[pull] master from veracrypt:master

.gitattributes

@@ -1,4 +1,5 @@
 # Set the default behavior, in case people don't have core.autocrlf set.
+.gitattributes	text eol=lf
 *	text=auto
 
 # Explicitly declare text files that could be normalized and converted
@@ -36,6 +37,8 @@ Sources	text eol=lf
 *.rc	text eol=crlf
 *.bat	text eol=crlf
 *.cmd	text eol=crlf
+*.hhc	-text whitespace=cr-at-eol
+*.hhp	-text whitespace=cr-at-eol
 
 # Denote all files that are truly binary and should not be modified.
 *.png	binary

doc/chm/en/VeraCrypt.hhc

@@ -190,6 +190,10 @@
 			<param name="Name" value="BLAKE2s-256">
 			<param name="Local" value="BLAKE2s-256.html">
 			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="BLAKE2b-512">
+			<param name="Local" value="BLAKE2b-512.html">
+			</OBJECT>
 		<LI> <OBJECT type="text/sitemap">
 			<param name="Name" value="SHA-256">
 			<param name="Local" value="SHA-256.html">

doc/chm/en/VeraCrypt.hhp

@@ -46,6 +46,7 @@ Beginner's Tutorial_Image_023.gif
 Beginner's Tutorial_Image_024.gif
 Beginner's Tutorial_Image_034.png
 BLAKE2s-256.html
+BLAKE2b-512.html
 Camellia.html
 Cascades.html
 Changing Passwords and Keyfiles.html

doc/chm/ru/VeraCrypt.ru.hhc

@@ -190,6 +190,10 @@
             <param name="Name" value="BLAKE2s-256">
             <param name="Local" value="BLAKE2s-256.html">
             </OBJECT>
+        <LI> <OBJECT type="text/sitemap">
+            <param name="Name" value="BLAKE2b-512">
+            <param name="Local" value="BLAKE2b-512.html">
+            </OBJECT>
         <LI> <OBJECT type="text/sitemap">
             <param name="Name" value="SHA-256">
             <param name="Local" value="SHA-256.html">
@@ -207,6 +211,20 @@
             <param name="Local" value="Streebog.html">
             </OBJECT>
     </UL>
+    <LI> <OBJECT type="text/sitemap">
+        <param name="Name" value="Àëãîðèòìû ôîðìèðîâàíèÿ êëþ÷à">
+        <param name="Local" value="Key Derivation Algorithms.html">
+        </OBJECT>
+    <UL>
+        <LI> <OBJECT type="text/sitemap">
+            <param name="Name" value="Argon2id">
+            <param name="Local" value="Argon2id.html">
+            </OBJECT>
+        <LI> <OBJECT type="text/sitemap">
+            <param name="Name" value="PBKDF2">
+            <param name="Local" value="pbkdf2.html">
+            </OBJECT>
+    </UL>
     <LI> <OBJECT type="text/sitemap">
         <param name="Name" value="Ïîääåðæèâàåìûå îïåðàöèîííûå ñèñòåìû">
         <param name="Local" value="Supported Operating Systems.html">
@@ -446,4 +464,4 @@
         <param name="Local" value="References.html">
         </OBJECT>
 </UL>
-</BODY></HTML>
+</BODY></HTML>

doc/chm/ru/VeraCrypt.ru.hhp

@@ -14,6 +14,7 @@ Title=
 Acknowledgements.html
 Additional Security Requirements and Precautions.html
 AES.html
+Argon2id.html
 arrow_right.gif
 Authenticity and Integrity.html
 Authors.html
@@ -46,6 +47,7 @@ Beginner's Tutorial_Image_023.png
 Beginner's Tutorial_Image_024.png
 Beginner's Tutorial_Image_034.png
 BLAKE2s-256.html
+BLAKE2b-512.html
 Camellia.html
 Cascades.html
 Changing Passwords and Keyfiles.html
@@ -90,6 +92,7 @@ Incompatibilities.html
 Introduction.html
 Issues and Limitations.html
 Journaling File Systems.html
+Key Derivation Algorithms.html
 Keyfiles in VeraCrypt.html
 Keyfiles in VeraCrypt_Image_040.png
 Keyfiles.html
@@ -111,6 +114,7 @@ Notation.html
 Paging File.html
 Parallelization.html
 paypal_30x30.png
+pbkdf2.html
 Personal Iterations Multiplier (PIM).html
 Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step1.png
 Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step2.png

