Enter password dialog appears on clicking at New Container dialog. This dialog prompts user for password to protect the container file with.
A password should be 8 - 256 characters long. It is recommended that password has both lowercase and uppercase symbols as well as digits and html symbols. More tips on how to create a strong password are listed in the Strong password guidelines article.
NOTE: Knowing the password is an only option to access the data stored inside BestCrypt container.
It is recommended to have a copy or reminder in a safe place in case the original password is lost or forgotten.
After the password was entered and confirmed successfully, clicking
To change default settings or switch between encryption schemes, user has to click the Show Advanced Settings link.
The window will expand as follows:
If you want to add a number of Keyfiles to your password, click . In the appeared window, click
and/or :
BestCrypt will add selected keyfiles to the password and will show the number of keyfiles on the button, as :
Version 8 compatible should be checked to create a container that can be opened with previous versions of BestCrypt as well as with BestCrypt under Linux and Mac OS.
NOTE: This option only concerns the ability of a container to be mounted with different versions of our software. To create a container that can be read and modified under different operating systems, user should format it with a cross functional file system, such as FAT32 or exFAT.
Encrypt header should be checked to create a container with encrypted header. More information on header encryption may be found in the Encrypted Headers article.
Advanced password-based encryption settings are also known as key stretching parameters. Key Streching area of the dialog incorporates the following controls:
Hash algorithm: drop-down control allows choosing between Whirlpool-512, SHA-512, Skein-512 and SHA3-512 hash algorithms. SHA-256 is also an option, though it is not recommended to be used with new containers except for compatibility purporses. Thus, if Version 8 compatible option is checked, this control is automatically set to SHA-256 and disabled.
Salt: field allows viewing random data being added to the password with each iteration of hash-fuction processing. Salting protects against time-memory tradeoff attacks. To generate new random to be used as salt, click
.Iterations edit box allows user to set a custom number of hash-function iterations being used to generate encryption key from password. The bigger this value, the longer takes each attempt to guess password, which increases password security against brute-force attacks significantly.
NOTE: Changing the default iteration count (16384) prohibits further header encryption for the container. Likewise, if Encrypt header option is checked, the Iterations box is automatically set to default value and disabled.
Benchmark mount test summarizes all the settings chosen above to calculate estimated time of one brute-force attack iteration on your hardware. The value also indicates how long it would take your container to be mounted. To increase this time, one should increase the iteration count value and visa versa.
Apart from Password-Based Encryption (which is default), BestCrypt also features Public Key Encryption (PKE) as well as encryption with the use of Secret Shared Scheme (SSS). To switch between the encryption schemes suggested, user should use the Encryption Scheme drop-down menu located on the top of the Enter Password dialog (Advanced View).