Since the PIM effectively serves as a second dimension of the security space, effectively serving as an auxiliary password as well as a slider for balancing between brute-force resistance and boot time, shouldn't it be hidden the same way as the password?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't think this is a good idea, because PIM shoudn't be treated as something like password. PIM can add an extra secret parameter, but it's limited for the iteration is a multiple of 1000. For example, we use 500 PIM. Attacker need only try 1-1000 usually.
I think it will be more safe if we can specify iteration but not PIM.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
But if you follow the guides correctly, you should be implimenting both a secure (25+) character password, and keyfiles with more than 1048 bit size to your container/FDE anyways so treating it like a password only benefits the user. All the PIM does is increases or decreases entropy based on your inputted number. HOWEVER, the means by which it does this seriously boosts the security of your container. One more thing they have to bruteforce is one more step towards successful encryption. I don't leak my keyfiles, or write down my password so I don't really want my PIM (the third wheel in my configuration) to be known either.
Seb
Last edit: Seb 2015-10-01
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
A deterministic hash cannot change the password entropy. If I use a weak password that is passed through the hash 500000 times does not change the password entropy. The password is still weak.
Specifying an iteration count that influences the computational cost of deriving a key from a password. (Source: TrueCrypt audit report for Weak Volume Header key derivation algorithm)
I just went and editted my comment to highlight one sentence in bold as I believe I was clear in stating that with a 25+ character password, and the potential to add anywhere from 1 to an incredibly large amount of keyfiles as well, the PIM value does add security to your encryption.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for pointing out this. I have modified the bootloader to have the PIM masked the same way as the password, and I have upload a new 1.14-BETA installer that contains this (build 6).
Cheers.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Since the PIM effectively serves as a second dimension of the security space, effectively serving as an auxiliary password as well as a slider for balancing between brute-force resistance and boot time, shouldn't it be hidden the same way as the password?
I have made changes to the PIM in Windows GUI in order to behave like a password and be displayed only when "Display password" is checked.
You can see the modification by installing the new 1.14-BETA build available at: https://sourceforge.net/projects/veracrypt/files/VeraCrypt%20Nightly%20Builds
View and moderate all "Feature requests" comments posted by this user
Mark all as spam, and block user from posting to "Forums"
I don't think this is a good idea, because PIM shoudn't be treated as something like password. PIM can add an extra secret parameter, but it's limited for the iteration is a multiple of 1000. For example, we use 500 PIM. Attacker need only try 1-1000 usually.
I think it will be more safe if we can specify iteration but not PIM.
But if you follow the guides correctly, you should be implimenting both a secure (25+) character password, and keyfiles with more than 1048 bit size to your container/FDE anyways so treating it like a password only benefits the user. All the PIM does is increases or decreases entropy based on your inputted number. HOWEVER, the means by which it does this seriously boosts the security of your container. One more thing they have to bruteforce is one more step towards successful encryption. I don't leak my keyfiles, or write down my password so I don't really want my PIM (the third wheel in my configuration) to be known either.
Seb
Last edit: Seb 2015-10-01
A deterministic hash cannot change the password entropy. If I use a weak password that is passed through the hash 500000 times does not change the password entropy. The password is still weak.
Specifying an iteration count that influences the computational cost of deriving a key from a password. (Source: TrueCrypt audit report for Weak Volume Header key derivation algorithm)
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
The higher iterations twarts bruteforcing the hash key and/or dictionary attacks by slowing down the attack to derive the key.
I just went and editted my comment to highlight one sentence in bold as I believe I was clear in stating that with a 25+ character password, and the potential to add anywhere from 1 to an incredibly large amount of keyfiles as well, the PIM value does add security to your encryption.
I was responding to your above statement.
Hello Mounir,
Does this include the bootloader and using F5 to display password and PIM in the bootloader screen?
Kind Regards.
Bonjour Enigma2Illusion,
Thank you for pointing out this. I have modified the bootloader to have the PIM masked the same way as the password, and I have upload a new 1.14-BETA installer that contains this (build 6).
Cheers.
Outstanding! Thank you very much!