doc/chm/zh-cn/VeraCrypt.zh-cn.hhc

@@ -190,6 +190,10 @@
 			<param name="Name" value="BLAKE2s-256">
 			<param name="Local" value="BLAKE2s-256.html">
 			</OBJECT>
+		<LI> <OBJECT type="text/sitemap">
+			<param name="Name" value="BLAKE2b-512">
+			<param name="Local" value="BLAKE2b-512.html">
+			</OBJECT>
 		<LI> <OBJECT type="text/sitemap">
 			<param name="Name" value="SHA-256">
 			<param name="Local" value="SHA-256.html">
@@ -207,6 +211,20 @@
 			<param name="Local" value="Streebog.html">
 			</OBJECT>
 	</UL>
+    <LI> <OBJECT type="text/sitemap">
+        <param name="Name" value="ÃÜÔ¿ÍƵ¼Ëã·¨">
+        <param name="Local" value="Key Derivation Algorithms.html">
+        </OBJECT>
+    <UL>
+        <LI> <OBJECT type="text/sitemap">
+            <param name="Name" value="Argon2id">
+            <param name="Local" value="Argon2id.html">
+            </OBJECT>
+        <LI> <OBJECT type="text/sitemap">
+            <param name="Name" value="PBKDF2">
+            <param name="Local" value="pbkdf2.html">
+            </OBJECT>
+    </UL>
 	<LI> <OBJECT type="text/sitemap">
 		<param name="Name" value="Ö§³ÖµÄ²Ù×÷ϵͳ">
 		<param name="Local" value="Supported Operating Systems.html">
@@ -446,4 +464,4 @@
 		<param name="Local" value="References.html">
 		</OBJECT>
 </UL>
-</BODY></HTML>
+</BODY></HTML>

doc/chm/zh-cn/VeraCrypt.zh-cn.hhp

@@ -15,6 +15,7 @@ Title=VeraCrypt
 Acknowledgements.html
 Additional Security Requirements and Precautions.html
 AES.html
+Argon2id.html
 arrow_right.gif
 Authenticity and Integrity.html
 Authors.html
@@ -47,6 +48,7 @@ Beginner's Tutorial_Image_023.gif
 Beginner's Tutorial_Image_024.gif
 Beginner's Tutorial_Image_034.png
 BLAKE2s-256.html
+BLAKE2b-512.html
 Camellia.html
 Cascades.html
 Changing Passwords and Keyfiles.html
@@ -91,6 +93,7 @@ Incompatibilities.html
 Introduction.html
 Issues and Limitations.html
 Journaling File Systems.html
+Key Derivation Algorithms.html
 Keyfiles in VeraCrypt.html
 Keyfiles in VeraCrypt_Image_040.gif
 Keyfiles.html
@@ -112,6 +115,7 @@ Notation.html
 Paging File.html
 Parallelization.html
 paypal_30x30.png
+pbkdf2.html
 Personal Iterations Multiplier (PIM).html
 Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step1.png
 Personal Iterations Multiplier (PIM)_VeraCrypt_ChangePIM_Step2.png

doc/html/en/Argon2id.html

@@ -36,7 +36,7 @@
 <div class="wikidoc">
 <h1>Argon2id</h1>
 <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-Argon2id is a memory-hard key derivation function designed to resist both time-memory trade-off attacks and side-channel attacks. It was selected as the winner of the Password Hashing Competition (PHC) in 2015 and is defined in RFC 9106. VeraCrypt supports Argon2id as an alternative to PBKDF2-HMAC for header key derivation.
+Argon2id is a memory-hard key derivation function designed to resist both time-memory trade-off attacks and side-channel attacks. It was selected as the winner of the Password Hashing Competition (PHC) in 2015 and is defined in RFC 9106. VeraCrypt supports Argon2id as an alternative to PBKDF2-HMAC for non-system volume header key derivation.
 </div>
 
 <h3>Key Features</h3>
@@ -48,7 +48,7 @@ <h3>Key Features</h3>
 <strong>Side-channel resistant:</strong> Combines data-dependent and data-independent memory access patterns
 </li>
 <li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
-<strong>Internal hash function:</strong> Uses BLAKE2b internally, eliminating the need for separate hash algorithm selection
+<strong>Internal hash function:</strong> Uses <a href="BLAKE2b-512.html" style="color:#0080c0; text-decoration:none">BLAKE2b-512</a> internally, eliminating the need for separate hash algorithm selection
 </li>
 <li style="text-align:left; margin-top:0px; margin-bottom:0px; padding-top:0px; padding-bottom:0px">
 <strong>Tunable parameters:</strong> Allows adjustment of memory cost, time cost, and parallelism
@@ -159,7 +159,7 @@ <h3>Usage Considerations</h3>
 <h3>Technical Specifications</h3>
 <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
 <strong>Algorithm:</strong> Argon2id as defined in RFC 9106<br/>
-<strong>Internal hash:</strong> BLAKE2b<br/>
+<strong>Internal hash:</strong> <a href="BLAKE2b-512.html" style="color:#0080c0; text-decoration:none">BLAKE2b-512</a><br/>
 <strong>Salt size:</strong> 512 bits (same as PBKDF2-HMAC)<br/>
 <strong>Header KDF output length:</strong> Fixed at 1536 bits (192 bytes) for the current VeraCrypt format. The required prefix is used for the selected encryption algorithm (for example, the first 64 bytes for AES (AES-256-XTS)). Third-party implementations must request 192 bytes from Argon2id before selecting the required prefix; requesting only the selected algorithm's key material length produces a different Argon2id output.<br/>
 <strong>Version:</strong> Argon2 version 0x13 (19 decimal)

