FinalCrypt - File Encryption Program

Discussion in 'privacy technology' started by mood, Apr 3, 2018.

  1. tdw

    tdw Registered Member

    Joined:
    May 21, 2018
    Posts:
    7
    Location:
    Planet Earth

    So you ignore the security of your algorithm and base the supposed security of the resulting encryption solely on the key which is use on a broken algorithm...

    Since you seem to believe there is some kind of restriction on the keylength could you at least point it out? Where is such a restriction enforced?

    There are some common key length namely 128/256 bit, resulting of the fact that even 128 cannot be broken by brute force (by the known limits of physics)

    The reason most encryption uses short keys, is because that is their greatest advantage.

    https://www.schneier.com/crypto-gram/archives/2002/1015.html#7

    You also have yet to provide any reason not to use any other encryption program except for empty claims. And since you seem to believe in prove of concept please provide prove that you can break AES128. Since they use such short keys that should be a piece of cake according to your own logic.
     
  2. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    FinalCrypt's encryption algorithm is nothing but take the next bit of the cipher file and if that bit is a 1 then negate the corresponding data bit.
    If the last cipher bit is read then start reading from the beginning of the cipher file again (loop through the cipher). That is not a broken algorithm, that's just cipher 1 bits negating data bits.
    It can't get simpler and still you assume the algorithm is broken. This shows your lack of competence.
     
  3. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    84
    Negate bits? What does that even mean? Surely you must mean bitwise XOR because anything else would be nonsense.
    Please help us out in understanding your qualifications. You have a masters or PhD in finite field mathematics, or differential cryptanlysis? Personal recommendation from a well known cryptoanalyst? 10 years working as an analyst for the NSA? I searched LinkedIn for Ron de Jong, found many accounts but none with anything that was remotely related to crypto.
     
  4. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    Negating is just slang for flipping a bit from 0 to 1 and 1 to 1. XOR is the way two bits do that indeed if you wanna sound interesting to others. If you want to hit a dog there's always a stick to be found. Only one thing counts for me and that's FinalCrypt's encryption strength. You got no beef on FinalCrypt, so you hit the dog creating it! I don't give a **** *** about ego tripping educational status, only about data security effectiveness. Period.
     
  5. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    84
    Ok then. "cause I say so" is good for me
     
  6. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    Probably the simple way FinalCrypt encrypts is too hard to understand for some...
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,313
    FinalCrypt - File Encryption Program v2.2.0 (June 7, 2018)
    Available for: Windows, Linux, macOS
    Website
    Download
     
  8. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    Thank you Mood.
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,313
    You're welcome :)
     
  10. tdw

    tdw Registered Member

    Joined:
    May 21, 2018
    Posts:
    7
    Location:
    Planet Earth

    What you describe is known as one time pad. This simple algorithm has been invented in 1882 and has since then been analyzed by many people leading to the discovery of certain conditions that have to be met for the algorithm to be secure. If those conditions are not met, the algorithm can be broken. This has been shown again and again in numerous papers, studies and proof of concepts.

    The only pseudo argument you have provided so far is the plain lie that your algorithm is just too simple to be broken, ignoring the facts that have been on the table for centuries...
     
  11. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    84
    This is basically a flat vs sphere argument. Best let it go :(
     
  12. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    You guys are just jealous only being capable of tearing down the competition by parroting other people's theories. What do you got to show for your self? Don't bother I'm not really interested :)
     
  13. tdw

    tdw Registered Member

    Joined:
    May 21, 2018
    Posts:
    7
    Location:
    Planet Earth
    I don't need to prove that the earth is not flat, sorry.
    If the obvious facts that others have found centuries ago are not enough for you, nobody can help you.
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,313
    FinalCrypt - File Encryption Program v2.2.1 (June 23, 2018)
    Website
    Download
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,313
    FinalCrypt - File Encryption Program v2.3.1 (July 30, 2018)
    Website
    Download
     
    Last edited: Jul 30, 2018
  16. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    Thank you Mood. Just to get back to the one-time pad discussion i'd like to clarify one thing. FinalCrypt does not demand a one-time pad key / cipher file (completely random key at least as big a the data block to encrypt etc.). FinalCrypt allows the user to use any key / cipher file above 1KB. The user can decide form him / her self to use a key / cipher file that complies to one-time pad requirements. Complete user-freedom is what it comes down to.
    For instance I use a random key / cipher data block of many many MBs (secret). This key / cipher is so big that only 50 out of my 100.000+ files are not one-time pad encrypted as only those 50 files are bigger than my key / cipher file. FinalCrypt of course can also use key / cipher files much bigger e.g. many Giga or even Tera bytes (or bigger) large, but to me I don't find it necessary, although FinalCrypt is perfectly capable of one-time pad encrypting humongous files.
     
    Last edited: Jul 23, 2018
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,313
    FinalCrypt - File Encryption Program v2.4.0 (September 03, 2018)
    Website
    Download
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,313
    FinalCrypt - File Encryption Program v2.4.2 (September 23, 2018)
    Website
    Download
     
  19. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    FinalCrypt 2.6.0 released. Release notes: Added One-time Pad Key generator (FIPS 140-2 and RFC 1750 compliant). FinalCrypt now has the highest possible security standard there is. All for free for everyone!
     
