassword,
+						options->ProtectionPim,
 						options->ProtectionKdf,
 						options->ProtectionKeyfiles,
 						true,
@@ -268,7 +270,7 @@ namespace VeraCrypt
 
 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize());
-			ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Keyfiles);
+			ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles);
 
 			ExecuteWaitThreadRoutine (parent, &routine);
 
@@ -277,7 +279,7 @@ namespace VeraCrypt
 			if (hiddenVolume)
 			{
 				// Re-encrypt hidden volume header
-				ReEncryptHeaderThreadRoutine hiddenRoutine(newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Keyfiles);
+				ReEncryptHeaderThreadRoutine hiddenRoutine(newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles);
 
 				ExecuteWaitThreadRoutine (parent, &hiddenRoutine);
 			}
@@ -1322,11 +1324,13 @@ namespace VeraCrypt
 						options.Path,
 						options.PreserveTimestamps,
 						options.Password,
+						options.Pim,
 						options.Kdf,
 						options.TrueCryptMode,
 						options.Keyfiles,
 						options.Protection,
 						options.ProtectionPassword,
+						options.ProtectionPim,
 						options.ProtectionKdf,
 						options.ProtectionKeyfiles,
 						options.SharedAccessAllowed,
@@ -1356,7 +1360,7 @@ namespace VeraCrypt
 			// Re-encrypt volume header
 			wxBusyCursor busy;
 			SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize());
-			ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, volume->GetHeader(), options.Password, options.Keyfiles);
+			ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 
 			ExecuteWaitThreadRoutine (parent, &routine);
 
@@ -1446,7 +1450,7 @@ namespace VeraCrypt
 						EncryptionAlgorithmList encryptionAlgorithms = layout->GetSupportedEncryptionAlgorithms();
 						EncryptionModeList encryptionModes = layout->GetSupportedEncryptionModes();
 
-						DecryptThreadRoutine decryptRoutine(layout->GetHeader(), headerBuffer, *passwordKey, options.Kdf, options.TrueCryptMode, keyDerivationFunctions, encryptionAlgorithms, encryptionModes);						
+						DecryptThreadRoutine decryptRoutine(layout->GetHeader(), headerBuffer, *passwordKey, options.Pim, options.Kdf, options.TrueCryptMode, keyDerivationFunctions, encryptionAlgorithms, encryptionModes);						
 
 						ExecuteWaitThreadRoutine (parent, &decryptRoutine);
 
@@ -1475,7 +1479,7 @@ namespace VeraCrypt
 			// Re-encrypt volume header
 			wxBusyCursor busy;
 			SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize());
-			ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles);
+			ReEncryptHeaderThreadRoutine routine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 
 			ExecuteWaitThreadRoutine (parent, &routine);
 
@@ -1491,7 +1495,7 @@ namespace VeraCrypt
 			if (decryptedLayout->HasBackupHeader())
 			{
 				// Re-encrypt backup volume header
-				ReEncryptHeaderThreadRoutine backupRoutine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles);
+				ReEncryptHeaderThreadRoutine backupRoutine(newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 
 				ExecuteWaitThreadRoutine (parent, &backupRoutine);
 				

src/Main/GraphicUserInterface.h

@@ -30,7 +30,7 @@ namespace VeraCrypt
 		virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const;
 		virtual void BeginBusyState () const { wxBeginBusyCursor(); }
 		virtual void BeginInteractiveBusyState (wxWindow *window);
-		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const { ThrowTextModeRequired(); }
+		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), int pim = 0, shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), int newPim = 0, shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const { ThrowTextModeRequired(); }
 		wxHyperlinkCtrl *CreateHyperlink (wxWindow *parent, const wxString &linkUrl, const wxString &linkText) const;
 		virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const;
 		virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const { ThrowTextModeRequired(); }

