TrueCrypt alternative VeraCrypt 1.12 ships with interesting PIM feature - gHacks Tech News

TrueCrypt alternative VeraCrypt 1.12 ships with interesting PIM feature

VeraCrypt is one of the few programs that came into existence after development of True Crypt was abandoned.

Even though True Crypt's security audit did not uncover any backdoors in the program -- see results of the first and second phase of the audit -- left at least some users puzzled and confused as to whether they should continue using True Crypt to secure their data or switch to a different program offering similar functionality.

We have reviewed VeraCrypt twice in the past, first when it was released and then later on again to find out how it had improved in the meantime.

A new version of VeraCrypt was released two days ago and with it comes a new interesting feature the developers call Personal Iterations Multiplier (PIM).

It is an optional component that could improve the security of data protected by VeraCrypt significantly, so, lets take a closer look at that.

When you go through the volume creation process, either to create an encrypted container or encrypt a partition, you will eventually come to the stage where you need to enter the password that protects it. This password is being used to mount the container or partition whenever the need arises using VeraCrypt. There you find the new "use PIM" option that is disabled by default.

veracrypt pim feature

When you check it, you are taken to a new page after setting the password which prompts you to enter a volume PIM. You may enter any number or use 0 to use the default instead (which is 485). The only restriction is that the PIM cannot be lower than 485 if the password has less than 20 characters.

A lower PIM value may speed up the mounting process but reduce security if the password is not strong.

volume pim

The mounting process of the encrypted container or partition changes slightly if you set a PIM. You need to type the PIM in addition to that for the mounting to be successful.

use pim

Check the "use PIM" box. Once you do you will notice that it changes to a field that you can enter the PIM you set during creation.

veracrypt

The container or partition is mounted only if password and PIM are correct.

This looks like two-factor authentication and is to a degree with the exception that the PIM is set during creation just like the password and not generated on demand.

Additional information about the new release are available on the project website.

Closing Words

Adding a volume PIM increases the security of the encrypted container or partition significantly, especially so against brute force attacks.

Summary
TrueCrypt alternative VeraCrypt 1.12 ships with interesting PIM feature
Article Name
TrueCrypt alternative VeraCrypt 1.12 ships with interesting PIM feature
Description
A first look at VeraCrypt's new security feature Personal Iterations Mode (PIM).
Author




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. webfork said on August 7, 2015 at 5:07 pm
      Reply

      This is good to see. Although I think the explanation is a little opaque, anything to encourage folks to use long passwords is a good thing.

      Still, I would recommend that folks encrypt their entire computer before using this feature. There FAR more security-affecting attacks to consider ahead of guessing every password. Brute force attacks are employed primarily by dedicated, well-funded attackers. In other words, you’re far more likely to have your laptop stolen and have a thief look around for what’s handy than someone with a thousand computers to try every possible combination of characters.

    2. Jeff said on August 7, 2015 at 5:27 pm
      Reply

      “The only restriction is that the PIM cannot be lower than 485 is the password has less than 20 characters.”

      I think you meant “… IF the password has…”

    3. tena said on August 9, 2015 at 9:42 pm
      Reply

      What is the advantage with “[password]” plus [pim] (for example the number 490) compared to a longer password e.g. “[password]490”?

      1. gyffes said on August 10, 2015 at 4:04 am
        Reply

        I’m assuming that an attacker would need to bruteforce each field together.. and the variations available of [infinite password longer than 20] + [3-digit PIM] just means brute force gets even harder to achieve.. not to mention the need to enter vs 2 fields at once vs just the password field?

    4. Ted said on August 13, 2015 at 12:20 pm
      Reply

      Version 1.13 of VeraCrypt has been published. Have a look at https://veracrypt.codeplex.com.

    Leave a Reply