Kryptor

Frequently Asked Questions

Updated on the 8th of October 2020

General

Is there a tutorial for new users?
Does Kryptor connect to the internet?
Does Kryptor require an account to use?
I forgot my password or lost a keyfile, is there any way to recover encrypted files?
Why should I use Kryptor over the alternatives?
Why do I get a Windows SmartScreen popup when I first run Kryptor?
Why is Kryptor free and open source?

Security

Has Kryptor been audited?
How do I report security vulnerabilities and bugs?
Does Kryptor store my passwords on disk?
Does Kryptor have any keylogging protection?
Are the encryption algorithms quantum computing resistant?

File Encryption

Which encryption algorithm should I use?
Why doesn't Kryptor use authenticated encryption modes like AES-GCM and ChaCha20-Poly1305?
Why does Kryptor not support cipher cascades?

Keyfiles

What is a keyfile and how do I randomly generate them?
Where should I store my keyfiles?
How secure are keyfiles?

Other Functionality

How do I share a password using Password Sharing?
How do I shred files and folders?
Which 'Shred Files Method' should I use in settings?
How do I add a custom wordlist for passphrase generation?

Development

What programming language is Kryptor written in?
What does the version number mean?
How do I build Kryptor from source?

General

Is there a tutorial for new users?

Yes, click here to view a guide with step-by-step instructions and screenshots.

Does Kryptor connect to the internet?

By default, Kryptor connects to GitHub when the program is launched to check for updates. This can be disabled in the settings to make Kryptor run 100% offline.

Kryptor does not connect to the internet at any other time, although an internet connection is required to view the linked webpages (documentation, source code, etc).

Does Kryptor require an account to use?

No, Kryptor does not require an account to use. There's no such thing as a Kryptor account.

I forgot my password or lost a keyfile, is there any way to recover encrypted files?

Unfortunately, if you forget your password or lose a keyfile, then your encrypted files will be unrecoverable. If you have chosen a secure password/keyfile and are using secure Argon2 settings, then it will take an impractical amount of time to bruteforce the encryption keys used.

There is no backdoor in Kryptor. Only you know your passwords and have access to your keyfiles. Do not forget your passwords or lose keyfiles. Store your passwords in a password manager and backup keyfiles to external storage.

Why should I use Kryptor over the alternatives?

  1. Kryptor is free and open source - you don't need to pay to access any of the features.
  2. Kryptor doesn't require an internet connection or an account to use.
  3. Kryptor uses strong, modern cryptographic algorithms - e.g. Argon2 is the most secure key derivation algorithm currently available.
  4. There's no master password - you can use different passwords for different files.
  5. You can use keyfiles instead of/as well as passwords.
  6. The names of encrypted files and folders are anonymised by default.
  7. You can encrypt passwords to share them with other people.
  8. Kryptor is more customisable - there are numerous settings that you can change, including multiple encryption algorithms.

Why do I get a Windows SmartScreen popup when I first run Kryptor?

Because Windows SmartScreen is an annoyance for developers. In order to get rid of this popup, Kryptor needs to have a large userbase and be run on lots of different computers, or I have to pay over £300 a year for an EV Code Signing Certificate (although this is designed for companies, not individuals).

Kryptor is new software and therefore doesn't have a large userbase, and EV Code Signing Certificates are ridiculously expensive and designed for companies. By running Kryptor, you are helping to remove this popup, but every time there's a new version, this popup may reappear.

The best solution to this problem is that I purchase a Standard Code Signing Certificate (£65/yr). This won't remove the popup until enough people run the program, but it will remove the 'Unknown Publisher' warning. Please consider donating if you'd like to help me afford a certificate.

Why is Kryptor free and open source?

Simply put, because free and open source software is great. Kryptor being free enables anybody to use the software. Furthermore, when it comes to security related software, being open source is important as it allows people to review the code, which helps security vulnerabilities get fixed.

However, if you'd like to support the project and help cover code signing certificate and website hosting costs, then please consider donating :)


Security

Has Kryptor been audited?

Kryptor has not been audited by a third-party. Security audits are extremely expensive (thousands of dollars) and require open source funding. However, it isn't easy to get funding as your software must meet certain requirements such as having a large enough userbase.

It's important to note that other more popular open source projects like KeePassXC also haven't been audited. They also raise some valid limitations of audits on their FAQ page.

The good news is that because Kryptor is open source, anybody is able to review the source code and find/report security vulnerabilities.

How do I report security vulnerabilities and bugs?

Security vulnerabilities can be reported directly to me via email and bugs can be reported on GitHub as explained here.

Does Kryptor store my passwords on disk?

No, Kryptor never stores passwords on disk. Only you know your passwords.

However, the Windows operating system may make copies of password strings in memory that could end up on disk (e.g. in the paging file, hibernation file, etc). This is not something that can be controlled by Kryptor. Disk encryption is the best protection against this risk.

Does Kryptor have any keylogging protection?

Yes, keyfiles provide protection from keylogging. However, Kryptor does not provide any sort of secure desktop or typing obfuscation for password entry.

Are the encryption algorithms quantum computing resistant?

Kryptor should provide at least 128-bit security against quantum computing because 256-bit encryption keys are used, meaning the file encryption is secure against quantum computing.

However, Kryptor relies on libsodium's Sealed Boxes (Curve25519, XSalsa20-Poly1305) for password sharing and memory encryption on Linux and macOS, and Curve25519 is not quantum resistant (many asymmetric algorithms aren't). With that said, it's currently secure and widely used.