src/Main/TextUserInterface.cpp

@@ -180,6 +180,34 @@ namespace VeraCrypt
 		return password;
 	}
 	
+	int TextUserInterface::AskPim (const wxString &message) const
+	{
+		int pim = -1;
+		wxString msg = _("Enter new PIM: ");
+		if (!message.empty())
+			msg = message + L": ";
+		while (pim < 0)
+		{
+			wstring pimStr = AskString (msg);
+			if (pimStr.empty())
+				pim = 0;
+			else
+			{
+				try
+				{
+					pim = (int) StringConverter::ToUInt32 (pimStr);
+				}
+				catch (...)
+				{
+					pim = -1;
+					continue;
+				}
+			}
+		}
+		
+		return pim;
+	}
+	
 	ssize_t TextUserInterface::AskSelection (ssize_t optionCount, ssize_t defaultOption) const
 	{
 		while (true)
@@ -272,6 +300,7 @@ namespace VeraCrypt
 			{
 				ShowString (L"\n");
 				options->Password = AskPassword (LangString[volumeType == VolumeType::Hidden ? "ENTER_HIDDEN_VOL_PASSWORD" : "ENTER_NORMAL_VOL_PASSWORD"]);
+				options->Pim = AskPim (volumeType == VolumeType::Hidden ?_("Enter PIM for the hidden volume") : _("Enter PIM for the normal/outer volume"));
 				options->Keyfiles = AskKeyfiles();
 
 				try
@@ -280,11 +309,13 @@ namespace VeraCrypt
 						options->Path,
 						options->PreserveTimestamps,
 						options->Password,
+						options->Pim,
 						kdf,
 						false,
 						options->Keyfiles,
 						options->Protection,
 						options->ProtectionPassword,
+						options->ProtectionPim,
 						options->ProtectionKdf,
 						options->ProtectionKeyfiles,
 						true,
@@ -345,14 +376,14 @@ namespace VeraCrypt
 
 		// Re-encrypt volume header
 		SecureBuffer newHeaderBuffer (normalVolume->GetLayout()->GetHeaderSize());
-		Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Keyfiles);
+		Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, normalVolume->GetHeader(), normalVolumeMountOptions.Password, normalVolumeMountOptions.Pim, normalVolumeMountOptions.Keyfiles);
 
 		backupFile.Write (newHeaderBuffer);
 
 		if (hiddenVolume)
 		{
 			// Re-encrypt hidden volume header
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, hiddenVolume->GetHeader(), hiddenVolumeMountOptions.Password, hiddenVolumeMountOptions.Pim, hiddenVolumeMountOptions.Keyfiles);
 		}
 		else
 		{
@@ -368,7 +399,7 @@ namespace VeraCrypt
 		ShowInfo ("VOL_HEADER_BACKED_UP");
 	}
 
-	void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, shared_ptr <Hash> currentHash, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
+	void TextUserInterface::ChangePassword (shared_ptr <VolumePath> volumePath, shared_ptr <VolumePassword> password, int pim, shared_ptr <Hash> currentHash, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, shared_ptr <VolumePassword> newPassword, int newPim, shared_ptr <KeyfileList> newKeyfiles, shared_ptr <Hash> newHash) const
 	{
 		shared_ptr <Volume> volume;
 
@@ -412,6 +443,12 @@ namespace VeraCrypt
 				password = AskPassword ();
 			}
 			
+			// current PIM
+			if (!Preferences.NonInteractive && (pim < 0))
+			{
+				pim = AskPim (_("Enter current PIM"));
+			}
+
 			// Current keyfiles
 			try
 			{
@@ -421,7 +458,7 @@ namespace VeraCrypt
 					try
 					{
 						keyfiles.reset (new KeyfileList);
-						volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, truecryptMode, keyfiles);
+						volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
 					}
 					catch (PasswordException&)
 					{
@@ -431,7 +468,7 @@ namespace VeraCrypt
 				}	
 
 				if (!volume.get())
-					volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, kdf, truecryptMode, keyfiles);
+					volume = Core->OpenVolume (volumePath, Preferences.DefaultMountOptions.PreserveTimestamps, password, pim, kdf, truecryptMode, keyfiles);
 			}
 			catch (PasswordException &e)
 			{
@@ -451,6 +488,10 @@ namespace VeraCrypt
 		else if (!Preferences.NonInteractive)
 			newPassword = AskPassword (_("Enter new password"), true);
 		
+		// New PIM
+		if ((newPim < 0) && !Preferences.NonInteractive)
+			newPim = AskPim (_("Enter new PIM"));
+
 		// New keyfiles
 		if (!newKeyfiles.get() && !Preferences.NonInteractive)
 		{
@@ -464,7 +505,7 @@ namespace VeraCrypt
 		RandomNumberGenerator::SetEnrichedByUserStatus (false);
 		UserEnrichRandomPool();
 
