When mounting my disk I use PIM over 1000000 and it takes hours to mount it. Now I have to guess how much time is left. Some kind of progress display would be nice. Even what hash type is it doing (sha256 sha512 streebog ...) is a lot better than "wait a minute" when it is a loooong minute
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your problem is you set it Way way too high unless your password is only 2 or 3 characters.
If your password is over 20 characters set it much lower.
read the help file regarding it that will give you a better understanding.
What you request to me is an unnecesary feature.
Last edit: Philip Smith 2019-12-16
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Apologies but I disagree. According to the NIST SP 800-132 standard depending upon the sensitivity or importance of data, increasing the iteration count (using the PIM) may be an appropriate choice.
I personally have data that I deem sensitive enough to use more than 14 million iterations (the standard recommends 10 million for critical data). Mounting takes about 3 to 4 minutes on my Core i9 7980XE. I really don't mind since I can do something else while it is mounting. Unfortunately Veracrypt doesn't make use of multiple cores to decrease the time taken (that is understandable since that would be an advantage to an attacker if it was shortened).
With ever increasing computing power e.g. AMD CPUs with more than 100 cores and GPUs such as my dual Nvidia Titan RTX I see an increased iteration count becoming more necessary.
Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The PIM GUI could warn the user that high values will cause massive delays of hours when mounting volumes or booting on system encryption (specify what constitutes a "high value").
Said this previously in another post, but I believe that if the user does not set a custom PIM value, then PIM should NOT appear on the boot password screen (because an attacker would just press Enter key first, so it offers no protection unless the user has set a custom PIM value).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
AJB You are not taking into account the original post Quote "it takes hours to mount it."
When you 1st open it and it takes hours a progress bar is not going to make it open any quicker, it will still take hours BUT with that progress bar how do you expect to calibrate it for the right password or the wrong password.
If it is calibrated to the right password you have just revealed your password and how long it will take.
If it is the wrong password what do you calibrate it too, because it will never open so how long do you want the progress bar to be?
Even in you case with a much faster computer the progress bar can be a give away.
Simple fact is on a given computer you know how long it takes to open.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What about a spinning "/" symbol to show that VeraCrypt is doing something and the computer has not frozen? I remember that some DOS programs used the spinning “/”.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When mounting my disk I use PIM over 1000000 and it takes hours to mount it. Now I have to guess how much time is left. Some kind of progress display would be nice. Even what hash type is it doing (sha256 sha512 streebog ...) is a lot better than "wait a minute" when it is a loooong minute
Have you read the part about PIM?
Your problem is you set it Way way too high unless your password is only 2 or 3 characters.
If your password is over 20 characters set it much lower.
read the help file regarding it that will give you a better understanding.
What you request to me is an unnecesary feature.
Last edit: Philip Smith 2019-12-16
Apologies but I disagree. According to the NIST SP 800-132 standard depending upon the sensitivity or importance of data, increasing the iteration count (using the PIM) may be an appropriate choice.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf
I personally have data that I deem sensitive enough to use more than 14 million iterations (the standard recommends 10 million for critical data). Mounting takes about 3 to 4 minutes on my Core i9 7980XE. I really don't mind since I can do something else while it is mounting. Unfortunately Veracrypt doesn't make use of multiple cores to decrease the time taken (that is understandable since that would be an advantage to an attacker if it was shortened).
With ever increasing computing power e.g. AMD CPUs with more than 100 cores and GPUs such as my dual Nvidia Titan RTX I see an increased iteration count becoming more necessary.
Thank you.
The PIM GUI could warn the user that high values will cause massive delays of hours when mounting volumes or booting on system encryption (specify what constitutes a "high value").
Said this previously in another post, but I believe that if the user does not set a custom PIM value, then PIM should NOT appear on the boot password screen (because an attacker would just press Enter key first, so it offers no protection unless the user has set a custom PIM value).
AJB You are not taking into account the original post Quote "it takes hours to mount it."
When you 1st open it and it takes hours a progress bar is not going to make it open any quicker, it will still take hours BUT with that progress bar how do you expect to calibrate it for the right password or the wrong password.
If it is calibrated to the right password you have just revealed your password and how long it will take.
If it is the wrong password what do you calibrate it too, because it will never open so how long do you want the progress bar to be?
Even in you case with a much faster computer the progress bar can be a give away.
Simple fact is on a given computer you know how long it takes to open.
What about a spinning "/" symbol to show that VeraCrypt is doing something and the computer has not frozen? I remember that some DOS programs used the spinning “/”.
I would appreciate that spinner as well.