  20. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    So if I would get access to your FinalCrypt encrypted computer, all I'd have to do is search for the biggest unencrypted file and use it as the key-file to decrypt all other files? That doesn't seem secure at all. You would have to store the key on a separate medium - and if the attacker has access to your home, like the government, it would have to be encrypted by other means. And then all what it comes down to is how strong the encryption algorithm of your obvious keyfile is. Because you can't use OTP for it - it's already the biggest file - you would have to encrypt it with AES or similar. And then we reached a point where it doesn't matter if you used OTP in the first place.

    Can you please elaborate what kind of behavior one would have to follow to make anything secure with this encryption? For example, using "traditional" encryption methods, you only have to memorize a sentence of 6 or 7 words from a list of 7776 in order to make it secure from the government.
     
  21. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    You wouldn't find my key on my computer ;-) I do keep my keys separate, secret and safe. By the way FinalCrypt offers key-devices (raw binary OTP keys on USB sticks outside any optional filesystems present on those sticks). In contrast to asymmetric (clearly recognizable) keys, FinalCrypt keys can be any file, raw partition or raw device, so you never know whether you are dealing with a FinalCrypt key among countless numbers of files anywhere in the world ;-)
     
  22. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Key-devices sound easy to find. Just look for a usb stick and compare it's size with what is written on it. (Either as the model number/description or part number of the chip inside) Also you would have to have a mechanism to see and read the secret partition that is used as a key: This means it is visible to the OS. And since the secret partition can't be small it is not hard to make out.

    Can a key be split over several files?
    And this is an important question: At what point is decrypting a file or computer for daily use too much work? (e.g. Opening the safe in the cellar behind a false-shelf-door, stripping the paint off the inside of the safe to find the hidden SD-card under a thick layer of paint, using the secret power-outlet that leads to a raspberryPI in the wall that has the second part of the key-file on it, getting key-files from the cloud maybe, making the partitions visible, combining them all ...)
    I mean, this is just as secure as physical security. Security by obscurity. And there are limits to it if you want to use it daily. So how much security is left over after convenience - or is realistically achievable?

    How? If you get searched, for example, all your stuff is theirs and thus your encryption is broken. Just like that.
    I seriously can't come up with a scenario that would make this secure against government searches - even if the amount of work to decrypt it is huge.
    Ok, this may be an edge case with the governmental searches etc.pp, but in the end there are other options that work better and safer.
     
  23. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,296
    Location:
    Here, There and Everywhere
    I find your lack of understanding simply stunning. Your inclusion of code that will produce a OTP key means nothing. Implementation in cryptographic software is paramount. In fact, reading through this thread, your lack of understanding about almost everything relating to this entire field (as shown in many of your replies) is of the amateur variety. Then there is the matter of your unprofessional and juvenile language directed at posters.

    This software, FinalCrypt, should not be used by anyone needing serious encryption.
     
  24. Ron de Jong

    Ron de Jong Registered Member

    Joined:
    May 12, 2018
    Posts:
    33
    Location:
    Zaanstad, The Netherlands
    Look, to you of course I'm an amateurish idiot knowing nothing about encryption. I know one thing: {RND XOR DAT = ENCRYPT} - {RND XOR ENCRYPT = DAT}. It's that simple. That's exactly what FinalCrypt is doing and that's what all the other encryption tools are doing, except with tiny recognizable key files. There's nothing you can do to make FinalCrypt less secure. Not by swearing, not by insulting. You are angry because what you believe in and stand for is being competed and pushed off stage. I feel your pain.

    BTW believing in whole disk encryption (VeraCrypt etc.) as you do really shows a lack of security awareness. Unlock a whole file-system and your favorite browser, email-clients, indexing processes and whatever, scrapes anything of the bottom of your unlocked file-system like a fishing trawler, including an avalanche of Internet connections by such software sending a lot of (personal) data upstream ;-)
     
    Last edited: Nov 27, 2018
  25. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    At some point it becomes irrelevant what your program does or does not - because you as the developer have squandered all trustfulness/competence of it.

    This started with you never publishing a scientific paper on your approach (that, e.g. explains why you are doing it better than everyone else that tried OTP before) and it essentially ended when you called conventional encryption methods:
    Now you are by definition a conspiracy theorist. And your tin-foil hat is FinalCrypt.

    Don't get me wrong. You could be right. Your program could be the only working encryption method. You could be a cool guy. But your presentation lacks evidence and your attitude has cast a stigma on yourself. (I mean the childish fight you got into here) Not the critics should come up with why your program doesn't work, it's you who should provide indisputable proof. But you don't want to or you can't.
    If you would just change your approach, maybe some security magazine is willing to give you a platform to talk about it. Until then you've lost the security enthusiast and professional audience.

    If someone is interested in further reading, here's the reddit thread about it in r/crypto: https://www.reddit.com/r/crypto/comments/9hq0ax/comments_on_finalcrypt/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.