-		Core->ChangePassword (volume, newPassword, newKeyfiles,
+		Core->ChangePassword (volume, newPassword, newPim, newKeyfiles,
 			newHash ? Pkcs5Kdf::GetAlgorithm (*newHash, false) : shared_ptr <Pkcs5Kdf>());
 
 		ShowInfo ("PASSWORD_CHANGED");
@@ -748,6 +789,13 @@ namespace VeraCrypt
 		if (options->Password)
 			options->Password->CheckPortability();
 		
+		// PIM
+		if ((options->Pim < 0) && !Preferences.NonInteractive)
+		{
+			ShowString (L"\n");
+			options->Pim = AskPim (_("Enter PIM"));
+		}
+
 		// Keyfiles
 		if (!options->Keyfiles && !Preferences.NonInteractive)
 		{
@@ -819,6 +867,7 @@ namespace VeraCrypt
 			mountOptions.NoFilesystem = true;
 			mountOptions.Protection = VolumeProtection::None;
 			mountOptions.Password = options->Password;
+			mountOptions.Pim = options->Pim;
 			mountOptions.Keyfiles = options->Keyfiles;
 
 			shared_ptr <VolumeInfo> volume = Core->MountVolume (mountOptions);
@@ -1071,6 +1120,9 @@ namespace VeraCrypt
 			if (!options.Password)
 				options.Password = AskPassword();
 			
+			if (options.Pim < 0)
+				options.Pim = AskPim (_("Enter PIM"));
+
 			if (!options.Keyfiles)
 				options.Keyfiles = AskKeyfiles();
 
@@ -1080,6 +1132,7 @@ namespace VeraCrypt
 				return mountedVolumes;
 
 			options.Password.reset();
+			options.Pim = -1;
 		}
 	}
 	
@@ -1145,6 +1198,11 @@ namespace VeraCrypt
 				}
 			}
 			
+			if (options.Pim < 0)
+			{
+				options.Pim = AskPim (StringFormatter (_("Enter PIM for {0}"), wstring (*options.Path)));
+			}
+
 			// Keyfiles
 			if (!options.Keyfiles)
 				options.Keyfiles = AskKeyfiles();
@@ -1159,6 +1217,8 @@ namespace VeraCrypt
 			{
 				if (!options.ProtectionPassword)
 					options.ProtectionPassword = AskPassword (_("Enter password for hidden volume"));
+				if (options.ProtectionPim < 0)
+					options.ProtectionPim = AskPim (_("Enter PIM for hidden volume"));
 				if (!options.ProtectionKeyfiles)
 					options.ProtectionKeyfiles = AskKeyfiles (_("Enter keyfile for hidden volume"));
 			}
@@ -1171,6 +1231,7 @@ namespace VeraCrypt
 			{
 				ShowInfo (e);
 				options.ProtectionPassword.reset();
+				options.ProtectionPim = -1;
 			}
 			catch (PasswordIncorrect &e)
 			{
@@ -1337,6 +1398,7 @@ namespace VeraCrypt
 			{
 				ShowString (L"\n");
 				options.Password = AskPassword();
+				options.Pim = AskPim();
 				options.Keyfiles = AskKeyfiles();
 
 				try
@@ -1345,11 +1407,13 @@ namespace VeraCrypt
 						options.Path,
 						options.PreserveTimestamps,
 						options.Password,
+						options.Pim,
 						kdf,
 						false,
 						options.Keyfiles,
 						options.Protection,
 						options.ProtectionPassword,
+						options.ProtectionPim,
 						options.ProtectionKdf,
 						options.ProtectionKeyfiles,
 						options.SharedAccessAllowed,
@@ -1374,7 +1438,7 @@ namespace VeraCrypt
 
 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (volume->GetLayout()->GetHeaderSize());
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, volume->GetHeader(), options.Password, options.Pim,  options.Keyfiles);
 
