Updated on the 8th of October 2020
Is there a tutorial for new users?
Yes, click here to view a guide with step-by-step instructions and screenshots.
Does Kryptor connect to the internet?
By default, Kryptor connects to GitHub when the program is launched to check for updates. This can be disabled in the settings to make Kryptor run 100% offline.
Kryptor does not connect to the internet at any other time, although an internet connection is required to view the linked webpages (documentation, source code, etc).
Does Kryptor require an account to use?
No, Kryptor does not require an account to use. There's no such thing as a Kryptor account.
I forgot my password or lost a keyfile, is there any way to recover encrypted files?
Unfortunately, if you forget your password or lose a keyfile, then your encrypted files will be unrecoverable. If you have chosen a secure password/keyfile and are using secure Argon2 settings, then it will take an impractical amount of time to bruteforce the encryption keys used.
There is no backdoor in Kryptor. Only you know your passwords and have access to your keyfiles. Do not forget your passwords or lose keyfiles. Store your passwords in a password manager and backup keyfiles to external storage.
Why should I use Kryptor over the alternatives?
Why do I get a Windows SmartScreen popup when I first run Kryptor?
Because Windows SmartScreen is an annoyance for developers. In order to get rid of this popup, Kryptor needs to have a large userbase and be run on lots of different computers, or I have to pay over £300 a year for an EV Code Signing Certificate (although this is designed for companies, not individuals).
Kryptor is new software and therefore doesn't have a large userbase, and EV Code Signing Certificates are ridiculously expensive and designed for companies. By running Kryptor, you are helping to remove this popup, but every time there's a new version, this popup may reappear.
The best solution to this problem is that I purchase a Standard Code Signing Certificate (£65/yr). This won't remove the popup until enough people run the program, but it will remove the 'Unknown Publisher' warning. Please consider donating if you'd like to help me afford a certificate.
Why is Kryptor free and open source?
Simply put, because free and open source software is great. Kryptor being free enables anybody to use the software. Furthermore, when it comes to security related software, being open source is important as it allows people to review the code, which helps security vulnerabilities get fixed.
However, if you'd like to support the project and help cover code signing certificate and website hosting costs, then please consider donating :)
Has Kryptor been audited?
Kryptor has not been audited by a third-party. Security audits are extremely expensive (thousands of dollars) and require open source funding. However, it isn't easy to get funding as your software must meet certain requirements such as having a large enough userbase.
The good news is that because Kryptor is open source, anybody is able to review the source code and find/report security vulnerabilities.
How do I report security vulnerabilities and bugs?
Does Kryptor store my passwords on disk?
No, Kryptor never stores passwords on disk. Only you know your passwords.
However, the Windows operating system may make copies of password strings in memory that could end up on disk (e.g. in the paging file, hibernation file, etc). This is not something that can be controlled by Kryptor. Disk encryption is the best protection against this risk.
Does Kryptor have any keylogging protection?
Yes, keyfiles provide protection from keylogging. However, Kryptor does not provide any sort of secure desktop or typing obfuscation for password entry.
Are the encryption algorithms quantum computing resistant?
Kryptor should provide at least 128-bit security against quantum computing because 256-bit encryption keys are used, meaning the file encryption is secure against quantum computing.
However, Kryptor relies on libsodium's Sealed Boxes (Curve25519, XSalsa20-Poly1305) for password sharing and memory encryption on Linux and macOS, and Curve25519 is not quantum resistant (many asymmetric algorithms aren't). With that said, it's currently secure and widely used.
What is a keyfile and how do I randomly generate them?
A keyfile is a file that contains 64 bytes that are combined with your password for increased security or used instead of a password.
You can randomly generate keyfiles in Kryptor by going to File => Create Keyfile. Using generated keyfiles alongside passwords will provide increased security if you store your keyfiles correctly.
Where should I store my keyfiles?
