How to change the PIM of a VeraCrypt volume - gHacks Tech News

How to change the PIM of a VeraCrypt volume

The developers of VeraCrypt introduced Personal Iterations Multiplier (PIM) functionality in the encryption program in version 1.12.

PIM stands for "Personal Iterations Multiplier". It is a parameter that was introduced in VeraCrypt 1.12 and whose value controls the number of iterations used by the header key derivation function.

PIM is used by volumes even if the creator of the volume did not specify a value. It is an optional component that improves security: it adds another step to the authentication process similarly to two-factor authentication. The main difference is that the PIM value is fixed and not generated on the fly when requested. An attacker needs to know the master password and the PIM, if not set to default, to breach the encryption successfully and access the content of the drive or partition.

A couple of good reasons exist to change the PIM value:

  • It was leaked or stolen.
  • The default value is used and that is not as secure as using a custom PIM.
  • You want to change the PIM to speed up or slow down the boot process.

Thankfully though, it is relatively easy to change the PIM of any VeraCrypt volume. The function is linked to the password; if you change the password of a volume, you may change the PIM as well.

Some notes:

  • Mounting or booting will be slowed down if you select a PIM that is higher than the default.
  • The minimum PIM value for encrypted volumes with passwords less than 20 characters in length is 98 if SHA-512 or Whirlpool are not use, and 485 for all other cases.
  • The minimum PIM value for encrypted volumes with passwords greater than or equal to 20 characters is 1.
  • You can re-use the password if you just want to change the PIM of the selected volume.

Here is how that is done in detail:

System Drive

change pim veracrypt

  • Open the VeraCrypt software on your device.
  • Select System > Change Password.
  • Type the current password.
  • Type the new password and confirm it.
  • Check the Use PIM box.
  • Type a PIM. The maximum value is
  • Select OK to complete the process.

It is still possible to use an old VeraCrypt Rescue Disk, if it exists, to restore the system partition or drive using the old password. It is recommended to delete the old Rescue Disk and create a new one.

While you are at it, select Tools > Backup Volume Header as well. The process is identical to how that was done under TrueCrypt.

Non-System Volume

  • Non-system volumes need to be in unmounted state. If the volume is mounted right-click on it and select the dismount option.
  • Use Select Device or Select File to select the volume that you want to change the PIM for.
  • Select Volumes > Change Volume Password.
  • Type the current password.
  • Type the new password and confirm it.
  • Check the Use PIM box under New.
  • Type the new PIM that you want to use.
  • Click OK to finalize the process.

Both processes require elevation. You are asked to move the mouse to generate a random pool. Select continue once you are satisfied; VeraCrypt highlights the progress and you should not end it before the bar turns green.

The encryption software displays a success (or failure) message afterward.

pim changed successfully

That's all there is to the process. You may want to test the boot or mount speed after the operation. If it takes too long you may want to consider reducing the PIM value to speed it up.

You need to check the "use pim" box when you mount a volume to specify it, or type it during the boot process.

Now You: do you use drive encryption software?

Summary
How to change the PIM of a VeraCrypt volume
Article Name
How to change the PIM of a VeraCrypt volume
Description
The tutorial walks you through the steps of adding a custom PIM value to the system or regular volume encrypted with VeraCrypt.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post:

Comments

  1. Rorant said on November 27, 2018 at 1:47 am
    Reply

    Is VeraCrypt still supported and developed? I thought the project was dropped.

    1. helper said on November 27, 2018 at 2:22 am
      Reply

      That was Truecrypt.
      Veracrypt is a “fork” of truecrypt, still maintained.

  2. Darren said on November 27, 2018 at 5:08 am
    Reply

    Yes still supported.

    Thanks Martin. Timely tutorial for me.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.