Oxy Rox - 2021-12-28

Hi,

From memory I seem to think that when correct password is entered it took much less time to boot but with incorrect in took twice or three time as long to generate wrong password message. (and this is with KDF stored in configuration file so no question of trying the five different KDFs).

This would make perfect sense as for a single cipher there is a need to generate just 512bits for keys using KDF and for triple cascade three sets of such keys are generated each set being independent it should take three times as long to generate. So it would make sense that after the first set is generated it tries all the single ciphers and if there is no success would generate a second key set and try double cascade ciphers and if no success again would generate a third set of keys and try triple cascade ciphers.

But when I experimented with a stopwatch it seems that even if single cascade cipher is chosen, say AES, it takes as long to get to the "Success" message with the correct password as it does to "wrong password" message with incorrect password.

Does Veracrypt generate all three sets of keys before trying any ciphers, including single cascade ciphers (that require just a single set of keys)?

(I suppose the other explanation could be that all three sets are generated in parallel but then I do not observe anywhere close to 100% of CPU usage when VerCrypt is crunching KDFs).