Kryptor

Key Derivation

Argon2 Benchmark

When Kryptor is first run, the user is asked to select an Argon2 benchmark mode (see below). The benchmark will choose an appropriate Argon2 memory size for your machine. This benchmark can be rerun from the settings.

If you update the portable version of Kryptor, you can skip this benchmark by deleting the 'first run.tmp' file in the Kryptor folder.

Benchmark results can be found in the 'benchmark.txt' file inside the Kryptor folder (%APPDATA%\Kryptor\benchmark.txt when Kryptor has been installed).

Benchmark Modes

  1. 'I want encryption to be as fast as possible': A 150 ms delay per file for key derivation. This is ideal for encrypting hundreds/thousands of files.
  2. 'I want encryption to be more secure': A 250 ms delay per file for key derivation. This is the recommended mode.

Default Argon2 Settings

By default, Argon2 is set to use a memory size = 128 MiB and an iteration count = 3. If the Argon2 benchmark fails or never runs, then these values are the default settings.

Argon2 Parameters

The Argon2 parameters can be customised in the settings. However, bad parameter choices may make file encryption unusably slow. Please read the following before altering the Argon2 settings:

Memory Size

Recommended: 64+ MiB

The amount of memory (in MiB - Mebibytes) used to calculate a hash. There is no 'insecure' memory size, but higher values make key derivation more secure. Note that higher values are also slower.

Iterations

Recommended: 3-5 iterations

The number of passes over memory. More iterations is better, but you should use a lower iteration count with higher memory sizes.

If you use a low memory size such as 32 MiB, then you should increase the iteration count (e.g. 20+ iterations).

Recommended Delay Per File

If you are only encrypting one file at a time, then you can increase the delay per file to improve the strength of key derivation. In contrast, when you encrypt lots of files at once, it is much faster to use a lower delay. However, I do not recommend going below 100 ms.

Potential Configurations

Security: If you want to increase security, then you can use a larger memory size or iteration count. Note that this will slow down file encryption, but this won't be very noticeable when only encrypting individual files.

Speed: If you want to speed up file encryption, you can lower the memory size or iteration count. However, this will lead to decreased security. Do not use a delay below 100 ms - you can use the 'Test Parameters' button to test your settings.

Resources: If you want to limit the amount of memory Kryptor uses, then you can lower the memory size and instead increase the iteration count to maintain security.