FinalCrypt - File Encryption Program

Discussion in 'privacy technology' started by mood, Apr 3, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,776
    FinalCrypt_Encrypt.png FinalCrypt_Log.png
    FinalCrypt - File Encryption Program v2.0 (April 2, 2018)
    Available for: Windows, Linux, macOS
    Requirement: Java JRE
    Website
    Download
    Review (Softpedia)
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,403
    Location:
    Here
    Too bad that it requires Java.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,126
    Location:
    The Netherlands
    Yup, anything that involves Java is a no-go for me.
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,779
    I don't think using key file alone instead of password (or better, combination of them) is so good idea.
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    19,776
    FinalCrypt - File Encryption Program v2.1 Released (April 5, 2018)
    Download
    no Changelog available
     
  6. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    98
    I see nothing on the website but hand waving explanations of the encryption. Probably makes a hash of the file and uses that as a key but no mention of the actual encryption method. In fact, it is implied that it does not use AES or DES.
     
  7. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    A native package for Windows, Mac & Linux is provided, so it doesn't require Java to be installed, because the native package already has Java embedded and the source code is available to everyone so users can check that FinalCrypt does NOT contain any form of malicious code.
     
  8. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    Java is more hardware restricted than any other native codeset. Native code
    This video explains exactly in a 3D animation how FinalCrypt's encryption works: https://youtu.be/G4TY6yB8gSM
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,403
    Location:
    Here
    I tried to install Legacy and MSI installer in VM and couldn't install it.

    Legacy installer error prompts:

    upload_2018-5-12_18-11-39.png

    upload_2018-5-12_18-11-59.png

    upload_2018-5-12_18-12-22.png

    I get similar problems with MSI installer. Also installing it that way was somehow "wierd" - it was one Next ant then nothing, just shortcut appearing that throws simila errors when launced.
    I've used installers from github site, and use Windows 10 in VM with no JRE installed.
     
  10. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    Windows 7 requires all available updates and additionally things like "Visual C++ Redistributable for Visual Studio 2017" in order to include "Universal CRT".
    Installing FinalCrypt on Windows 10 doesn't require additional software and shouldn't be a problem. Thank you for your interest in FinalCrypt.
    Just like me I want the people to have their privacy back again, that's is my only objective as the developer of FinalCrypt. Our privacy has been violated way too far.
     
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    What does that have over existing cross platform solutions like encrypted zip?
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,403
    Location:
    Here
    I tried to install it on Windows 10 but no luck. Same errors as shown above occur.
     
  13. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    I've installed every new release on a Windows 10 laptop without problems, but that was not a Virtual Machine with Windows 10, but a real computer with Windows 10.
    I'd love to test FinalCrypt on a Virtual Machine Windows 10 install, but i haven't got a spare Windows 10 license for a separate Virtual Machine.
    The added value of FinalCrypt is that it does not use any Government approved encryption algorithm, but exclusive the users own cipher file, which is why possibility guessing (brute force attack) and backdoors are impossible. I know most people are afraid for 3rd party software, but in fact we should be afraid of government approved encryption software as they have lied to us countless of times and they will continue to do so. I've been abused, exploited and lied to by the elite too, I'm on your side. You can 100% trust FinalCrypt and install it on a real Win 10 computer. I swear on my own life that FinalCrypt is free from mallware or any other bad intention, which is why I published FinalCrypt as OpenSource. I swear i will never betray my users, because i do not want the elite to abuse others.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,403
    Location:
    Here
    I'm sorry but I never install software that I test on my host system, only in VM. It's not just about trusting developer but also about keeping my system as clean as possible.
    I will try to install JRE in VM before installing FinalCrypt, just in case that it still needs it.
     
  15. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    I understand and there is also a platform independent FinalCrypt_Z.jar file: https://github.com/ron-from-nl/FinalCrypt/releases
    I call it FinalCrypt_Z.jar so it ends up at the bottom of the releases list. The jar file has an even more powerful command line interface:
    java -cp FinalCrypt_Z.jar rdj/CLUI --help

    Under unix/linux it even supports Cipher Devices in stead of Cipher Files so your cipher can't be copied like a file.
     
  16. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    I managed to get the FinalCrypt_Z.jar (GUI & CLUI) working after installing JRE8 (update 172)
     
  17. tdw

    tdw Registered Member

    Joined:
    May 21, 2018
    Posts:
    7
    Location:
    Planet Earth
    Please don't use such sketchy programs for encryption.

    The encryption behind it, according to the explanation by the developer, is basically a one time pad encryption.
    However without makeing sure the key is A) completely random and B) never used twice, the encryption is broken. This is not sane encryption. DO NOT USE IT FOR SECURITY.

    Also the explained reasons for not using AES and other standards lacks any logic.
     
  18. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    FinalCrypt lets you use your own personally created (smartphone) photo's / video's as key files (i call cipher files). How can your own privately made photo's not be unique?
    Don't pretend to be an expert on security and encryption if you don't even understand that personally shot pictures can't be anything else than unique data files.
    The links and video's on my website clearly and exactly explains why FinalCrypt specifically is sane encryption in comparison to other NSA controlled forms of encryption.
    Research first before you talk nonsense: https://sites.google.com/site/ronuitholland/home/finalcrypt
     
  19. tdw

    tdw Registered Member

    Joined:
    May 21, 2018
    Posts:
    7
    Location:
    Planet Earth
    This is not about the key file being unique. It's about the key file not being random.
    If you do not know the differences as well as the dependencies of the algorithms you implement, please don't do it at all.


