I was reading over the forum features request and found the "User selectable KDF iterations" page. While I am in not in favor of reducing the default iterations the idea itself didn't strike me as a bad one. In fact the more I think about it I believe this could be used to strengthen the security of containers in the following manner.
1) Allow the use of a user selected number 'above the current default' for the number of iterations used at the time a container is created.
2) Require this number to be remembered by the user and added to a separate field in the password prompt (which veracrypt could then use at the time a container is opened) rather than saved to a disk.
Otherwise use the default number of iterations which would of course fail to open the container even with the correct password!
This would add one more potential element of 'randomness' to help mitigate brute forcing techniques as not every user would be using the same count.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is exactly how I envisioned the implementation of this. No additional information will be stored in the volume header and the user will have to enter its iteration indicator and if left empty the default value (which is what is used today) will be used.
I'm saying iteration indicator and not iteration count because I envision to perform a transformation on the value (in the form constantx + threshold). For example: 1000x + 10000. The current iterations of VeraCrypt will correspond to x=490.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-01-11
Mounir
I hope you noticed this in the OP post...
'above the current default'
This is good for security as I have argued before, this does not allow the attacker any prior knowledge. What I am arguing against on the "User selectable KDF iterations" is to not allow a reduction in iterations.
L0ck
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I see your point L0ck. I missed the "above" word...
This is a very hot subject and there will be always disagreements. I'm in favor of high security and I will never reduce VeraCrypt strength. Today, VeraCrypt doesn't forbid users from using a 1 character password (it shows only a warning), this doesn't mean that VeraCrypt is not secure. The same logic would apply to the iterations counts in the dynamic mode but with a minimal value so that brute force is hard enough.
Things are still in the planning stage and of course more feedback is needed especially after providing preview versions in confront my vision to reality.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-01-12
I'm glad to see that my n00b idea wasn't as dumb as I feared it might be. In fact from your response it appears you may already had something similar in mind. If I understand your comment properly, rather than requiring the user to remember a full number, the user input value would be ADDED to the default? If so I like this idea more than my own and hope to see it as an option in the future!
You've been attempting to improve upon TrueCrypt since before it vanished. On my end at least you've replaced it. Keep up the superb work!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-01-12
"VeraCrypt doesn't forbid users from using a 1 character password"
Yes that's correct about the short password ability.
However that can be seen as a security improvement :)
As each drive or volume is salted an attacker has to work on each one individually. With high iterations the workload is huge, if the attacker has to start from 1 to ??? It is a greater task than knowing they have to start from length 10 for example.
Enforcing password length may lead users to chose less secure / more predictable passwords. However I would not object to a minimum length.
L0ck
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-01-12
"I'm glad to see that my n00b idea wasn't as dumb as I feared it might be. In fact from your response it appears you may already had something similar in mind."
I was reading over the forum features request and found the "User selectable KDF iterations" page. While I am in not in favor of reducing the default iterations the idea itself didn't strike me as a bad one. In fact the more I think about it I believe this could be used to strengthen the security of containers in the following manner.
1) Allow the use of a user selected number 'above the current default' for the number of iterations used at the time a container is created.
2) Require this number to be remembered by the user and added to a separate field in the password prompt (which veracrypt could then use at the time a container is opened) rather than saved to a disk.
Otherwise use the default number of iterations which would of course fail to open the container even with the correct password!
This would add one more potential element of 'randomness' to help mitigate brute forcing techniques as not every user would be using the same count.
This is exactly how I envisioned the implementation of this. No additional information will be stored in the volume header and the user will have to enter its iteration indicator and if left empty the default value (which is what is used today) will be used.
I'm saying iteration indicator and not iteration count because I envision to perform a transformation on the value (in the form constantx + threshold). For example: 1000x + 10000. The current iterations of VeraCrypt will correspond to x=490.
Mounir
I hope you noticed this in the OP post...
'above the current default'
This is good for security as I have argued before, this does not allow the attacker any prior knowledge. What I am arguing against on the "User selectable KDF iterations" is to not allow a reduction in iterations.
L0ck
I see your point L0ck. I missed the "above" word...
This is a very hot subject and there will be always disagreements. I'm in favor of high security and I will never reduce VeraCrypt strength. Today, VeraCrypt doesn't forbid users from using a 1 character password (it shows only a warning), this doesn't mean that VeraCrypt is not secure. The same logic would apply to the iterations counts in the dynamic mode but with a minimal value so that brute force is hard enough.
Things are still in the planning stage and of course more feedback is needed especially after providing preview versions in confront my vision to reality.
I'm glad to see that my n00b idea wasn't as dumb as I feared it might be. In fact from your response it appears you may already had something similar in mind. If I understand your comment properly, rather than requiring the user to remember a full number, the user input value would be ADDED to the default? If so I like this idea more than my own and hope to see it as an option in the future!
You've been attempting to improve upon TrueCrypt since before it vanished. On my end at least you've replaced it. Keep up the superb work!
"VeraCrypt doesn't forbid users from using a 1 character password"
Yes that's correct about the short password ability.
However that can be seen as a security improvement :)
As each drive or volume is salted an attacker has to work on each one individually. With high iterations the workload is huge, if the attacker has to start from 1 to ??? It is a greater task than knowing they have to start from length 10 for example.
Enforcing password length may lead users to chose less secure / more predictable passwords. However I would not object to a minimum length.
L0ck
"I'm glad to see that my n00b idea wasn't as dumb as I feared it might be. In fact from your response it appears you may already had something similar in mind."
Come and join in on the forum :)
https://veracrypt.codeplex.com/discussions
L0ck