doc/html/en/BLAKE2b-512.html

@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>VeraCrypt - Free Open source disk encryption with strong security for the Paranoid</title>
+<meta name="description" content="VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files."/>
+<meta name="keywords" content="encryption, security"/>
+<link href="styles.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+
+<div>
+<a href="Documentation.html"><img src="VeraCrypt128x128.png" alt="VeraCrypt"/></a>
+</div>
+
+<div id="menu">
+	<ul>
+	  <li><a href="Home.html">Home</a></li>
+	  <li><a href="Code.html">Source Code</a></li>
+	  <li><a href="Downloads.html">Downloads</a></li>
+	  <li><a class="active" href="Documentation.html">Documentation</a></li>
+	  <li><a href="Donation.html">Donate</a></li>
+	  <li><a href="https://sourceforge.net/p/veracrypt/discussion/" target="_blank">Forums</a></li>
+	</ul>
+</div>
+
+<div>
+<p>
+<a href="Documentation.html">Documentation</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="Hash%20Algorithms.html">Hash Algorithms</a>
+<img src="arrow_right.gif" alt=">>" style="margin-top: 5px">
+<a href="BLAKE2b-512.html">BLAKE2b-512</a>
+</p></div>
+
+<div class="wikidoc">
+<h1>BLAKE2b-512</h1>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<p>
+BLAKE2b is the 64-bit-word variant of BLAKE2 and the successor of BLAKE-512. BLAKE2b and BLAKE2s are specified in RFC 7693.
+</p>
+<p>
+VeraCrypt uses BLAKE2b with its maximum output size of 64 bytes (512 bits) internally in <a href="Argon2id.html" style="text-align:left; color:#0080c0; text-decoration:none">Argon2id</a>. For non-system volume header key derivation, BLAKE2b-512 is reached by selecting the Argon2 key derivation algorithm in VeraCrypt; this corresponds to Argon2id internally. In hash-oriented contexts such as random pool mixing and keyfile generation, the same underlying hash may be displayed as BLAKE2b-512.
+</p>
+<p>
+BLAKE2b-512 is not offered as a separate PBKDF2-HMAC hash algorithm. To use BLAKE2b-512 in VeraCrypt non-system volume header key derivation, select <a href="Argon2id.html" style="text-align:left; color:#0080c0; text-decoration:none">Argon2id</a>; no separate hash algorithm selection is available for Argon2id.
+</p>
+</div>
+<div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
+<a href="SHA-256.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section &gt;&gt;</a></div>
+</div><div class="ClearBoth"></div></body></html>

doc/html/en/BLAKE2s-256.html

@@ -42,9 +42,9 @@ <h1>BLAKE2s-256</h1>
 BLAKE2b and BLAKE2s are specified in RFC 7693.
 </p>
 <p>
-VeraCrypt uses only BLAKE2s with its maximum output size of 32-bytes (256 bits).
+VeraCrypt uses BLAKE2s with its maximum output size of 32 bytes (256 bits) as a PBKDF2-HMAC hash algorithm. For Argon2id, VeraCrypt uses <a href="BLAKE2b-512.html" style="text-align:left; color:#0080c0; text-decoration:none">BLAKE2b-512</a> internally.
 </p>
 </div>
 <div style="text-align:left; margin-top:19px; margin-bottom:19px; padding-top:0px; padding-bottom:0px">
-<a href="SHA-256.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section &gt;&gt;</a></div>
+<a href="BLAKE2b-512.html" style="text-align:left; color:#0080c0; text-decoration:none; font-weight:bold">Next Section &gt;&gt;</a></div>
 </div><div class="ClearBoth"></div></body></html>

