Yes, if you set a value less than 485, you are decreasing the brute-force resistance than what the default provides. I presume it is not warned because people are encouraged to look up things they do not understand and read documentation.
Then you are decreasing the brute-force resistance of your volume.
I am unsure what you mean by this. The PIM is completely independent from the password. The PIM doesn’t change based on password length.
No, it doesn’t weaken the encryption itself. A PIM only impacts how difficult it is to derive a key from a password. I will show math below as an example. It is very technical and not super important to understand. Just know that a higher PIM = harder to brute-force password guesses.
Math
Iterations = 15,000 + (PIM×1,000)
So…
-
PIM 20: 15,000 + 20,000 = 35,000 iterations
-
PIM 100: 15,000 + 100,000 = 115,000 iterations
-
PIM 1000: 15,000 + 1,000,000 = 1,015,000 iterations
-
Memory cost (MiB):
m_cost(pim) = min(64 MiB + (pim - 1) × 32 MiB, 1024 MiB)— i.e. memory grows by 32 MiB per PIM step until it caps at 1024 MiB. VeraCrypt -
Time cost (passes / iterations):
-
If
PIM ≤ 31:time = 3 + floor((PIM − 1) / 3) -
If
PIM > 31:time = 13 + (PIM − 31)
-
PIM = 20
-
Memory =
64 + (20−1)*32 = 64 + 608 = 672 MiB -
Time (passes) =
3 + floor((20−1)/3) = 3 + 6 = 9passes. -
Work factor (rough proxy) ≈
672 MiB × 9 ≈ 6,048 MiB·passes.
PIM = 100
-
Memory = capped at 1024 MiB.
-
Time =
13 + (100 − 31) = 13 + 69 = 82passes. -
Work factor ≈
1024 × 82 = 83,968 MiB·passes.
PIM = 1000
-
Memory = capped at 1024 MiB.
-
Time =
13 + (1000 − 31) = 13 + 969 = 982passes. -
Work factor ≈
1024 × 982 = 1,006,208 MiB·passes.
PIM 20: 6,048 MiB·passes
PIM 100: 83,968 MiB·passes (~13.9× harder than PIM20)
PIM 1000: 1,006,208 MiB·passes (~167× harder than PIM20).
Using a baseline of 1,000 guesses/second:
Guesses/sec at PIM20 = 1,000 g/s (baseline)
Guesses/sec at PIM100 ≈ 1,000 / 13.9 ≈ 72 g/s
Guesses/sec at PIM1000 ≈ 1,000 / 167 ≈ 6 g/s
Yes, maybe only a little but still helps.
Yes, if your PIM is higher than 485 it will increase the cost to brute-force your password.
Yes, using a lower PIM is only really advised if mounting to older devices that are slower.
No, PIM applies to any password length. If I were to guess where you are messing up is if you have a very long and complex password, it doesn’t matter if your PIM is 1, it will be too difficult to brute-force anyway.
Correct. Like I said, I think the dev expects people to research things they don’t understand. VeraCrypt isn’t meant to be used by grandma. It’s meant for power users who want more control. I never inputted random numbers for anything when I was first learning VC. This is not to diss or anything, I would just research what everything does before touching it.
Yes you can change it and no you do not need to wipe the contents. The PIM information is stored in the header of the container.
No. PIM is not a true secret and shouldn’t be used as one. The main purpose of using a PIM is to maintain a higher cost of brute-forcing your password for the container. It is not meant to be used as a “you’ll never guess this.” because as stated earlier, if your adversary can brute-force at high numbers like a government agency, testing 1,000 PIMS on top of the brute-force isn’t very difficult.
Yes, but it doesn’t matter much. See the last response. The PIM isn’t meant to be a “secret” as much as a technical feature, that’s just it’s secondary “side” feature you could say. Hypothetically speaking, If you had a 128-character password and told the NSA your PIM was 485 OR EVEN 20, they wouldn’t really be able to do much. Brute forcing a 128-character truly random password with a PIM of 1 would exceed the lifetime of the universe by magnitudes of hundreds. It is, practically speaking, impossible.
I get it. It’s very easy to get wrapped up in the technicals of things. Just make sure your password is secure. If you are using a truly random 128-character password, the first weakness I think of is storage. Most people cannot reasonably remember that long of a password, they have to store it somewhere. If I were an adversary, my attack vector would be gaining access to that password.
Piece of paper in a safe? How can I break into that safe without damaging the paper.
Online password manager? How can I get into your password vault exploiting the online nature of it?
Offline password manager? How can I infect your PC with malware to gain access to RAM contents to then exfiltrate your database and access it on my own hardware.
Most people are a lot weaker than their encryption. If your adversary knows they can’t crack the encryption, they will try and crack YOU. Remember this. You are only as strong as your weakest link, and that is usually yourself.