 			// Write volume header
 			int headerOffset = volume->GetLayout()->GetHeaderOffset();
@@ -1434,6 +1498,7 @@ namespace VeraCrypt
 			while (!decryptedLayout)
 			{
 				options.Password = AskPassword (L"\n" + LangString["ENTER_HEADER_BACKUP_PASSWORD"]);
+				options.Pim = AskPim (_("Enter PIM"));
 				options.Keyfiles = AskKeyfiles();
 
 				try
@@ -1455,7 +1520,7 @@ namespace VeraCrypt
 
 						// Decrypt header
 						shared_ptr <VolumePassword> passwordKey = Keyfile::ApplyListToPassword (options.Keyfiles, options.Password);
-						if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
+						if (layout->GetHeader()->Decrypt (headerBuffer, *passwordKey, options.Pim, kdf, false, layout->GetSupportedKeyDerivationFunctions(false), layout->GetSupportedEncryptionAlgorithms(), layout->GetSupportedEncryptionModes()))
 						{
 							decryptedLayout = layout;
 							break;
@@ -1479,7 +1544,7 @@ namespace VeraCrypt
 
 			// Re-encrypt volume header
 			SecureBuffer newHeaderBuffer (decryptedLayout->GetHeaderSize());
-			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles);
+			Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 
 			// Write volume header
 			int headerOffset = decryptedLayout->GetHeaderOffset();
@@ -1493,7 +1558,7 @@ namespace VeraCrypt
 			if (decryptedLayout->HasBackupHeader())
 			{
 				// Re-encrypt backup volume header
-				Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Keyfiles);
+				Core->ReEncryptVolumeHeaderWithNewSalt (newHeaderBuffer, decryptedLayout->GetHeader(), options.Password, options.Pim, options.Keyfiles);
 				
 				// Write backup volume header
 				headerOffset = decryptedLayout->GetBackupHeaderOffset();

src/Main/TextUserInterface.h

@@ -24,13 +24,14 @@ namespace VeraCrypt
 		virtual FilePath AskFilePath (const wxString &message = wxEmptyString) const;
 		virtual shared_ptr <KeyfileList> AskKeyfiles (const wxString &message = L"") const;
 		virtual shared_ptr <VolumePassword> AskPassword (const wxString &message = L"", bool verify = false) const;
+		virtual int AskPim (const wxString &message = L"") const;
 		virtual ssize_t AskSelection (ssize_t optionCount, ssize_t defaultOption = -1) const;
 		virtual wstring AskString (const wxString &message = wxEmptyString) const;
 		virtual shared_ptr <VolumePath> AskVolumePath (const wxString &message = L"") const;
 		virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const;
 		virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const;
 		virtual void BeginBusyState () const { }
-		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const;
+		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), int pim = 0, shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), int newPim = 0, shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const;
 		virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const;
 		virtual void CreateVolume (shared_ptr <VolumeCreationOptions> options) const;
 		virtual void DeleteSecurityTokenKeyfiles () const;

src/Main/UserInterface.cpp

@@ -898,6 +898,7 @@ namespace VeraCrypt
 				cmdLine.ArgMountOptions.Path = cmdLine.ArgVolumePath;
 				cmdLine.ArgMountOptions.MountPoint = cmdLine.ArgMountPoint;
 				cmdLine.ArgMountOptions.Password = cmdLine.ArgPassword;
+				cmdLine.ArgMountOptions.Pim = cmdLine.ArgPim;
 				cmdLine.ArgMountOptions.Keyfiles = cmdLine.ArgKeyfiles;
 				cmdLine.ArgMountOptions.SharedAccessAllowed = cmdLine.ArgForce;
 				cmdLine.ArgMountOptions.TrueCryptMode = cmdLine.ArgTrueCryptMode;
@@ -988,7 +989,7 @@ namespace VeraCrypt
 			return true;
 
 		case CommandId::ChangePassword:
-			ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgCurrentHash, cmdLine.ArgTrueCryptMode, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash);
+			ChangePassword (cmdLine.ArgVolumePath, cmdLine.ArgPassword, cmdLine.ArgPim, cmdLine.ArgCurrentHash, cmdLine.ArgTrueCryptMode, cmdLine.ArgKeyfiles, cmdLine.ArgNewPassword, cmdLine.ArgNewPim, cmdLine.ArgNewKeyfiles, cmdLine.ArgHash);
 			return true;
 
 		case CommandId::CreateKeyfile:
@@ -1009,6 +1010,7 @@ namespace VeraCrypt
 				options->Filesystem = cmdLine.ArgFilesystem;
 				options->Keyfiles = cmdLine.ArgKeyfiles;
 				options->Password = cmdLine.ArgPassword;
+				options->Pim = cmdLine.ArgPim;
 				options->Quick = cmdLine.ArgQuick;
 				options->Size = cmdLine.ArgSize;
 				options->Type = cmdLine.ArgVolumeType;

