veracrypt
diff --git a/‎doc/html/en/Argon2.html‎
Lines changed: 175 additions & 0 deletions b/‎doc/html/en/Argon2.html‎
Lines changed: 175 additions & 0 deletions
diff --git a/‎doc/html/en/Encryption Scheme.html‎
Lines changed: 7 additions & 2 deletions b/‎doc/html/en/Encryption Scheme.html‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎doc/html/en/Hash Algorithms.html‎
Lines changed: 5 additions & 4 deletions b/‎doc/html/en/Hash Algorithms.html‎
Lines changed: 5 additions & 4 deletions
@@ -0,0 +1,175 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
+<meta name="keywords" content="encryption, security"/>
+<link href="styles.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+
+<div>
+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
+</div>
+
+<div id="menu">
+    <ul>
+      <li><a href="Home.html">Home</a></li>
+      <li><a href="Code.html">Source Code</a></li>
+      <li><a href="Downloads.html">Downloads</a></li>
+      <li><a class="active" href="Documentation.html">Documentation</a></li>
+      <li><a href="Donation.html">Donate</a></li>
+      <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
+    </ul>
+</div>
+
+<div>
+<p>
+<a href="Documentation.html">Documentation</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Hash%20Algorithms.html">Hash Algorithms</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Argon2id.html">Argon2id</a>
+</p></div>
+
+<div class="wikidoc">
+<h1>Argon2id</h1>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+Argon2id is a memory-hard key derivation function designed to resist both time-memory trade-off attacks and side-channel attacks. It was selected as the winner of the Password Hashing Competition (PHC) in 2015 and is defined in RFC 9106. VeraCrypt supports Argon2id as an alternative to PBKDF2-HMAC for header key derivation.
+</div>
+
+<h3>Key Features</h3>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Memory-hard:</strong> Requires a configurable amount of memory, making it resistant to specialized hardware attacks
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Side-channel resistant:</strong> Combines data-dependent and data-independent memory access patterns
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Internal hash function:</strong> Uses BLAKE2b internally, eliminating the need for separate hash algorithm selection
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Tunable parameters:</strong> Allows adjustment of memory cost, time cost, and parallelism
+</li>
+</ul>
+
+<h3>Argon2 Variants</h3>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+Argon2 has three variants:
+</div>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Argon2d:</strong> Uses data-dependent memory access, resistant to time-memory trade-off attacks but vulnerable to side-channel attacks
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Argon2i:</strong> Uses data-independent memory access, resistant to side-channel attacks but more vulnerable to time-memory trade-off attacks
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Argon2id:</strong> Hybrid approach that combines both variants, providing resistance to both attack types (used by VeraCrypt)
+</li>
+</ul>
+
+<h3>Parameters in VeraCrypt</h3>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+VeraCrypt uses Argon2id with the following parameter configuration:
+</div>
+
+<h4>Memory Cost (m_cost)</h4>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+The amount of memory used during the key derivation process, controlled by the PIM value:
+</div>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Formula:</strong> m_cost(pim) = min(64 MiB + (pim - 1) × 32 MiB, 1024 MiB)
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Range:</strong> 64 MiB to 1024 MiB (capped at PIM = 31)
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Default:</strong> 96 MiB (equivalent to PIM = 2)
+</li>
+</ul>
+
+<h4>Time Cost (t_cost)</h4>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+The number of iterations performed during the key derivation process:
+</div>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>For PIM ≤ 31:</strong> t_cost(pim) = 3 + floor((pim - 1) / 3)
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>For PIM > 31:</strong> t_cost(pim) = 13 + (pim - 31)
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Default:</strong> 3 iterations (equivalent to PIM = 2)
+</li>
+</ul>
+
+<h4>Parallelism</h4>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+The number of parallel threads used during computation:
+</div>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Value:</strong> Fixed at 1 thread for all cases in VeraCrypt
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Rationale:</strong> Ensures consistent behavior across different hardware configurations
+</li>
+</ul>
+
+<h3>Advantages over PBKDF2</h3>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Memory hardness:</strong> Requires significant memory allocation, making GPU and ASIC attacks more expensive
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Modern design:</strong> Specifically designed to resist contemporary attack methods
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Side-channel resistance:</strong> Built-in protections against cache-timing and other side-channel attacks
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Standardization:</strong> Officially standardized in RFC 9106
+</li>
+</ul>
+
+<h3>Usage Considerations</h3>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+When using Argon2id in VeraCrypt:
+</div>
+<ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Memory requirements:</strong> Ensure sufficient RAM is available, especially with higher PIM values
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Performance:</strong> Higher memory costs may result in slower mounting times but provide better security
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>Compatibility:</strong> Available in VeraCrypt versions that support multiple key derivation functions
+</li>
+<li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
+<strong>No hash selection:</strong> Unlike PBKDF2-HMAC, no separate hash algorithm needs to be chosen
+</li>
+</ul>
+
+<h3>Technical Specifications</h3>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<strong>Algorithm:</strong> Argon2id as defined in RFC 9106<br/>
+<strong>Internal hash:</strong> BLAKE2b<br/>
+<strong>Salt size:</strong> 512 bits (same as PBKDF2-HMAC)<br/>
+<strong>Output length:</strong> Variable, depending on the encryption algorithm (e.g., 256 bits for AES-256, 768 bits for AES-Twofish-Serpent cascade)<br/>
+<strong>Version:</strong> Argon2 version 0x13 (19 decimal)
+</div>
+
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+For more information about PIM values and their effect on Argon2id parameters, see the 
+<a href="Personal%20Iterations%20Multiplier%20%28PIM%29.html" style="text-align:left; color:#0080c0; text-decoration:none">
+Personal Iterations Multiplier (PIM)</a> section.