Keyfiles

What is a keyfile and how do I randomly generate them?

A keyfile is a file that contains 64 bytes that are combined with your password for increased security or used instead of a password.

You can randomly generate keyfiles in Kryptor by going to File => Create Keyfile. Using generated keyfiles alongside passwords will provide increased security if you store your keyfiles correctly.

Where should I store my keyfiles?

I recommend storing your keyfiles on a USB or external hard drive. For another layer of security, you could also encrypt the USB or external hard drive using disk encryption software.

How secure are keyfiles?

Using a keyfile alongside a password will provide a significant increase in security assuming you store the keyfile correctly (e.g. on a USB or external hard drive). However, using a keyfile instead of a password is arguably less secure than just using a password because keyfiles get stored on disk, whereas passwords can be memorised.

I strongly recommend using a keyfile alongside a password instead of just using a keyfile. I also strongly recommend randomly generating keyfiles as explained above. Randomly generated keyfiles will provide more security than ordinary files.


File Encryption

Which encryption algorithm should I use?

I recommend using the default encryption algorithm (XChaCha20) because ChaCha20 is being implemented more and more due to its security and speed.

XChaCha20 should be favoured over XSalsa20 due to security and speed improvements, but XSalsa20 is still very much secure.

AES-CBC is being replaced by AES-GCM (an authenticated encryption mode) in many protocols, but AES-GCM is far from perfect and not really suitable for file encryption or encrypting large amounts of data. AES-CBC is still one of the better AES modes for file encryption and remains widely used despite the push to switch to AES-GCM. For example, AES-CBC is used by the popular end-to-end encrypted messaging app Signal.

You can read about the encryption algorithms used by Kryptor in more detail here.

Why doesn't Kryptor use authenticated encryption modes like AES-GCM and ChaCha20-Poly1305?

Authenticated encryption modes and AEADs are less suitable for file encryption because they are generally designed for smaller amounts of data. For example, they often use small nonces (e.g. 64-bits or 96-bits), which means there's the potential for nonce reuse.

Furthermore, using authenticated encryption modes requires loading entire files into memory (rather than reading portions of the file into memory) because of how the MAC is calculated. This isn't possible for large files.

That's why Kryptor uses unauthenticated encryption modes with BLAKE2b for authentication (Encrypt-then-MAC), allowing files to be read in chunks.

Why does Kryptor not support cipher cascades?

I decided not to include cipher cascades because I didn't think many people would use the feature. I also believe they're an excessive approach to security and provide protection against an unrealistic threat model considering that encryption algorithms like AES and ChaCha20 are very much secure.

If enough people request support for cipher cascades, then I may implement the feature in the future. You can request this feature using GitHub. For now, if you want your files to be encrypted more than once, I recommend using Kryptor alongside disk encryption - VeraCrypt or LUKS.


Other Functionality

How do I share a password using Password Sharing?

The Password Sharing documentation explains how to share a password step-by-step.

How do I shred files and folders?

You can shred files by clicking Tools => Shred Files and selecting the files you want to erase. To shred a folder, click Tools => Shred Folder and select a folder to shred.

Which 'Shred Files Method' should I use in settings?

I recommend using '1 Pass', which is why this is the default setting. However, if you want to overwrite files more thoroughly, then you should use 'HMG IS5' or '5 Passes'. For an explanation of each method, please read this page.

How do I add a custom wordlist for passphrase generation?

You can either edit or replace the 'wordlist.txt' file found in the Kryptor folder (%APPDATA%\Kryptor\wordlist.txt when Kryptor has been installed). Make sure that each word is on a new line.


Development

What programming language is Kryptor written in?

Kryptor is written in C# using .NET Framework 4.8 with Windows Forms. Development is done in Visual Studio 2019 Community.

Kryptor was written in C# because I like the language and have more experience working with C# than other programming languages. Furthermore, Windows Forms makes creating a GUI nice and simple.

Sadly C# isn't the best language for cross-platform desktop applications, but it is well suited to Windows development, and thanks to Mono, Kryptor can also run well on non-Windows platforms.

What does the version number mean?

Kryptor uses a version number with three numbers (e.g. 1.0.0).

  1. Number 1: The major version. This changes when significant changes are made that make things incompatible.
  2. Number 2: The minor version. This changes when new functionality is added.
  3. Number 3: The patch version. This changes when bugs are fixed or code improvements are made.

How do I build Kryptor from source?

Before you do anything with the source code, make sure you understand the GPLv3 license used by Kryptor. Click here for a summary of GPLv3.

  1. Head over to the GitHub repository.
  2. Click the green 'Code' button and 'Download ZIP'.
  3. Extract the ZIP, navigate to the 'Kryptor/src' folder, then open the 'Kryptor.sln' file in Visual Studio 2019 Community.
  4. You may be presented with lots of errors, but don't worry. You can go to Build => Clean Solution, select Release and x64 for the build options, and then click Build => Build Kryptor. Next, run the program by clicking the green play button in Visual Studio. This should resolve all of the errors.
  5. The libsodium-core library used by Kryptor does not support building to 'AnyCPU' in Visual Studio - you must either build to x86 or x64. Build to x64 when possible.

Requirements

Notes

Visual Studio 2019 Community is the IDE I recommend building with, but be aware that it isn't open source, and you have to sign into a Microsoft account after 30 days (this can be bypassed). If you just want to view the code, then you can use VSCodium, which is the open source version of VSCode. However, this won't allow you to view the Windows Forms Designer.