FinalCrypt - File Encryption Program v2.0 (April 2, 2018) Available for: Windows, Linux, macOS Requirement: Java JRE Website Download Review (Softpedia)
I don't think using key file alone instead of password (or better, combination of them) is so good idea.
I see nothing on the website but hand waving explanations of the encryption. Probably makes a hash of the file and uses that as a key but no mention of the actual encryption method. In fact, it is implied that it does not use AES or DES.
A native package for Windows, Mac & Linux is provided, so it doesn't require Java to be installed, because the native package already has Java embedded and the source code is available to everyone so users can check that FinalCrypt does NOT contain any form of malicious code.
Java is more hardware restricted than any other native codeset. Native code This video explains exactly in a 3D animation how FinalCrypt's encryption works: https://youtu.be/G4TY6yB8gSM
I tried to install Legacy and MSI installer in VM and couldn't install it. Legacy installer error prompts: I get similar problems with MSI installer. Also installing it that way was somehow "wierd" - it was one Next ant then nothing, just shortcut appearing that throws simila errors when launced. I've used installers from github site, and use Windows 10 in VM with no JRE installed.
Windows 7 requires all available updates and additionally things like "Visual C++ Redistributable for Visual Studio 2017" in order to include "Universal CRT". Installing FinalCrypt on Windows 10 doesn't require additional software and shouldn't be a problem. Thank you for your interest in FinalCrypt. Just like me I want the people to have their privacy back again, that's is my only objective as the developer of FinalCrypt. Our privacy has been violated way too far.
I've installed every new release on a Windows 10 laptop without problems, but that was not a Virtual Machine with Windows 10, but a real computer with Windows 10. I'd love to test FinalCrypt on a Virtual Machine Windows 10 install, but i haven't got a spare Windows 10 license for a separate Virtual Machine. The added value of FinalCrypt is that it does not use any Government approved encryption algorithm, but exclusive the users own cipher file, which is why possibility guessing (brute force attack) and backdoors are impossible. I know most people are afraid for 3rd party software, but in fact we should be afraid of government approved encryption software as they have lied to us countless of times and they will continue to do so. I've been abused, exploited and lied to by the elite too, I'm on your side. You can 100% trust FinalCrypt and install it on a real Win 10 computer. I swear on my own life that FinalCrypt is free from mallware or any other bad intention, which is why I published FinalCrypt as OpenSource. I swear i will never betray my users, because i do not want the elite to abuse others.
I'm sorry but I never install software that I test on my host system, only in VM. It's not just about trusting developer but also about keeping my system as clean as possible. I will try to install JRE in VM before installing FinalCrypt, just in case that it still needs it.
I understand and there is also a platform independent FinalCrypt_Z.jar file: https://github.com/ron-from-nl/FinalCrypt/releases I call it FinalCrypt_Z.jar so it ends up at the bottom of the releases list. The jar file has an even more powerful command line interface: java -cp FinalCrypt_Z.jar rdj/CLUI --help Under unix/linux it even supports Cipher Devices in stead of Cipher Files so your cipher can't be copied like a file.
Please don't use such sketchy programs for encryption. The encryption behind it, according to the explanation by the developer, is basically a one time pad encryption. However without makeing sure the key is A) completely random and B) never used twice, the encryption is broken. This is not sane encryption. DO NOT USE IT FOR SECURITY. Also the explained reasons for not using AES and other standards lacks any logic.