    What you describe is the implementation of the one time pad:
    https://en.wikipedia.org/wiki/One-time_pad

    This algorithm is secure given a number of conditions to be met. Your implementation fails to meet any of those conditions and the algorithms is broken if even a single one is incorrect.


    BTW. You did not explain what is wrong with the encryption the NSA contest declared as AES and you also ignore that there is a lot of well audited encryption algorithms and tools that have nothing to do with the NSA e.g. https://en.wikipedia.org/wiki/Camellia_(cipher)
     
  20. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    Al right mr encryption expert put your money where your mouth is and crack / decrypt the FinalCrypt bit file inside the linked zip archive, show the decrypted picture here with a result of the following MD5sum: 211b28fc906f11d95257c6d624b8d6cd and I'll pay you $10,000 if you don't succeed you'll pay me a $100 and apologise. Use any supercomputer you wish.

    Here's the link:
    https://drive.google.com/file/d/1we8DXlaDpZ-MneuDK49k0q0RtqZcw_PR/view?usp=sharing

    Inside the linked archive you'll find an encrypted image of Mr X replacing Jim Carrey on the movie poster of Dumb & Dumber.
    As an example I've added the real poster of Dumb & Dumber too, so you know what to expect after decrypting Mr X & Dumber poster ;-)

    I'll bet you'll (come up with any excuse to) not take the challenge
     
    Last edited: May 25, 2018
  21. tdw

    tdw Registered Member

    Joined:
    May 21, 2018
    Posts:
    7
    Location:
    Planet Earth
    Let me get this straight: You want me to do a cryptoanalysis because I pointed out that your crypto is flawed, proven again and again by both science and historic examples https://en.wikipedia.org/wiki/Venona_project

    So I better get to work and spent day and night to provide prove for something that has been proven just so you get the example applied to your program...

    If you want to believe a cryptoanalyst (which I am not) or the NSA cannot break your algorithm despite the arguments/references I have given, you can use any excuse you want.

    I just made this post to keep people from relying on this broken crypto.


    BTW: if you are serious about the bounty you can make it official https://hackerone.com/bug-bounty-programs
     
    Last edited: May 25, 2018
  22. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    98
    You are asking for decryption of a single file. This is the most difficult encryption task but hardly comprehensive.
    Almost all encryption ciphers are secure if all your adversary has is a single small file. If I encrypt the same image file with Blowfish using a max length password, randomly generated, even the NSA would have a hard time decrypting it.
    This does not even address the implementation concerns TDW was referring to. Then there are just plain old software bugs where the application leaves unencrypted data in temp storage, memory, page files, etc. And worst case is the program leaves a copy of the complete encryption key just laying around somewhere.
     
  23. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    First the security of encryption should never solely rely on it's encryption algorithm and should mainly rely on personal key / cipher data as mathematical algorithms can be reversed analysed and reproduced. This is a big flaw on its own and a scam that virtually everyone buys into. Second of all security of encryption is deliberately compromised by governmental regulations limiting keyfile size so the immense computing power of today's supercomputers can brute force check the contents of way too small keyfiles (why limiting keyfiles in size in the first place?). There's the second scam people look over as most people are kept in the dark about the number crunching capacity of today's supercomputers. FinalCrypt also encrypts the original file before it deletes the original file (secure deletion). FinalCrypt also leaves no copy of the cipher / key and solely reads cipher data in small overwriting chunks (synchronized) with I/O caching disabled.

    Bottom line is FinalCrypt solely uses the unique bit patterns of the user's personal cipher to encrypt the user's data.
     
  24. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    98
    You should not be paranoid about the power of secret NSA super computers. There are fundamental limits to how fast data can be manipulated and the NSA can't break the laws of physics! I doubt they are spending any time at all trying to "break" AES. Instead, they are constantly developing methods to gain access to active networks and computers so they can intercept data before it gets encrypted. (see Wikileaks for example) You can encrypt a document but if there is a keylogger running while you type, the encryption is pointless. If FinalCrypt were to "catch on" like TrueCrypt did, the NSA would specifically attack it. How would you know if windows started saving copies of FinalCrypt key data to disk for example?
     
  25. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    36
    Location:
    Zaanstad, The Netherlands
    Good question and a question I've asked myself during the design of FinalCrypt. Key files (or cipher files as i call them) can be collected / harvested by spying software, even if you keep them on a USB stick when attached. Therefore FinalCrypt has support for Cipher Devices (which I use to encrypt / decrypt my personal documents). A Cipher Device is a raw GUID Partition Table with the data of a cipher file encrypted by an extra layer of random bit patterns saved to the raw cipher partition on a USB stick, that is being partitioned by FinalCrypt with as common as possible GPT headers and entries, so there is no file-system with (potential key/cipher) files to be mounted and copied. Agencies like the NSA, FBI MI6 etc. can not afford to copy all data of all partitions of all USB sticks at all times at all places in the world for eternity. Therefore FinalCrypt's Cipher Devices makes evey raw bunch of bytes in the world a suspicious key / cipher, so i wish the security agencies good luck with that ;-)
     
    Last edited: May 30, 2018
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.