Updated on the 23rd of December 2020
What is the difference between the CLI and GUI versions?
GUI stands for Graphical User Interface, and CLI stands for Command Line Interface. The GUI version of Kryptor runs like a typical Windows program, whereas the CLI version must be run from the command line/terminal.
I recommend using the CLI version on Linux and macOS but the GUI version on Windows unless you're familiar with command line applications.
Is there a tutorial for new users?
Yes, click here to view a guide with step-by-step instructions and screenshots.
Does Kryptor connect to the internet?
The GUI version of Kryptor connects to GitHub when the program is launched to check for updates. This can be disabled in the settings.
The CLI version doesn't perform any automatic checks for updates, meaning it runs offline by default. However, an internet connection is required to check for updates and view the linked webpages (documentation, source code, etc).
Does Kryptor require an account to use?
No, Kryptor does not require an account to use. There's no such thing as a Kryptor account.
I forgot my password or lost a keyfile, is there any way to recover encrypted files?
Unfortunately, if you forget your password or lose a keyfile, then your encrypted files will be unrecoverable. If you have chosen a secure password/keyfile and are using secure Argon2 settings, then it will take an impractical amount of time to bruteforce the encryption keys used.
There is no backdoor in Kryptor. Only you know your passwords and have access to your keyfiles. Do not forget your passwords or lose keyfiles. Store your passwords in a password manager and backup keyfiles to external storage.
Why should I use Kryptor over the alternatives?
Why do I get a Windows SmartScreen popup when I first run Kryptor?
Because Windows SmartScreen is an annoyance for developers. In order to get rid of this popup, Kryptor needs to have a large userbase and be run on lots of different computers, or I have to pay over £300 a year for an EV Code Signing Certificate (although this is designed for companies, not individuals).
Kryptor is new software and therefore doesn't have a large userbase, and EV Code Signing Certificates are ridiculously expensive and designed for companies. By running Kryptor, you are helping to remove this popup, but every time there's a new version, this popup may reappear.
The best solution to this problem is that I purchase a Standard Code Signing Certificate (£65/yr). This won't remove the popup until enough people run the program, but it will remove the 'Unknown Publisher' warning. Please consider donating if you'd like to help me afford a certificate.
Why is Kryptor free and open source?
Because free and open source software is great. The user has the freedom to run, study, change, and distribute the software. Furthermore, open source allows people to review the code, which can lead to security vulnerabilities getting identified and patched.
Kryptor will always be free and open source, but if you'd like to support the project and help cover code signing certificate and website hosting costs, then please consider donating :)
Has Kryptor been audited?
Kryptor has not been audited by a third-party. Security audits are extremely expensive (thousands of dollars) and require open source funding. However, it isn't easy to get funding as your software must meet certain requirements such as having a large enough userbase.
The good news is that because Kryptor is open source, anybody is able to review the source code and identify security vulnerabilities.
How do I report security vulnerabilities and bugs?
Does Kryptor store my passwords on disk?
No, Kryptor never stores passwords on disk. Only you know your passwords.
However, the Windows operating system may make copies of password strings in memory that could end up on disk (e.g. in the paging file, hibernation file, etc). This is not something that can be controlled by Kryptor. Disk encryption is the best protection against this risk.
Does Kryptor have any keylogging protection?
Yes, keyfiles provide protection from keylogging. However, Kryptor does not provide any sort of secure desktop or typing obfuscation for password entry.
Are the encryption algorithms quantum computing resistant?
Kryptor should provide at least 128-bit security against quantum computing because 256-bit encryption keys are used, meaning the file encryption is secure against quantum computing.
However, Curve25519 (used for password sharing and memory encryption) is not quantum resistant. Note that many asymmetric algorithms aren't. With that said, it's currently secure and widely used.
What is a keyfile and how do I randomly generate them?
A keyfile is a file that contains 64 bytes that are combined with your password for increased security or used instead of a password.
You can randomly generate keyfiles in Kryptor by going to File => Create Keyfile. Using generated keyfiles alongside passwords will provide increased security if you store your keyfiles correctly.
Where should I store my keyfiles?
I recommend storing your keyfiles on a USB or external hard drive. For another layer of security, you could also encrypt the USB or external hard drive using disk encryption software.
How secure are keyfiles?
Using a keyfile alongside a password will provide a significant increase in security assuming you store the keyfile correctly (e.g. on a USB or external hard drive). However, using a keyfile instead of a password is arguably less secure than just using a password because keyfiles get stored on disk, whereas passwords can be memorised.
I strongly recommend using a keyfile alongside a password instead of just using a keyfile. I also strongly recommend randomly generating keyfiles as explained above. Randomly generated keyfiles will provide more security than ordinary files.
Why doesn't Kryptor use authenticated encryption modes like AES-GCM and ChaCha20-Poly1305?
Authenticated encryption modes and AEADs are less suitable for file encryption because they are generally designed for smaller amounts of data. For example, they often use small nonces (e.g. 64-bits or 96-bits), which means there's greater potential for nonce reuse.
Furthermore, using authenticated encryption modes requires loading entire files into memory (rather than reading portions of the file into memory) because of how the MAC is calculated. This isn't possible for large files.
Instead, Kryptor uses unauthenticated encryption modes with BLAKE2b for authentication (Encrypt-then-MAC), allowing files to be read in chunks.
Why does Kryptor not support cipher cascades?
I decided not to include cipher cascades because I didn't think many people would use the feature. I also believe they're an excessive approach to security and provide protection against an unrealistic threat model considering that encryption algorithms like ChaCha20 are very much secure.
How do I share a password using Password Sharing?
The Password Sharing documentation explains how to share a password step-by-step.
How do I add a custom wordlist for passphrase generation?
You can either edit or replace the 'wordlist.txt' file found in the Kryptor folder (%APPDATA%\Kryptor\wordlist.txt when Kryptor has been installed). Make sure that each word is on a new line.
What programming language is Kryptor written in?
C# was chosen because I like the language and have more experience working with C# than other programming languages. Furthermore, Windows Forms makes creating a GUI nice and simple.
What does the version number mean?
Kryptor uses a version number with three numbers (e.g. 1.0.0).
How do I build Kryptor from source?
Visual Studio 2019 Community is the IDE I recommend building with, but be aware that it isn't open source. Furthermore, you have to sign into a Microsoft account after 30 days, although this can be bypassed.
If you just want to view the code, then you can use a text editor like Atom or a source code editor like VSCodium, which is the open source version of VSCode. However, you must use Visual Studio 2019 Community to view the Windows Forms Designer.