mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 02:58:02 -06:00
176 lines
9.6 KiB
HTML
176 lines
9.6 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
|
||
<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
|
||
<meta name="keywords" content="encryption, security"/>
|
||
<link href="styles.css" rel="stylesheet" type="text/css" />
|
||
</head>
|
||
<body>
|
||
|
||
<div>
|
||
<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
|
||
</div>
|
||
|
||
<div id="menu">
|
||
<ul>
|
||
<li><a href="Home.html">Home</a></li>
|
||
<li><a href="Code.html">Source Code</a></li>
|
||
<li><a href="Downloads.html">Downloads</a></li>
|
||
<li><a class="active" href="Documentation.html">Documentation</a></li>
|
||
<li><a href="Donation.html">Donate</a></li>
|
||
<li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
|
||
</ul>
|
||
</div>
|
||
|
||
<div>
|
||
<p>
|
||
<a href="Documentation.html">Documentation</a>
|
||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||
<a href="Hash%20Algorithms.html">Hash Algorithms</a>
|
||
<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
|
||
<a href="Argon2id.html">Argon2id</a>
|
||
</p></div>
|
||
|
||
<div class="wikidoc">
|
||
<h1>Argon2id</h1>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
Argon2id is a memory-hard key derivation function designed to resist both time-memory trade-off attacks and side-channel attacks. It was selected as the winner of the Password Hashing Competition (PHC) in 2015 and is defined in RFC 9106. VeraCrypt supports Argon2id as an alternative to PBKDF2-HMAC for header key derivation.
|
||
</div>
|
||
|
||
<h3>Key Features</h3>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Memory-hard:</strong> Requires a configurable amount of memory, making it resistant to specialized hardware attacks
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Side-channel resistant:</strong> Combines data-dependent and data-independent memory access patterns
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Internal hash function:</strong> Uses BLAKE2b internally, eliminating the need for separate hash algorithm selection
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Tunable parameters:</strong> Allows adjustment of memory cost, time cost, and parallelism
|
||
</li>
|
||
</ul>
|
||
|
||
<h3>Argon2 Variants</h3>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
Argon2 has three variants:
|
||
</div>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Argon2d:</strong> Uses data-dependent memory access, resistant to time-memory trade-off attacks but vulnerable to side-channel attacks
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Argon2i:</strong> Uses data-independent memory access, resistant to side-channel attacks but more vulnerable to time-memory trade-off attacks
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Argon2id:</strong> Hybrid approach that combines both variants, providing resistance to both attack types (used by VeraCrypt)
|
||
</li>
|
||
</ul>
|
||
|
||
<h3>Parameters in VeraCrypt</h3>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
VeraCrypt uses Argon2id with the following parameter configuration:
|
||
</div>
|
||
|
||
<h4>Memory Cost (m_cost)</h4>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
The amount of memory used during the key derivation process, controlled by the PIM value:
|
||
</div>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Formula:</strong> m_cost(pim) = min(64 MiB + (pim - 1) × 32 MiB, 1024 MiB)
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Range:</strong> 64 MiB to 1024 MiB (capped at PIM = 31)
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Default:</strong> 96 MiB (equivalent to PIM = 2)
|
||
</li>
|
||
</ul>
|
||
|
||
<h4>Time Cost (t_cost)</h4>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
The number of iterations performed during the key derivation process:
|
||
</div>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>For PIM ≤ 31:</strong> t_cost(pim) = 3 + floor((pim - 1) / 3)
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>For PIM > 31:</strong> t_cost(pim) = 13 + (pim - 31)
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Default:</strong> 3 iterations (equivalent to PIM = 2)
|
||
</li>
|
||
</ul>
|
||
|
||
<h4>Parallelism</h4>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
The number of parallel threads used during computation:
|
||
</div>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Value:</strong> Fixed at 1 thread for all cases in VeraCrypt
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Rationale:</strong> Ensures consistent behavior across different hardware configurations
|
||
</li>
|
||
</ul>
|
||
|
||
<h3>Advantages over PBKDF2</h3>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Memory hardness:</strong> Requires significant memory allocation, making GPU and ASIC attacks more expensive
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Modern design:</strong> Specifically designed to resist contemporary attack methods
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Side-channel resistance:</strong> Built-in protections against cache-timing and other side-channel attacks
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Standardization:</strong> Officially standardized in RFC 9106
|
||
</li>
|
||
</ul>
|
||
|
||
<h3>Usage Considerations</h3>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
When using Argon2id in VeraCrypt:
|
||
</div>
|
||
<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Memory requirements:</strong> Ensure sufficient RAM is available, especially with higher PIM values
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Performance:</strong> Higher memory costs may result in slower mounting times but provide better security
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Compatibility:</strong> Available in VeraCrypt versions that support multiple key derivation functions
|
||
</li>
|
||
<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
|
||
<strong>No hash selection:</strong> Unlike PBKDF2-HMAC, no separate hash algorithm needs to be chosen
|
||
</li>
|
||
</ul>
|
||
|
||
<h3>Technical Specifications</h3>
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
<strong>Algorithm:</strong> Argon2id as defined in RFC 9106<br/>
|
||
<strong>Internal hash:</strong> BLAKE2b<br/>
|
||
<strong>Salt size:</strong> 512 bits (same as PBKDF2-HMAC)<br/>
|
||
<strong>Output length:</strong> Variable, depending on the encryption algorithm (e.g., 256 bits for AES-256, 768 bits for AES-Twofish-Serpent cascade)<br/>
|
||
<strong>Version:</strong> Argon2 version 0x13 (19 decimal)
|
||
</div>
|
||
|
||
<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
|
||
For more information about PIM values and their effect on Argon2id parameters, see the
|
||
<a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html" style="text-align:left; color:#0080c0; text-decoration:none">
|
||
Personal Iterations Multiplier (PIM)</a> section.
|
||
</div>
|
||
|
||
<p><a href="SHA-256.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section >></a></p>
|
||
</div><div class="ClearBoth"></div></body></html>
|