Files stored inside container are encrypted using randomly generated key. The key is unique for each container, it is stored inside the container in encrypted form. The key is encrypted with a hash value that is generated from the password  (with a hash algorithm - SHA-256, SHA-512, SHA3-512, Whirlpool, Skein ). The password is only used for a short moment to generate the hash value and then it is deleted from memory. BestCrypt does not save passwords in a cache or anywhere on the disk.

Encryption key is stored in memory while the container is mounted. It is recommended to dismount containers as soon as you complete your work with the encrypted data. BestCrypt can automatically dismount containers on a timout, or on event (logoff, suspend, hotkey).