Kryptor

Security Limitations

The following security limitations are outside of Kryptor's control. You can use disk encryption to protect against data leaks as a result of crash dump files, the paging file, and the hibernation file.

Passwords and keyfiles

Using strong passwords and/or keyfiles is extremely important to the strength of the file encryption. I strongly recommend following the practices outlined in the Passwords and Keyfiles sections of the documentation.

Password Sharing Private Keys

Kryptor does not currently encrypt generated private keys for Password Sharing (this feature is coming in v3.0.0 Beta). This means that it's your responsibility to store your private keys securely - e.g. using a password manager. Never share your private keys.

Physical access to your computer

To prevent Kryptor from being abused by another person using your computer (e.g. they could encrypt your files with a password you wouldn't know), I strongly recommend locking your computer with a password/PIN when it's not in use.

Malware

Malware such as keyloggers and backdoors/trojans can be used to retrieve passwords. Note that devices plugged into your machine can also compromise your security such as USB keyloggers. However, you can use keyfiles in Kryptor to provide protection against keylogging.

Follow good security practices to avoid malware infections on your computer. For example, keep your operating system and programs up-to-date, and do not visit suspicious websites or open suspicious emails/attachments/programs.

Sensitive Data in RAM

Sensitive data is stored in memory (e.g. passwords and encryption keys). If someone performs a memory dump whilst Kryptor is running, they may retrieve some sensitive data. It's not possible to prevent this.

In an attempt to minimise this risk, some sensitive data is encrypted in memory. Note that this encrypted data can be decrypted if someone retrieves the encryption keys, which are also stored in memory. Memory encryption only delays an attacker.

Kryptor also uses char arrays when possible (instead of strings) and zeroes out sensitive char/byte arrays that are no longer needed.

Crash Dump Files

Errors and crashes on Windows can cause the contents of memory to be written to crash dump files on disk. These files may contain sensitive data such as password strings entered into Kryptor.

The Paging File

The paging file is a hidden file on a Windows drive that is used to store data in memory on disk when RAM becomes full or you aren't using a program that's running in the background. This means sensitive data that was in memory can be stored on disk.

The Hibernation File

If your computer hibernates, then the contents of memory will be stored in the hibernation file on Windows. This means sensitive data that was in memory can be stored on disk. If this concerns you, you can disable hibernation on Windows as explained here.