FinalCrypt lets you use your own personally created (smartphone) photo's / video's as key files (i call cipher files). How can your own privately made photo's not be unique? Don't pretend to be an expert on security and encryption if you don't even understand that personally shot pictures can't be anything else than unique data files. The links and video's on my website clearly and exactly explains why FinalCrypt specifically is sane encryption in comparison to other NSA controlled forms of encryption. Research first before you talk nonsense: https://sites.google.com/site/ronuitholland/home/finalcrypt
This is not about the key file being unique. It's about the key file not being random. If you do not know the differences as well as the dependencies of the algorithms you implement, please don't do it at all. What you describe is the implementation of the one time pad: https://en.wikipedia.org/wiki/One-time_pad This algorithm is secure given a number of conditions to be met. Your implementation fails to meet any of those conditions and the algorithms is broken if even a single one is incorrect. BTW. You did not explain what is wrong with the encryption the NSA contest declared as AES and you also ignore that there is a lot of well audited encryption algorithms and tools that have nothing to do with the NSA e.g. https://en.wikipedia.org/wiki/Camellia_(cipher)
Al right mr encryption expert put your money where your mouth is and crack / decrypt the FinalCrypt bit file inside the linked zip archive, show the decrypted picture here with a result of the following MD5sum: 211b28fc906f11d95257c6d624b8d6cd and I'll pay you $10,000 if you don't succeed you'll pay me a $100 and apologise. Use any supercomputer you wish. Here's the link: https://drive.google.com/file/d/1we8DXlaDpZ-MneuDK49k0q0RtqZcw_PR/view?usp=sharing Inside the linked archive you'll find an encrypted image of Mr X replacing Jim Carrey on the movie poster of Dumb & Dumber. As an example I've added the real poster of Dumb & Dumber too, so you know what to expect after decrypting Mr X & Dumber poster ;-) I'll bet you'll (come up with any excuse to) not take the challenge
Let me get this straight: You want me to do a cryptoanalysis because I pointed out that your crypto is flawed, proven again and again by both science and historic examples https://en.wikipedia.org/wiki/Venona_project So I better get to work and spent day and night to provide prove for something that has been proven just so you get the example applied to your program... If you want to believe a cryptoanalyst (which I am not) or the NSA cannot break your algorithm despite the arguments/references I have given, you can use any excuse you want. I just made this post to keep people from relying on this broken crypto. BTW: if you are serious about the bounty you can make it official https://hackerone.com/bug-bounty-programs
You are asking for decryption of a single file. This is the most difficult encryption task but hardly comprehensive. Almost all encryption ciphers are secure if all your adversary has is a single small file. If I encrypt the same image file with Blowfish using a max length password, randomly generated, even the NSA would have a hard time decrypting it. This does not even address the implementation concerns TDW was referring to. Then there are just plain old software bugs where the application leaves unencrypted data in temp storage, memory, page files, etc. And worst case is the program leaves a copy of the complete encryption key just laying around somewhere.
First the security of encryption should never solely rely on it's encryption algorithm and should mainly rely on personal key / cipher data as mathematical algorithms can be reversed analysed and reproduced. This is a big flaw on its own and a scam that virtually everyone buys into. Second of all security of encryption is deliberately compromised by governmental regulations limiting keyfile size so the immense computing power of today's supercomputers can brute force check the contents of way too small keyfiles (why limiting keyfiles in size in the first place?). There's the second scam people look over as most people are kept in the dark about the number crunching capacity of today's supercomputers. FinalCrypt also encrypts the original file before it deletes the original file (secure deletion). FinalCrypt also leaves no copy of the cipher / key and solely reads cipher data in small overwriting chunks (synchronized) with I/O caching disabled. Bottom line is FinalCrypt solely uses the unique bit patterns of the user's personal cipher to encrypt the user's data.
You should not be paranoid about the power of secret NSA super computers. There are fundamental limits to how fast data can be manipulated and the NSA can't break the laws of physics! I doubt they are spending any time at all trying to "break" AES. Instead, they are constantly developing methods to gain access to active networks and computers so they can intercept data before it gets encrypted. (see Wikileaks for example) You can encrypt a document but if there is a keylogger running while you type, the encryption is pointless. If FinalCrypt were to "catch on" like TrueCrypt did, the NSA would specifically attack it. How would you know if windows started saving copies of FinalCrypt key data to disk for example?
Good question and a question I've asked myself during the design of FinalCrypt. Key files (or cipher files as i call them) can be collected / harvested by spying software, even if you keep them on a USB stick when attached. Therefore FinalCrypt has support for Cipher Devices (which I use to encrypt / decrypt my personal documents). A Cipher Device is a raw GUID Partition Table with the data of a cipher file encrypted by an extra layer of random bit patterns saved to the raw cipher partition on a USB stick, that is being partitioned by FinalCrypt with as common as possible GPT headers and entries, so there is no file-system with (potential key/cipher) files to be mounted and copied. Agencies like the NSA, FBI MI6 etc. can not afford to copy all data of all partitions of all USB sticks at all times at all places in the world for eternity. Therefore FinalCrypt's Cipher Devices makes evey raw bunch of bytes in the world a suspicious key / cipher, so i wish the security agencies good luck with that ;-)