doc/html/en/Command Line Usage for Windows.html

@@ -49,8 +49,8 @@ <h1>Command Line Usage for Windows</h1>
 </tr>
 <tr>
 <td><em>/hash</em></td>
-<td>It must be followed by a parameter indicating the PRF hash algorithm to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s and blake2s-256. When /hash is omitted, VeraCrypt will try
- all possible PRF algorithms thus lengthening the mount operation time.</td>
+<td>It must be followed by a parameter indicating the PRF hash algorithm or KDF to use when mounting the volume. Possible values for /hash parameter are: sha256, sha-256, sha512, sha-512, whirlpool, blake2s, blake2s-256, streebog, and blake2b-512 (for Argon2id volumes). When /hash is omitted, VeraCrypt will try
+ all possible PRF/KDF algorithms thus lengthening the mount operation time.</td>
 </tr>
 <tr>
 <td id="volume"><em>/volume</em> or <em>/v</em></td>
@@ -252,7 +252,7 @@ <h4>VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):</h4>
 <tr>
 <td>&nbsp;<em>/hash</em></td>
 <td>(Only with /create)<br>
-It must be followed by a parameter indicating the PRF hash algorithm to use when creating the volume. It has the same syntax as VeraCrypt.exe.</td>
+It must be followed by a parameter indicating the PRF hash algorithm or KDF to use when creating the volume. It has the same syntax as VeraCrypt.exe, and also accepts argon2 as an alias for Argon2id.</td>
 </tr>
 <tr>
 <td>/encryption</td>
@@ -324,9 +324,9 @@ <h4>VeraCrypt Format.exe (VeraCrypt Volume Creation Wizard):</h4>
 </tbody>
 </table>
 <h4>Syntax</h4>
-<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool |blake2s|blake2s-256}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]
+<p>VeraCrypt.exe [/tc] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256|streebog|blake2b-512}][/a [devices|favorites]] [/b] [/c [y|n|f]] [/d [drive letter]] [/e] [/f] [/h [y|n]] [/k keyfile or search path] [tryemptypass [y|n]] [/l drive letter] [/m {bk|rm|recovery|ro|sm|ts|noattach}]
  [/p password] [/pim pimvalue] [/q [background|preferences]] [/s] [/tokenlib path] [/v volume] [/w]</p>
-<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia)))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256}]
+<p>&quot;VeraCrypt Format.exe&quot; [/n] [/create] [/size number[{K|M|G|T}]] [/p password]&nbsp; [/encryption {AES | Serpent | Twofish | Camellia | Kuznyechik | AES(Twofish) | AES(Twofish(Serpent)) | Serpent(AES) | Serpent(Twofish(AES)) | Twofish(Serpent) | Camellia(Kuznyechik) | Kuznyechik(Twofish) | Camellia(Serpent) | Kuznyechik(AES) | Kuznyechik(Serpent(Camellia)))}] [/hash {sha256|sha-256|sha512|sha-512|whirlpool|blake2s|blake2s-256|streebog|blake2b-512|argon2}]
  [/filesystem {None|FAT|NTFS|ExFAT|ReFS}] [/dynamic] [/force] [/silent] [/noisocheck] [FastCreateFile] [/quick]</p>
 <p>Note that the order in which options are specified does not matter.</p>
 <h4>Examples</h4>

doc/html/en/Documentation.html

@@ -82,6 +82,7 @@ <h1>Table of Contents</h1>
 </li><li><strong><a href="Hash%20Algorithms.html">Hash Algorithms</a></strong>
 <ul>
 <li><a href="BLAKE2s-256.html">BLAKE2s-256</a>
+</li><li><a href="BLAKE2b-512.html">BLAKE2b-512</a>
 </li><li><a href="SHA-256.html">SHA-256</a> </li><li><a href="SHA-512.html">SHA-512</a> </li><li><a href="Whirlpool.html">Whirlpool</a>
 </li><li><a href="Streebog.html">Streebog</a></li></ul>
 </li><li><strong><a href="Key%20Derivation%20Algorithms.html">Key Derivation Algorithms</a></strong>

doc/html/en/Encryption Scheme.html

@@ -56,9 +56,9 @@ <h1>Encryption Scheme</h1>
 <a href="Header%20Key%20Derivation.html">
 <em>Header Key Derivation, Salt, and Iteration Count</em></a>), which can be one of the following:
 HMAC-SHA-512, HMAC-SHA-256, HMAC-BLAKE2S-256, HMAC-Whirlpool, HMAC-Streebog.</li>
-<li><strong>Argon2id:</strong> Memory-hard key derivation function with internal BLAKE2b hash function.</li>
+<li><strong>Argon2id:</strong> Memory-hard key derivation function for non-system volumes, with internal <a href="BLAKE2b-512.html">BLAKE2b-512</a> hash function.</li>
 </ul>
-<p>If a PRF is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
+<p>If a header key derivation algorithm (or, for PBKDF2-HMAC, a PRF hash) is explicitly specified by the user, it will be used directly without trying the other possibilities.</p>
 <p>A password entered by the user (to which one or more keyfiles may have been applied &ndash; see the section
 <a href="Keyfiles%20in%20VeraCrypt.html">
 <em>Keyfiles</em></a>), a PIM value (if specified) and the salt read in (1) are passed to the header key derivation function, which produces a sequence of values (see the section