Streebog missing for non-system in documentation

Open source disk encryption with strong security for the Paranoid

Brought to you by: idrassi

#380 Streebog missing for non-system in documentation

Milestone: 1.0

Status: open

Owner: Mounir IDRASSI

Labels: Documentation (5)

Updated: 2020-09-18

Created: 2020-09-16

Creator: Enigma2Illusion

Private: No

Hello Mounir,

A user noticed that Streebog hash is missing from the documentation for Header Key Derivation, Salt, and Iteration Count.

https://www.veracrypt.fr/en/Header%20Key%20Derivation.html

https://sourceforge.net/p/veracrypt/discussion/technical/thread/351a472f5e/

Kind Regards,
Enigma2Illusion

Discussion

Enigma2Illusion - 2020-09-16

Also the documentation for Header Key Derivation, Salt, and Iteration Count needs to be updated to explain UEFI and MBR for system encryption.

Suggestion:

For MBR system partition encryption (boot encryption), 200000 iterations are used for the HMAC-SHA-256 derivation function and 327661 iterations are used for HMAC-RIPEMD-160.

For UEFI system partition encryption (boot encryption), 655331 iterations are used for HMAC-RIPEMD-160 and 500000 iterations are used for HMAC-SHA-512, HMAC-SHA-256, HMAC-Whirlpool and Streebog-512.

For standard containers and other partitions, 655331 iterations are used for HMAC-RIPEMD-160 and 500000 iterations are used for HMAC-SHA-512, HMAC-SHA-256, HMAC-Whirlpool and Streebog-512.

Does the PIM calculations need to be updated for Streebog-512?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enigma2Illusion - 2020-09-18

PS: The iterations for system encryption may be incorrect in my suggestion above for MBR and UEFI system encryption. The benchmark for PKCS-5 PRF Pre-boot does not distinguish between MBR and UEFI in the benchmarks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.