WinAbility Encryption Driver (Driver) implements the PBKDF2  (Password-Based Key Derivation Function) algorithm. This algorithm uses a hash function to derive key material from the password chosen by the user.

The Driver currently uses the following hash functions for the key derivation:

Generation of the encryption key from the intermediate hash value of the password

When the user enters a password, the application obtains its plain-text representation in the UNICODE format. Such binary representation of the user's password is then used as the input to the SHA2-COMBO function (descrived above). The 512-bit output is then used as an input to the SHA2-256 function. The resulting 256-bit hash value is then used as the intermediate hash value of the password. If the user has selected the option to remember the password for the duration of the current computer session, this intermediate hash value (rather than the plain test form) of the password is stored in the computer memory.

The 256-bit intermediate hash value obtained in the previous step is used together with the salt value from the volume descriptor key structure as the input to the PBKDF2 algorithm, that is executed repeatedly (2048 iterations with the SHA2-512 or SHA2-COMBO hash functions, or 8192 iterations with the SHA3-512 hash function, for each portion of the key material) until the required quantity of the key material is generated. For example, for the AES-128 encryption in the CBC mode, the Driver generates 256 bits of the key material, of which the first 128 bits are used as the encryption key, and the remaining 128 bits are used as the initial initialization vector.


Random data generation The format of the Virtual Encrypted Disks Copyright © 2018, WinAbility® Software Corporation. All rights reserved.