How Do the Hidden and Original Containers Work?

A BestCrypt original container file consists of three parts:

  1. The first 512 bytes contain the data required to verify the integrity of the file;
  2. A Key Data Block that stores the array of encryption keys. The Key Data Block is encrypted by a hash calculated from the user's password. One of the keys in the array is used for encrypting / decrypting the user's data;
  3. Encrypted data.

When mounting the original container, BestCrypt verifies its integrity using part 1 of the container. Then it calculates a hash according to the password and uses the hash for decrypting the encryption key from the Key Data Block. BestCrypt uses the key for providing transparent encryption of the data in part 3 of the container.

If you create a hidden part inside the container, BestCrypt creates a new encryption key for the hidden part and stores it in the Key Data Block of the original container. The place where the key for the hidden part is stored appears to be marked as unused, to make it impossible to determine whether any key for a hidden part exists or not. Remember, spare disk space within the container is itself encrypted as random data, so replacing some random data with a new randomly generated key does not compromise the hidden part, because an examination will reveal only apparently random data.

The hidden part is stored inside part 3 of the original container without its own Key Data Block, so that it is impossible to define the borders of the hidden part inside the original container.

The mounting procedure for the container with the hidden part included is the same as for mounting a normal container.

When mounting the container, after having received a password, BestCrypt executes the following actions:

  1. BestCrypt tries using the password for mounting the original container first, as if there is no hidden part inside it.
  2. If this password is inappropriate for mounting the original container, BestCrypt checks for the existence of a hidden part inside the container, and uses the hash value generated from the password to extract the encryption key for the hidden part.
  3. If the password is appropriate for opening the hidden part, BestCrypt will mount this part and report the user that the hidden part is found. That message allows the user to be aware of which object was mounted - the original container or the hidden part.

    NOTE:Pay attention to this message: if it does not appear, the hidden part is not mounted!