src/Main/UserInterface.h

@@ -29,7 +29,7 @@ namespace VeraCrypt
 		virtual bool AskYesNo (const wxString &message, bool defaultYes = false, bool warning = false) const = 0;
 		virtual void BackupVolumeHeaders (shared_ptr <VolumePath> volumePath) const = 0;
 		virtual void BeginBusyState () const = 0;
-		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0;
+		virtual void ChangePassword (shared_ptr <VolumePath> volumePath = shared_ptr <VolumePath>(), shared_ptr <VolumePassword> password = shared_ptr <VolumePassword>(), int pim = 0, shared_ptr <Hash> currentHash = shared_ptr <Hash>(), bool truecryptMode = false, shared_ptr <KeyfileList> keyfiles = shared_ptr <KeyfileList>(), shared_ptr <VolumePassword> newPassword = shared_ptr <VolumePassword>(), int newPim = 0, shared_ptr <KeyfileList> newKeyfiles = shared_ptr <KeyfileList>(), shared_ptr <Hash> newHash = shared_ptr <Hash>()) const = 0;
 		virtual void CheckRequirementsForMountingVolume () const;
 		virtual void CloseExplorerWindows (shared_ptr <VolumeInfo> mountedVolume) const;
 		virtual void CreateKeyfile (shared_ptr <FilePath> keyfilePath = shared_ptr <FilePath>()) const = 0;

src/Platform/StringConverter.cpp

@@ -262,6 +262,30 @@ namespace VeraCrypt
 		return n;
 	}
 
+	int32 StringConverter::ToInt32 (const string &str)
+	{
+		int32 n;
+		stringstream ss (str);
+
+		ss >> n;
+		if (ss.fail() || n == 0x7fffFFFF || n == -0x7fffFFFF)
+			throw ParameterIncorrect (SRC_POS);
+
+		return n;
+	}
+
+	int32 StringConverter::ToInt32 (const wstring &str)
+	{
+		int32 n;
+		wstringstream ss (str);
+
+		ss >> n;
+		if (ss.fail() || n == 0x7fffFFFF || n == -0x7fffFFFF)
+			throw ParameterIncorrect (SRC_POS);
+
+		return n;
+	}
+
 	uint64 StringConverter::ToUInt64 (const string &str)
 	{
 		uint64 n;
@@ -286,6 +310,30 @@ namespace VeraCrypt
 		return n;
 	}
 
+	int64 StringConverter::ToInt64 (const string &str)
+	{
+		int64 n;
+		stringstream ss (str);
+
+		ss >> n;
+		if (ss.fail() || n == 0x7fffFFFFffffFFFFLL || n == -0x7fffFFFFffffFFFFLL)
+			throw ParameterIncorrect (SRC_POS);
+
+		return n;
+	}
+
+	int64 StringConverter::ToInt64 (const wstring &str)
+	{
+		int64 n;
+		wstringstream ss (str);
+
+		ss >> n;
+		if (ss.fail() || n == 0x7fffFFFFffffFFFFLL || n == -0x7fffFFFFffffFFFFLL)
+			throw ParameterIncorrect (SRC_POS);
+
+		return n;
+	}
+	
 	string StringConverter::ToUpper (const string &str)
 	{
 		string s;

src/Platform/StringConverter.h

@@ -33,8 +33,12 @@ namespace VeraCrypt
 		static string ToLower (const string &str);
 		static uint32 ToUInt32 (const string &str);
 		static uint32 ToUInt32 (const wstring &str);
+		static int32  ToInt32 (const string &str);
+		static int32  ToInt32 (const wstring &str);
 		static uint64 ToUInt64 (const string &str);
 		static uint64 ToUInt64 (const wstring &str);
+		static int64  ToInt64 (const string &str);
+		static int64  ToInt64 (const wstring &str);
 		static string ToSingle (double number) { return ToSingle (FromNumber (number)); }
 		static string ToSingle (int32 number) { return ToSingle (FromNumber (number)); }
 		static string ToSingle (uint32 number) { return ToSingle (FromNumber (number)); }

