I’m a layman in security and was trying to understand roughly how does Hashes and Encryption Algorithms are used in Veracrypt/Truecrypt.
Reading the documentation, that’s what I understood (please, feel free to correct me if I’m wrong):
For simplification’s sake, let’s consider a non-system volume, no hidden volumes and no Cascade.
An encrypted HEADER is generated containing two Master Keys (Primary and Secondary). Those Master Keys were created using RNG based on the HASH.
To Decrypt the HEADER, the correct password must generate a HEADER KEY (two keys, actually) using a derivation function from the selected HASH Algorithm. This HEADER KEY decrypts the HEADER. In other words, the HEADER is not the HASH itself from which the key is compared with.
If this is correct, I have some questions:
1- Is the encryption method of the HEADER the same of the rest of the volume? And only the keys are different…
2- If I got it correctly, the two HEADER Keys are 256 bit longer. Does those two combined key have the same power as a single 512 bits longer hash?
3- If not for (2), what’s the point of selecting a 512 bits HASH Algorithm?
4- If yes for (2), does the subsequent two Master Keys also have 512 bit long equivalent power?
5- Does the subsequent two Master Keys also uses the same HASH algorithm that HEADER Keys uses? For instance, if I select Whirlpool algorithm in the wizard, does it only affects the HEADER KEY or both?
Thank you, very much for your time.