How to change the PIM of a VeraCrypt volume

Martin Brinkmann
Nov 26, 2018
Updated • Apr 19, 2022
Tutorials
|
5

The developers of VeraCrypt introduced Personal Iterations Multiplier (PIM) functionality in the encryption program in version 1.12.

PIM stands for "Personal Iterations Multiplier". It is a parameter that was introduced in VeraCrypt 1.12 and whose value controls the number of iterations used by the header key derivation function.

PIM is used by volumes even if the creator of the volume did not specify a value. It is an optional component that improves security: it adds another step to the authentication process similarly to two-factor authentication. The main difference is that the PIM value is fixed and not generated on the fly when requested. An attacker needs to know the master password and the PIM, if not set to default, to breach the encryption successfully and access the content of the drive or partition.

A couple of good reasons exist to change the PIM value:

  • It was leaked or stolen.
  • The default value is used and that is not as secure as using a custom PIM.
  • You want to change the PIM to speed up or slow down the boot process.

Thankfully though, it is relatively easy to change the PIM of any VeraCrypt volume. The function is linked to the password; if you change the password of a volume, you may change the PIM as well.

Some notes:

  • Mounting or booting will be slowed down if you select a PIM that is higher than the default.
  • The minimum PIM value for encrypted volumes with passwords less than 20 characters in length is 98 if SHA-512 or Whirlpool are not use, and 485 for all other cases.
  • The minimum PIM value for encrypted volumes with passwords greater than or equal to 20 characters is 1.
  • You can re-use the password if you just want to change the PIM of the selected volume.

Here is how that is done in detail:

System Drive

change pim veracrypt

  • Open the VeraCrypt software on your device.
  • Select System > Change Password.
  • Type the current password.
  • Type the new password and confirm it.
  • Check the Use PIM box.
  • Type a PIM.
  • Select OK to complete the process.

It is still possible to use an old VeraCrypt Rescue Disk, if it exists, to restore the system partition or drive using the old password. It is recommended to delete the old Rescue Disk and create a new one.

While you are at it, select Tools > Backup Volume Header as well. The process is identical to how that was done under TrueCrypt.

Non-System Volume

  • Non-system volumes need to be in unmounted state. If the volume is mounted right-click on it and select the dismount option.
  • Use Select Device or Select File to select the volume that you want to change the PIM for.
  • Select Volumes > Change Volume Password.
  • Type the current password.
  • Type the new password and confirm it.
  • Check the Use PIM box under New.
  • Type the new PIM that you want to use.
  • Click OK to finalize the process.

Both processes require elevation. You are asked to move the mouse to generate a random pool. Select continue once you are satisfied; VeraCrypt highlights the progress and you should not end it before the bar turns green.

The encryption software displays a success (or failure) message afterward.

pim changed successfully

That's all there is to the process. You may want to test the boot or mount speed after the operation. If it takes too long you may want to consider reducing the PIM value to speed it up.

You need to check the "use pim" box when you mount a volume to specify it, or type it during the boot process.

Now You: do you use drive encryption software?

Summary
How to change the PIM of a VeraCrypt volume
Article Name
How to change the PIM of a VeraCrypt volume
Description
The tutorial walks you through the steps of adding a custom PIM value to the system or regular volume encrypted with VeraCrypt.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Anonymous said on April 19, 2022 at 2:00 pm
    Reply

    In your article you wrote: “Type a PIM. The maximum value is”

    What is the maximum value?

    Thanks

    1. Martin Brinkmann said on April 19, 2022 at 2:32 pm
      Reply

      I’m not aware of a maximum. I removed the part in the article.

  2. Darren said on November 27, 2018 at 5:08 am
    Reply

    Yes still supported.

    Thanks Martin. Timely tutorial for me.

  3. Rorant said on November 27, 2018 at 1:47 am
    Reply

    Is VeraCrypt still supported and developed? I thought the project was dropped.

    1. helper said on November 27, 2018 at 2:22 am
      Reply

      That was Truecrypt.
      Veracrypt is a “fork” of truecrypt, still maintained.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.