src/Volume/Pkcs5Kdf.cpp

@@ -20,9 +20,9 @@ namespace VeraCrypt
 	{
 	}
 
-	void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const
+	void Pkcs5Kdf::DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const
 	{
-		DeriveKey (key, password, salt, GetIterationCount());
+		DeriveKey (key, password, salt, GetIterationCount(pim));
 	}
 	
 	shared_ptr <Pkcs5Kdf> Pkcs5Kdf::GetAlgorithm (const wstring &name, bool truecryptMode)

src/Volume/Pkcs5Kdf.h

@@ -23,13 +23,13 @@ namespace VeraCrypt
 	public:
 		virtual ~Pkcs5Kdf ();
 
-		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt) const;
+		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, int pim, const ConstBufferPtr &salt) const;
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const = 0;
 		static shared_ptr <Pkcs5Kdf> GetAlgorithm (const wstring &name, bool truecryptMode);
 		static shared_ptr <Pkcs5Kdf> GetAlgorithm (const Hash &hash, bool truecryptMode);
 		static Pkcs5KdfList GetAvailableAlgorithms (bool truecryptMode);
 		virtual shared_ptr <Hash> GetHash () const = 0;
-		virtual int GetIterationCount () const = 0;
+		virtual int GetIterationCount (int pim) const = 0;
 		virtual wstring GetName () const = 0;
 		virtual Pkcs5Kdf* Clone () const = 0;
 		virtual bool IsDeprecated () const { return GetHash()->IsDeprecated(); }
@@ -55,7 +55,7 @@ namespace VeraCrypt
 
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
 		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
-		virtual int GetIterationCount () const { return m_truecryptMode? 2000 : 655331; }
+		virtual int GetIterationCount (int pim) const { return m_truecryptMode? 2000 : (pim <= 0 ? 655331 : (15000 + (pim * 1000))) ; }
 		virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
 		virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160(m_truecryptMode); }
 
@@ -72,7 +72,7 @@ namespace VeraCrypt
 
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
 		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Ripemd160); }
-		virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 327661; }
+		virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 327661 : (pim * 2048)); }
 		virtual wstring GetName () const { return L"HMAC-RIPEMD-160"; }
 		virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacRipemd160_1000(m_truecryptMode); }
 
@@ -89,7 +89,7 @@ namespace VeraCrypt
 
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
 		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
-		virtual int GetIterationCount () const { return 200000; }
+		virtual int GetIterationCount (int pim) const { return pim <= 0 ? 200000 : (pim * 2048); }
 		virtual wstring GetName () const { return L"HMAC-SHA-256"; }
 		virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256_Boot(); }
 
@@ -106,7 +106,7 @@ namespace VeraCrypt
 
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
 		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha256); }
-		virtual int GetIterationCount () const { return 500000; }
+		virtual int GetIterationCount (int pim) const { return pim <= 0 ? 500000 : (15000 + (pim * 1000)); }
 		virtual wstring GetName () const { return L"HMAC-SHA-256"; }
 		virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha256(); }
 
@@ -123,7 +123,7 @@ namespace VeraCrypt
 
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
 		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Sha512); }
-		virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; }
+		virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
 		virtual wstring GetName () const { return L"HMAC-SHA-512"; }
 		virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacSha512(m_truecryptMode); }
 
@@ -140,7 +140,7 @@ namespace VeraCrypt
 
 		virtual void DeriveKey (const BufferPtr &key, const VolumePassword &password, const ConstBufferPtr &salt, int iterationCount) const;
 		virtual shared_ptr <Hash> GetHash () const { return shared_ptr <Hash> (new Whirlpool); }
-		virtual int GetIterationCount () const { return m_truecryptMode? 1000 : 500000; }
+		virtual int GetIterationCount (int pim) const { return m_truecryptMode? 1000 : (pim <= 0 ? 500000 : (15000 + (pim * 1000))); }
 		virtual wstring GetName () const { return L"HMAC-Whirlpool"; }
 		virtual Pkcs5Kdf* Clone () const { return new Pkcs5HmacWhirlpool(m_truecryptMode); }
 

src/Volume/Volume.cpp

@@ -24,7 +24,8 @@ namespace VeraCrypt
 		TopWriteOffset (0),
 		TotalDataRead (0),
 		TotalDataWritten (0),
-		TrueCryptMode (false)
+		TrueCryptMode (false),
+		Pim (0)
 	{
 	}
 
