Kruptos 2, AndrosaSoft, or AxCrypt

Discussion in 'privacy technology' started by InfinityAz, Apr 6, 2008.

Thread Status:
Not open for further replies.
  1. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I just wanted some thoughts on these three programs in terms of effectiveness (i.e., crypto stength, etc.).

    The three programs are:

    Androsa FileProtector
    AxCrypt
    Kruptos 2

    If you were only going to use one of the above, which would it be and why?

    Thanks for all advice and feedback.
     
    Last edited: Apr 6, 2008
  2. l0_0l

    l0_0l Registered Member

    Joined:
    Mar 29, 2008
    Posts:
    18
    I have been using AC and it does the job well (light-weight, strong encryption). I would like to know how it compares to the other ones. Anyone?
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    AxCrypt would be my choice, it's open source like TrueCrypt.
     
    Last edited: Apr 8, 2008
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,305
    Location:
    Location Unknown
    I never understood this mentality; just because it's open sourse doesn't mean it's better than any other produxt that is not.

    Back to the question at hand, I prefer Blowfish Advanced CS, in large part because its context menu is cleaner.
     
  5. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    Some thoughts on the three.

    As I've not used any of the above, I can't comment from the perspective of interface usability, but I have discussed the design decisions behind AxCrypt, with its author, Svante Seleborg. I'm impressed with the minimalist approach he took, by simply using the AES; this is good engineering, as cramming in multiple primitives adds complexity to the implementation, which is where things usually go wrong when cryptography fails in practice. Keep in mind: Giving users numerous block ciphers to choose from Not only that, but the AES receives more cryptanalytical attention than any other block cipher, which is a compelling enough reason to recommend its use whenever and wherever possible.

    After a cursory look at the websites associated with Androsa FileProtector and Kruptos 2, it appears that neither address the goal of integrity in any way; that is, they don't use a MAC (Message Authentication Code). (If I've overlooked something, please let me know.) There's a mantra that says, "If you want confidentiality, you want integrity too." Encryption handles the former, while authentication handles the latter. AxCrypt takes care of both. Without going into the theory behind it, it first encrypts with AES-CBC with a random IV, which is an IND-CPA secure encryption scheme; it then authenticates with HMAC-SHA-1, which is a SUF-CMA MAC.

    Encrypting first with an IND-CPA secure encryption scheme, then authenticating with a SUF-CMA MAC, renders IND-CCA2 /\ INT-CTXT security - the strongest notions of confidentiality and integrity. AxCrypt follows this composition, and assuming that it does so properly, it achieves the strongest level of security I've seen in open-source cryptographic software. I can't vouch for whether or not the implementation is secure and correct, but through the conversations I've had with Svante, it's clear that the design was approached the right way. I've suggested some ways that it can simplify the implementation by recycling the AES as a MAC (i.e., CMAC-AES), but it looks good as is.

    From what I can tell, if integrity is important, neither Androsa FileProtector nor Kruptos 2 can provide it, as they do not implement an authentication mechanism; if integrity is important, AxCrypt provides it. However, even if confidentiality is your only goal, the lack of integrity preservation can lead to a loss in confidentiality preservation as well (i.e., chosen-ciphertext attacks). This is because modes of confidentiality, like the IND-CPA secure CBC, can't be expected to provide integrity. However, we want IND-CCA2, so we MAC the ciphertext of an IND-CPA secure encryption scheme to get it.

    Assuming the correctness and security of AxCrypt's implementation, it's the only file-based encryption solution I've seen that addresses confidentiality and integrity this way. From a cryptographic perspective, it's certainly well above the three, in approach.

    Absolutely. Open-source zealousness often leads to the misconception that the open-source model is inherently secure, while the closed-source model is inherently insecure. It's quite the contrary. While the open-source model, when subjected to thorough, expert analysis, is second-to-none, it's no better than a closed-source model, if neither have been analyzed. Trusting the security and correctness of an open-source implementation simply because it's open-source is setting oneself up for a potential disaster.
     
  6. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Justin,

    Thanks for the information.

    One quick question: How good is the encryption in compression utilities (7-Zip, WinRar, etc.)?

    Thanks.
     
  7. Justin Troutman

    Justin Troutman Cryptography Expert

    Joined:
    Dec 23, 2007
    Posts:
    226
    Location:
    North Carolina, USA / Minas Gerais, BR
    On the cryptography behind WinRAR and WinZip.

    Quoting myself from this thread:

    On my way out at the moment, but I thought I'd leave you with this to look over; it may address any curiosities you might have regarding the cryptographic security of WinRAR and WinZip.

    * Here's a link to the full paper by Tadayoshi Kohno, entitled, "Analysis of the WinZip encryption method."
     
    Last edited: Apr 19, 2008
  8. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Justin,

    Once again thanks for the information, it was helpful (at least the parts I understood well). Going to just stick with AxCrypt (I just wish they had a portable version besides the portable decryptor).
     
Thread Status:
Not open for further replies.