TrueCrypt Container Sizing for Optical Media

One of the most consistently referenced articles here is my procedure for preparing and burning encrypted CDs with TrueCrypt. It ranks highly on Google for “truecrypt cd” and “truecrypt dvd”, so those referred are often searching for the best TrueCrypt container size to use with optical media. However, while I made a size recommendation for CD-R’s explicit in the original article, I only mentioned DVD-R’s in passing, enough to match the keyword but not to convey the actual answer people are looking for. Allow me to correct that omission now.

A safe container size to use with “4.7GB” single layer DVD-R media is 4450MB. As was the case for 695MB on “700MB” CD-R media, this is a roundish number that will make reasonably close to full use of the typical blank media capacity, allowing for manufacturer variations, while leaving a small margin of empty space for the TrueCrypt autorun machinery and/or anything else you need to place in the unencrypted area of the disc. I have used this container size in practice without issue.

Deconstructing the standard byte size of CD-R and DVD-R media exposes the ambiguity between decimal and binary representations in this field, and the exploitability of that ambiguity, a practice we are all familiar with from advertised hard drive capacities. Incredibly the standards that relate the byte capacities of CD-R and DVD-R discs to their nominally labeled capacities do not follow consistent rules.

The byte capacity of a typical “700MB” CD-R is 736,960,512 bytes, equal to 719,688 kB, equal to 702.82 MB, using binary multipliers. The “700” really goes on the “MB” in the binary sense.

The byte capacity of a typical “4.7GB” DVD-R, meanwhile, is 4,706,074,624 bytes, equal to 4,595,776 kB, equal to 4,488.0625 MB using again binary multipliers. The “4.7” is going on “billion bytes” in the decimal sense.

How they came to cut corners in one way in one place and not the other, and save billions, is an edge of your seat thriller, I’m sure. But, no time, we’re burning discs over here.

Go ahead and test your blank discs in something like ImgBurn, simply spinning them up without writing anything to them, and read back the byte capacities. They may vary but should be around these values. Although, it wouldn’t surprise me to see wide variations. Manufacturers are always up to their shenanigans. In fact, you might want to pretest your media in this manner to be sure, and adjust accordingly.

In any case, a MB in TrueCrypt’s volume creation wizard is a MB in the binary sense and doesn’t know or care what media it’s eventually going on, so you have to align against the MB size. A 4450MB TrueCrypt file-container encrypted volume fits snugly on a blank DVD-R (of the observed specifications) while leaving around a comfortable 38MB of free margin.

This method is extensible to dual-layer DVD-R’s, or Blu-ray BD-R’s, or whatever you crazy kids are using nowadays. Obtain the blank byte size, divide by 1024, divide by 1024 again, then leave a small discretionary margin for overhead, finally arriving at the target MB container size.


TrueCrypt Homepage

ImgBurn Homepage


  1. Pingback: M-Disc: 1,000 year back up available now. « Xenophilia (True Strange Stuff)

  2. Trevor Ray

    Probably necro-posting here, lol.
    Anyway, what I was wondering is the level of sensitivity TC containers have to entropy on optical media.
    Is there any way to have redundancy (Besides Nero’s thing) to mitigate blemishes on disk surface?
    This would be similar to the way QR codes have redundancy in that if one section is obscured, the other sections can rebuild it.

  3. scott

    I believe if you lost one bit you’d at a minimum lose the whole block (16 bytes). TrueCrypt doesn’t confer any additional fault proofing above and beyond whatever the underlying filesystem already provides. QR is a good analogy. QR codes have bitwise redundancy designed in at the lowest level. If you had a filesystem with built in fault correction, as some emerging ones do, and you sat a TrueCrypt file-container volume on top of that, you’d get the benefit of the underlying’s entropy proofing. But TrueCrypt doesn’t “do” redundancy natively and if anything compounds the risk.

Comments are closed.