@@ -63,7 +64,7 @@ namespace VeraCrypt
 		return EA->GetMode();
 	}
 
-	void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+	void Volume::Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf, shared_ptr <KeyfileList> protectionKeyfiles, bool sharedAccessAllowed, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
 	{
 		make_shared_auto (File, file);
 
@@ -94,10 +95,10 @@ namespace VeraCrypt
 				throw;
 		}
 
-		return Open (file, password, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
+		return Open (file, password, pim, kdf, truecryptMode, keyfiles, protection, protectionPassword, protectionPim, protectionKdf,protectionKeyfiles, volumeType, useBackupHeaders, partitionInSystemEncryptionScope);
 	}
 
-	void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
+	void Volume::Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection, shared_ptr <VolumePassword> protectionPassword, int protectionPim, shared_ptr <Pkcs5Kdf> protectionKdf,shared_ptr <KeyfileList> protectionKeyfiles, VolumeType::Enum volumeType, bool useBackupHeaders, bool partitionInSystemEncryptionScope)
 	{
 		if (!volumeFile)
 			throw ParameterIncorrect (SRC_POS);
@@ -187,7 +188,7 @@ namespace VeraCrypt
 
 				shared_ptr <VolumeHeader> header = layout->GetHeader();
 
-				if (header->Decrypt (headerBuffer, *passwordKey, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes))
+				if (header->Decrypt (headerBuffer, *passwordKey, pim, kdf, truecryptMode, layout->GetSupportedKeyDerivationFunctions(truecryptMode), layoutEncryptionAlgorithms, layoutEncryptionModes))
 				{
 					// Header decrypted
 
@@ -200,6 +201,7 @@ namespace VeraCrypt
 					}
 
 					TrueCryptMode = truecryptMode;
+					Pim = pim;
 					Type = layout->GetType();
 					SectorSize = header->GetSectorSize();
 
@@ -237,9 +239,9 @@ namespace VeraCrypt
 								Volume protectedVolume;
 
 								protectedVolume.Open (VolumeFile,
-									protectionPassword, protectionKdf, truecryptMode, protectionKeyfiles,
+									protectionPassword, protectionPim, protectionKdf, truecryptMode, protectionKeyfiles,
 									VolumeProtection::ReadOnly,
-									shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
+									shared_ptr <VolumePassword> (), 0, shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> (),
 									VolumeType::Hidden,
 									useBackupHeaders);
 

src/Volume/Volume.h

@@ -87,11 +87,12 @@ namespace VeraCrypt
 		uint64 GetTotalDataWritten () const { return TotalDataWritten; }
 		VolumeType::Enum GetType () const { return Type; }
 		bool GetTrueCryptMode() const { return TrueCryptMode; }
+		int GetPim() const { return Pim;}
 		uint64 GetVolumeCreationTime () const { return Header->GetVolumeCreationTime(); }
 		bool IsHiddenVolumeProtectionTriggered () const { return HiddenVolumeProtectionTriggered; }
 		bool IsInSystemEncryptionScope () const { return SystemEncryption; }
-		void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+		void Open (const VolumePath &volumePath, bool preserveTimestamps, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (),shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), bool sharedAccessAllowed = false, VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
-		void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
+		void Open (shared_ptr <File> volumeFile, shared_ptr <VolumePassword> password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, shared_ptr <KeyfileList> keyfiles, VolumeProtection::Enum protection = VolumeProtection::None, shared_ptr <VolumePassword> protectionPassword = shared_ptr <VolumePassword> (), int protectionPim = 0, shared_ptr <Pkcs5Kdf> protectionKdf = shared_ptr <Pkcs5Kdf> (), shared_ptr <KeyfileList> protectionKeyfiles = shared_ptr <KeyfileList> (), VolumeType::Enum volumeType = VolumeType::Unknown, bool useBackupHeaders = false, bool partitionInSystemEncryptionScope = false);
 		void ReadSectors (const BufferPtr &buffer, uint64 byteOffset);
 		void ReEncryptHeader (bool backupHeader, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
 		void WriteSectors (const ConstBufferPtr &buffer, uint64 byteOffset);
@@ -118,6 +119,7 @@ namespace VeraCrypt
 		uint64 TotalDataRead;
 		uint64 TotalDataWritten;
 		bool TrueCryptMode;
+		int Pim;
 
 	private:
 		Volume (const Volume &);

src/Volume/VolumeHeader.cpp

@@ -78,7 +78,7 @@ namespace VeraCrypt
 		EncryptNew (headerBuffer, options.Salt, options.HeaderKey, options.Kdf);
 	}
 