+</div>
+
+<p><a href="SHA-256.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section &gt;&gt;</a></p>
+</div><div class="ClearBoth"></div></body></html>
@@ -50,10 +50,15 @@ <h1>Encryption Scheme</h1>
 </li><li>Now VeraCrypt attempts to decrypt the standard volume header read in (1). All data used and generated in the course of the process of decryption are kept in RAM (VeraCrypt never saves them to disk). The following parameters are unknown&dagger; and have
  to be determined through the process of trial and error (i.e., by testing all possible combinations of the following):
 <ol type="a">
-<li>PRF used by the header key derivation function (as specified in PKCS #5 v2.0; see the section
+<li>Key Derivation Function (KDF) and associated parameters:
+<ul>
+<li><strong>PBKDF2-HMAC:</strong> PRF used by the header key derivation function (as specified in PKCS #5 v2.0; see the section
 <a href="Header%20Key%20Derivation.html">
 <em>Header Key Derivation, Salt, and Iteration Count</em></a>), which can be one of the following:
-<p>HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool. If a PRF is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
+HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool, HMAC-Streebog.</li>
+<li><strong>Argon2id:</strong> Memory-hard key derivation function with internal BLAKE2b hash function.</li>
+</ul>
+<p>If a PRF is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
 <p>A password entered by the user (to which one or more keyfiles may have been applied &ndash; see the section
 <a href="Keyfiles%20in%20VeraCrypt.html">
 <em>Keyfiles</em></a>), a PIM value (if specified) and the salt read in (1) are passed to the header key derivation function, which produces a sequence of values (see the section
 
@@ -34,13 +34,14 @@
 <div class="wikidoc">
 <h1>Hash Algorithms</h1>
 <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-In the Volume Creation Wizard, in the password change dialog window, and in the Keyfile Generator dialog window, you can select a hash algorithm. A user-selected hash algorithm is used by the VeraCrypt Random Number Generator as a pseudorandom &quot;mixing&quot; function,
- and by the header key derivation function (HMAC based on a hash function, as specified in PKCS #5 v2.0) as a pseudorandom function. When creating a new volume, the Random Number Generator generates the master key, secondary key (XTS mode), and salt. For more
+In the Volume Creation Wizard, in the password change dialog window, and in the Keyfile Generator dialog window, you can select a hash algorithm when using PBKDF2-HMAC as the key derivation function. When Argon2id is selected as the key derivation function, no hash algorithm selection is available as Argon2id uses its own internal BLAKE2b hash function.
+</div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+For PBKDF2-HMAC, the user-selected hash algorithm is used by the VeraCrypt Random Number Generator as a pseudorandom &quot;mixing&quot; function, and by the header key derivation function (HMAC based on a hash function, as specified in PKCS #5 v2.0) as a pseudorandom function. When creating a new volume, the Random Number Generator generates the master key, secondary key (XTS mode), and salt. For more
  information, please see the section <a href="Random%20Number%20Generator.html" style="text-align:left; color:#0080c0; text-decoration:none">
 Random Number Generator</a> and section <a href="Header%20Key%20Derivation.html" style="text-align:left; color:#0080c0; text-decoration:none">
 Header Key Derivation, Salt, and Iteration Count</a>.</div>
-<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-VeraCrypt currently supports the following hash algorithms:</div>
+VeraCrypt currently supports the following hash algorithms for PBKDF2-HMAC:</div>
 <ul style="text-align:left; margin-top:18px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
 <li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
 <a href="BLAKE2s-256.html"><strong style="text-align:left">BLAKE2s-256</strong></a>