Manual VeraCrypt 1.16 (page 149 of 162) (English)

658731

149

Zoom out

Zoom in

1/162

145

PIM

PIM stands for "Personal Iterations Multiplier". It is a parameter that was introduced in VeraCrypt

1.12 and whose value controls the number of iterations used by the header key derivation function.

This value can be specified through the password dialog or in the command line.

If no PIM value is specified, VeraCrypt will use the default number of iterations used in versions prior

to 1.12 (see Header Key Derivation).

When a PIM value is specified, the number of iterations is calculated as follows:

 For system encryption: Iterations = PIM x 2048

 For non-system encryption and file containers: Iterations = 15000 + (PIM x 1000)

Prior to version 1.12, the security of a VeraCrypt volume was only based on the password strength

because VeraCrypt was using a fixed number of iterations.

With the introduction of PIM, VeraCrypt has a 2-dimensional security space for volumes based on the

couple (Password, PIM). This provides more flexibility for adjusting the desired security level while

also controlling the performance of the mount/boot operation.

PIM Usage

It is not mandatory to specify a PIM.

When creating a volume or when changing the password, the user has the possibility to specify a PIM

value by checking the "Use PIM" checkbox which in turn will make a PIM field available in the GUI

so a PIM value can be entered.

The PIM is treated like a secret value that must be entered by the user each time alongside the

password. If the incorrect PIM value is specified, the mount/boot operation will fail.

Using high PIM values leads to better security thanks to the increased number of iterations but it

comes with slower mounting/booting times.

With small PIM values, mounting/booting is quicker but this could decrease security if a weak

password is used.

During the creation of a volume or the encryption of the system, VeraCrypt forces the PIM value to be

greater than or equal to a certain minimal value when the password is less than 20 characters. This

check is done in order to ensure that, for short passwords, the security level is at least equal to the

default level provided by an empty PIM.

The PIM minimal value for short passwords is 98 for system encryption and 485 for non-system

encryption and files containers. For password with 20 characters and more, the PIM minimal value is

1. In all cases, leaving the PIM empty or setting its value to 0 will make VeraCrypt use the default

high number of iterations as explained in section Header Key Derivation.

Motivations behind using a custom PIM value can be:

 Add an extra secret parameter (PIM) that an attacker will have to guess

 Increase security level by using large PIM values to thwart future development of brute force

attacks.

 Speeding up booting or mounting through the use of a small PIM value (less than 98 for system

encryption and less than 485 for the other cases)

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of VeraCrypt 1.16 in the language / languages: English as an attachment in your email.

The manual is 2,98 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

VeraCrypt 1.16 Manual

Product: