Other Software > Announce Your Software/Service/Product

Announcing freeware/donationware "KyrCrypt 0.16"

<< < (3/8) > >>

kyrathaba:
@skwire

Hey, thanks for taking time for a run-through! I will look into reconciling the font issue. As for the unusable "decrypted" file versus the "password accepted" message: the output will be gibberish IF the wrong password is used to decrypt (meaning NOT the same one used to encrypt). The "password accepted" message doesn't mean that the program verified the submitted PW against an encrypted copy of the PW (PW are not 'remembered', not included within the encrypted file). Rather, "Password Accepted" simply means the submitted password meets some sort of RegEx requirement. I will make this clear in my next update, and will ensure the help webpage elucidates it.

From the documentation:

Important: the password you use to encrypt is NOT stored within the encrypted file. Thus, when decrypting, the program does NOT somehow ensure that the supplied password is the same as the one that was used to encrypt. The upshot of this is that if you supply a different password to decrypt than the one that was used to encrypt, you'll get a 'decrypted' file that is 'giggerish'.
--- End quote ---

Thanks!

Renegade:
As a completely self-taught programmer, I'm pleased with this first serious effort to place myself in the freeware/donationware community of contributors.
-kyrathaba (April 18, 2011, 07:44 PM)
--- End quote ---

Congratulations on the release~! :)

kyrathaba:
Gracias :)

f0dder:
Why TripleDES, though?
--- End quote ---

To be honest Fodder, I had just learned how to implement that particular encryption, in a Programming School assignment, and was I suppose eager to put it to use.  I think that in a future update of the software I may provide the option to select from among several encryption algorithms.-kyrathaba (April 19, 2011, 07:56 AM)
--- End quote ---
OK, I was just wondering since DES is both slower and less secure than contemporary algorithms, and shouldn't really be used for anything than supporting legacy systems :)

(yes, it's slower even though it's less secure - it was designed with hardware implementation in mind, and uses operations that are slow on our general-purpose x86 processors).

Decrypting a KPT file with an incorrect password still produces a "password-accepted" message box and a resulting file (though it's unusable).
-skwire (April 19, 2011, 02:36 PM)
--- End quote ---
If it gave  a messagebox that the password is not accepted, that could be a means to hack your way into the vault...-Ath (April 19, 2011, 03:19 PM)
--- End quote ---
Not really, no - unless very poorly designed, you'd still be no better off than brute-forcing the entire keyspace :). Yeah, it does mean you'd have to store a hash of the decrypted file contents, but in practice this isn't really a security concern.

kyrathaba:
I appreciate the suggestion.  I may well include password-validation in the next upgrade.

NEWS:  KyrCrypt 0.16 has been reviewed by SoftSea.

Navigation

[0] Message Index

[#] Next page

[*] Previous page