"PRECAUTIONS" AND "SOME ADVICE" SECTIONS TO USE HIDDEN CONTAINERS PROPERLY.
BestCrypt creates virtual drives on your computer. All data to be written to the virtual drive are placed into the container in encrypted form. The encryption algorithms used in BestCrypt are reliable, and the container cannot be decrypted without knowing the correspondent password.
But under some circumstances the user may be forced to open up the password for his container. So sometimes people may be inclined to hide the information about whether the containers on their computers exist or not.
There are a variety of methods for hiding sensitive data inside graphic or sound files so that it would be impossible to define if the original files keep an extra information inside them. That method is known as steganography. Unfortunately, holding the encrypted containers disquised as image or sound files implies some drawbacks:
A BestCrypt original container file consists of three parts:
When mounting the original container, BestCrypt verifies its integrity using part 1 of the container. Then it calculates a hash according to the password and uses the hash for decrypting the encryption key from the Key Data Block. The software uses the key for providing transparent encryption of data in part 3 of the container.
If you create a hidden part inside the container, BestCrypt creates a new encryption key for it and stores it in the Key Data Block of the original container. The place where the key for the hidden part is stored remains to be marked as unused, so it is impossible to define if the key exists or not. Besides, unused elements in the Block itself are always initialized by random data. So, replacing some random data with a new randomly generated key does not compromise the hidden part. The hidden part is stored inside part 3 of the original container without its own Key Data Block, so it's impossible to define the borders of the hidden part inside the original container.
The mounting procedure for the container with the hidden part included is almost the same as for usual containers. The only difference is that only original part's filesystem type is written to container's header. Thus when mounting hidden part you should specify filesystem type explicitly.
NOTE: Pay attention to this message: if it does not appear, the hidden part is not mounted!
As it follows from the section "Precautions", it would be useful to treat the password for the original container as an "Alarm" password. It means it must not be entered until you has opened up your password.
Using the term "Alarm" also means that you should use this password only if you have consciously decided to mount the original container and write some data into it to destroy the hidden part of the container. Some ability to destroy the hidden part of the container may be useful only when there is any real threat for security of your data.