-	bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
+	bool VolumeHeader::Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes)
 	{
 		if (password.Size() < 1)
 			throw PasswordEmpty (SRC_POS);
@@ -92,7 +92,7 @@ namespace VeraCrypt
 			if (kdf && (kdf->GetName() != pkcs5->GetName()))
 				continue;
 
-			pkcs5->DeriveKey (headerKey, password, salt);
+			pkcs5->DeriveKey (headerKey, password, pim, salt);
 
 			foreach (shared_ptr <EncryptionMode> mode, encryptionModes)
 			{

src/Volume/VolumeHeader.h

@@ -56,7 +56,7 @@ namespace VeraCrypt
 		virtual ~VolumeHeader ();
 
 		void Create (const BufferPtr &headerBuffer, VolumeHeaderCreationOptions &options);
-		bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
+		bool Decrypt (const ConstBufferPtr &encryptedData, const VolumePassword &password, int pim, shared_ptr <Pkcs5Kdf> kdf, bool truecryptMode, const Pkcs5KdfList &keyDerivationFunctions, const EncryptionAlgorithmList &encryptionAlgorithms, const EncryptionModeList &encryptionModes);
 		void EncryptNew (const BufferPtr &newHeaderBuffer, const ConstBufferPtr &newSalt, const ConstBufferPtr &newHeaderKey, shared_ptr <Pkcs5Kdf> newPkcs5Kdf);
 		uint64 GetEncryptedAreaStart () const { return EncryptedAreaStart; }
 		uint64 GetEncryptedAreaLength () const { return EncryptedAreaLength; }

src/Volume/VolumeInfo.cpp

@@ -51,6 +51,7 @@ namespace VeraCrypt
 		VirtualDevice = sr.DeserializeWString ("VirtualDevice");
 		sr.Deserialize ("VolumeCreationTime", VolumeCreationTime);
 		sr.Deserialize ("TrueCryptMode", TrueCryptMode);
+		sr.Deserialize ("Pim", Pim);
 	}
 
 	bool VolumeInfo::FirstVolumeMountedAfterSecond (shared_ptr <VolumeInfo> first, shared_ptr <VolumeInfo> second)
@@ -91,6 +92,7 @@ namespace VeraCrypt
 		sr.Serialize ("VirtualDevice", wstring (VirtualDevice));
 		sr.Serialize ("VolumeCreationTime", VolumeCreationTime);
 		sr.Serialize ("TrueCryptMode", TrueCryptMode);
+		sr.Serialize ("Pim", Pim);
 	}
 
 	void VolumeInfo::Set (const Volume &volume)
@@ -105,7 +107,7 @@ namespace VeraCrypt
 		HiddenVolumeProtectionTriggered = volume.IsHiddenVolumeProtectionTriggered();
 		MinRequiredProgramVersion = volume.GetHeader()->GetRequiredMinProgramVersion();
 		Path = volume.GetPath();
-		Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount();
+		Pkcs5IterationCount = volume.GetPkcs5Kdf()->GetIterationCount(volume.GetPim ());
 		Pkcs5PrfName = volume.GetPkcs5Kdf()->GetName();
 		Protection = volume.GetProtectionType();
 		Size = volume.GetSize();
@@ -115,6 +117,7 @@ namespace VeraCrypt
 		TotalDataRead = volume.GetTotalDataRead();
 		TotalDataWritten = volume.GetTotalDataWritten();
 		TrueCryptMode = volume.GetTrueCryptMode();
+		Pim = volume.GetPim ();
 	}
 
 	TC_SERIALIZER_FACTORY_ADD_CLASS (VolumeInfo);

src/Volume/VolumeInfo.h

@@ -57,6 +57,7 @@ namespace VeraCrypt
 		DevicePath VirtualDevice;
 		VolumeTime VolumeCreationTime;
 		bool TrueCryptMode;
+		int Pim;
 
 	private:
 		VolumeInfo (const VolumeInfo &);