I recommend storing your keyfiles on a USB or external hard drive. For another layer of security, you could also encrypt the USB or external hard drive using disk encryption software.
How secure are keyfiles?
Using a keyfile alongside a password will provide a significant increase in security assuming you store the keyfile correctly (e.g. on a USB or external hard drive). However, using a keyfile instead of a password is arguably less secure than just using a password because keyfiles get stored on disk, whereas passwords can be memorised.
I strongly recommend using a keyfile alongside a password instead of just using a keyfile. I also strongly recommend randomly generating keyfiles as explained above. Randomly generated keyfiles will provide more security than ordinary files.
Which encryption algorithm should I use?
I recommend using the default encryption algorithm (XChaCha20) because ChaCha20 is being implemented more and more due to its security and speed.
XChaCha20 should be favoured over XSalsa20 due to security and speed improvements, but XSalsa20 is still very much secure.
AES-CBC is being replaced by AES-GCM (an authenticated encryption mode) in many protocols, but AES-GCM is far from perfect and not really suitable for file encryption or encrypting large amounts of data. AES-CBC is still one of the better AES modes for file encryption and remains widely used despite the push to switch to AES-GCM. For example, AES-CBC is used by the popular end-to-end encrypted messaging app Signal.
You can read about the encryption algorithms used by Kryptor in more detail here.
Why doesn't Kryptor use authenticated encryption modes like AES-GCM and ChaCha20-Poly1305?
Authenticated encryption modes and AEADs are less suitable for file encryption because they are generally designed for smaller amounts of data. For example, they often use small nonces (e.g. 64-bits or 96-bits), which means there's the potential for nonce reuse.
Furthermore, using authenticated encryption modes requires loading entire files into memory (rather than reading portions of the file into memory) because of how the MAC is calculated. This isn't possible for large files.
That's why Kryptor uses unauthenticated encryption modes with BLAKE2b for authentication (Encrypt-then-MAC), allowing files to be read in chunks.
Why does Kryptor not support cipher cascades?
I decided not to include cipher cascades because I didn't think many people would use the feature. I also believe they're an excessive approach to security and provide protection against an unrealistic threat model considering that encryption algorithms like AES and ChaCha20 are very much secure.
If enough people request support for cipher cascades, then I may implement the feature in the future. You can request this feature using GitHub. For now, if you want your files to be encrypted more than once, I recommend using Kryptor alongside disk encryption - VeraCrypt or LUKS.
How do I share a password using Password Sharing?
The Password Sharing documentation explains how to share a password step-by-step.
How do I shred files and folders?
You can shred files by clicking Tools => Shred Files and selecting the files you want to erase. To shred a folder, click Tools => Shred Folder and select a folder to shred.
Which 'Shred Files Method' should I use in settings?
I recommend using '1 Pass', which is why this is the default setting. However, if you want to overwrite files more thoroughly, then you should use 'HMG IS5' or '5 Passes'. For an explanation of each method, please read this page.
How do I add a custom wordlist for passphrase generation?
You can either edit or replace the 'wordlist.txt' file found in the Kryptor folder (%APPDATA%\Kryptor\wordlist.txt when Kryptor has been installed). Make sure that each word is on a new line.
What programming language is Kryptor written in?
Kryptor was written in C# because I like the language and have more experience working with C# than other programming languages. Furthermore, Windows Forms makes creating a GUI nice and simple.
Sadly C# isn't the best language for cross-platform desktop applications, but it is well suited to Windows development, and thanks to Mono, Kryptor can also run well on non-Windows platforms.
What does the version number mean?
Kryptor uses a version number with three numbers (e.g. 1.0.0).
How do I build Kryptor from source?
Visual Studio 2019 Community is the IDE I recommend building with, but be aware that it isn't open source, and you have to sign into a Microsoft account after 30 days (this can be bypassed). If you just want to view the code, then you can use VSCodium, which is the open source version of VSCode. However, this won't allow you to view the Windows Forms Designer.