System Administration

Essential System Tools: VeraCrypt – Strong disk encryption software

Other Features

To improve security, VeraCrypt uses either 200,000 or 327,661 iterations by default (which is customizable by the user to be as low as 2,048), depending on the algorithm used.

For standard containers and other partitions, 655,331 iterations are used for HMAC-RIPEMD-160 and 500,000 iterations are used for HMAC-SHA-512, HMAC-SHA-256 and HMAC-Whirlpool.

Personal Iterations Multiplier (PIM) provides a parameter whose value is used to control the number of iterations used by the header key derivation function.

And there’s lots more features including:

  • No decrypted data is saved to disk; instead the data is stored temporarily in RAM.
  • Parallelized encryption for multi-core systems. VeraCrypt uses all of the cores (or processors) in parallel for encryption and decryption.
  • When encrypting or decrypting data, VeraCrypt uses so-called pipelining (asynchronous processing).
  • Supports hardware-accelerated AES to further improve performance, typically 4-8 times faster than encryption performed by software implementation on the same processors.
  • With 64-bit CPUs, the software uses optimized assembly implementation of Twofish and Camellia.
  • Keyfiles:
    • Can improve protection against brute force attacks (but you should ensure the volume password is strong).
    • Allows the use of security tokens and smart cards.
    • Allows multiple users to mount a single volume using different user passwords or PINs. Give each user a security token or smart card containing the same VeraCrypt keyfile and let them choose their personal password or PIN that will protect their security token or smart card.
    • Allows managing multi-user shared access (all keyfile holders must present their keyfiles before a volume can be mounted).
  • Supports security (or cryptographic) tokens and smart cards that can be accessed using the PKCS #11 (2.0 or later) protocol.
  • Supports loading TrueCrypt volumes and partitions, both normal and hidden.
  • TrueCrypt volumes and non-system partitions can be converted to VeraCrypt format.

Pipelining allows data to be read from and written to an encrypted drive as fast as if the drive was not encrypted. However, pipelining is implemented only in the Windows versions of VeraCrypt.

Next page: Page 4 – Summary

Pages in this article:
Page 1 – Introduction / Installation
Page 2 – In Operation
Page 3 – Other Features
Page 4 – Summary

Share this article

One comment

  1. I just installed VeraCrypt today. Coming from the Windows world, I used it for sensitive information, and today after 6 months on Linux, needed the security it offers.
    You can fiddle with individual file/folder encryption, but why? I use the file container method and can take my encrypted info anywhere and with VeraCrypt in portable mode, I have access to it.

    Nice article.

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.