Hidden Containers: Precautions

1. You may write some data to the original container before creating the hidden part. But once you have created your hidden container,
   NO FURTHER DATA MUST EVER BE WRITTEN TO THE ORIGINAL CONTAINER.

   When BestCrypt has mounted the original container, BestCrypt will have no knowledge of the container’s hidden part!

   IF YOU WRITE TO THE ORIGINAL CONTAINER, THE HIDDEN PART MAY BE DAMAGED! The BestCrypt software is deliberately designed in such a manner as to allow the original container to appear to be the sole container for data. This is a deliberate act for maximum security of the secret encrypted container. If the software were not designed in this way, a potential intruder, having discovered the password for your original container, could use debugging tools to determine whether there is a hidden part inside the container.

   SPECIAL NOTE: Since changing any of the original container’s properties (re-encrypting, changing Algorithm or Key Generator and so on) may cause BestCrypt to overwrite the header of the container file, information about hidden part may also be lost. So please do not change the properties of the container file after you have created a hidden part inside it.

2. If you create the hidden part, it means that the data stored inside the original container has no meaning and exists only for one reason - to disguise the information stored in the hidden part. You should avoid mounting the original container.
3. For containers created with SHA-256/SHA-1 key generators (note that the limitation is removed for KG-Ghost Key Generator appeared in version 8 of BestCrypt).
   Although it is possible to format the original container as well as a hidden part inside it using any available file system (FAT, FAT32, NTFS), it is recommended that only FAT or FAT32 file systems be used for the original container. NTFS is not recommended, for the following reason: NTFS places its tables not only at the beginning of the drive (as FAT and FAT32 do), but also in the middle sectors of disk as well as at the last sectors. Hence, when you start to write information to the hidden part, the possibility of corrupting NTFS file system tables in the original container is high. However, since the FAT and FAT32 file systems store their tables at the beginning of the original container, the tables will not be damaged when you write some data to the hidden part. You can still use NTFS for formatting a hidden part inside of your containers.
4. For containers created with SHA-256/SHA-1 key generators:
   

   Although it is possible to add a new password for a hidden part, it is possible to have only one additional password for the hidden part. This is a logical consequence of the concept of having hidden parts - “nothing in the container file must show whether a hidden part inside it exists or not”. the explanation for this follows:

   When you add a new password for a hidden part, enter a current password for the hidden part. After receiving the password, BestCrypt inspects all the unused places (slots) in the containers’ header to determine whether some of the unused slots, filled in by random-looking data, can be decrypted with the password so that the decrypted slot gives a reference to a hidden part. If so, BestCrypt becomes aware of the one slot where the reference to the hidden part is stored. When you add a new password for the hidden part, BestCrypt must not overwrite the “unused” slot that corresponds to the old password. Since BestCrypt knows about one earlier initialized “unused” slot, it can use only one slot from a number of other unused slots without risking to overwrite earlier initialized hidden references on the hidden part. If you start to add new passwords for a hidden part, BestCrypt will accept the current password for a hidden part you enter, but it can overwrite an earlier additional password for the hidden part.

   For example, I have password ‘A’ for a hidden part. I want to add password ‘B’ for the hidden part. I enter the ‘A’ password and then make BestCrypt add password ‘B’. Now the hidden part can be mounted with either password ‘A’ or password ‘B’. Now I want to add password ‘C’ for the hidden part, and I enter password ‘A’ to begin the process of adding a new password. BestCrypt is not aware that some “unused” slot of its header may correspond to password ‘B,’ and BestCrypt will simply overwrite the slot with encrypted data for the new password ‘C’. The hidden part will mountable with ‘A’ and ‘C’ passwords, but password ‘B’ will become invalid for the hidden part.

See also: