Kryptor

Security Limitations

The following security limitations are outside of Kryptor's control. You can use disk encryption to protect against data leaks as a result of crash dump files, the paging file, and the hibernation file.

Passwords and keyfiles

Using strong passwords and/or keyfiles is extremely important to the strength of the file encryption. I strongly recommend following the practices outlined in the Passwords and Keyfiles sections of the documentation.

Password Sharing Private Keys

Kryptor does not currently encrypt generated private keys for Password Sharing. This means it is your responsibility to store your private keys securely - e.g. using a password manager. Never share your private keys.

Physical access to your computer

To prevent Kryptor from being abused by another person using your computer (e.g. they could encrypt your files with a password you wouldn't know), I strongly recommend locking your computer with a password/PIN when it's not in use.

Malware

Malware such as keyloggers and backdoors/trojans can be used to retrieve passwords. Note that devices plugged into your machine can also compromise your security such as USB keyloggers. However, you can use keyfiles in Kryptor to provide protection against keylogging.

Follow good security practices to avoid malware infections on your computer. For example, keep your operating system and programs up-to-date, and do not visit suspicious websites or open suspicious emails/attachments/programs.

Sensitive data in RAM

When you use Kryptor, there will be sensitive data (such as passwords and encryption keys) stored in memory. If 'Memory Encryption' is enabled in settings, then sensitive byte arrays will be encrypted when they don't need to be accessed. However, when this data needs to be used, the byte arrays will need to be unencrypted.

This means that if someone performs a memory dump whilst Kryptor is running, they may retrieve some sensitive data. Note that once sensitive data is no longer needed, Kryptor zeroes out the data when possible.

However, the erasure of strings entered into textboxes cannot be controlled by Kryptor. These strings get disposed of by .NET garbage collection automatically. Until they are collected, any strings could be retrieved from memory by an attacker or end up on disk due to the reasons listed below.

Kryptor uses char arrays when possible to pass strings between subroutines, but for certain functionality (password strength checking, retrieving textbox entries/displaying text in a textbox) strings have to be used.

Whilst this may sound like a terrible security flaw, this problem is common among many programs due to programming language limitations. Furthermore, unencrypted data in RAM is normal and not something to be concerned about unless an attacker has physical access to your machine. In other words, as an ordinary user, you should not be concerned.

Crash Dump Files

Errors and crashes on Windows can cause the contents of memory to be written to crash dump files on disk. These files may contain sensitive data such as password strings entered into Kryptor.

The Paging File

The paging file is a hidden file on a Windows drive that is used to store data in memory on disk when RAM becomes full or you aren't using a program that's running in the background. This means sensitive data that was in memory can be stored on disk.

The Hibernation File

If your computer hibernates, then the contents of memory will be stored in the hibernation file on Windows. This means sensitive data that was in memory can be stored on disk. If this concerns you, you can disable hibernation on Windows as explained here.