It is not normal at all that the rescue disk reject the correct password. I would say it is impossible unless there is bug or the RAM/CPU is malfunctioning.
This is the first such report of a rescue disk refusing a correct password. If there was a bug in the VeraCrypt, it would most certainly have been discovered by many others who use FDE on different type of hardware. Moreover, it is very suspicious that the
"passcode was rejected many times before finally being accepted". This is simply unheard of and technically impossible unless there is an issue with the RAM/CPU.
A plausible hypothesis is that your RAM provokes errors and is malfunctioning (probably the error affects only the first 64KB segment used by the BIOS) That would explain the erratic behavior on your machine. You can boot on an Ubuntu CD for example and choose
You already tested from another machine and it didn't work...this is puzzling. Do the two machine have the same keyboard layout? Are you using a US QWERTY keyboard?
One thing to know is that the password for system encryption must be entered using US layout. This is the default when booting. The trick is that if your keyboard is not US QWERTY (for example French AZERTY like myself), then every key you type is mapped to
its equivalent in the US keyboard (for example, '%' in French keyboard translates to '"' and '&' becomes '1'). This may play tricks to users if there use digits in there password and if they don't use the numeric keypad of they keyboard. For example,
if we take the French keyboard as an example again:
- if you type the digit 1 using the numeric keypad, it will be translated to 1. The same holds for all digits entered via numeric key pad.
- if you type the digit 1 using SHIFT and the key above A, then it will be translated to '!'. And here comes the potential problem.
So, when entering the password for system encryption, what matters is not the value of the keys your are pressing but the keys themselves!!! As the French keyboard example shows, if your password contains digits, you must enter these digits using the same method
used during the creation of the volume, either numeric key pad or SHIFT combined with other keys.
Are you in this type of situations?
@movingkey: For system encryption, there is no backup header at the end of the drive. The reason is that we can't perform the needed file system shrink operation while Windows is running. For non-system encryption, the shrink operation is done first to ensure
that all data are put at the beginning of the drive, leaving all free space at the end so that we have a place to put the backup header. That's why the rescue disk is very important for system encryption.