f0dder's comments may be a bit direct, but try to take them as constructive criticism.
Writing your own encryption is a great project, but when you make it available for other people to use, it becomes important to be clear about the level of security. This is because a false sense of security is worse than no security. Imagine a person who downloads your program, encrypts all his banking information using it and sends them over email.
Cryptography is hard, and even seasoned programmers sometimes fall for Schneier's Law
. That is why it takes years of public scrutiny and analysis for any algorithm to be widely accepted.
And even if you use algorithms generally accepted to be secure, there are details surrounding their use and combination that can compromise the security (like using an insecure source of randomness
, storing plain password hashes
, or using a block cipher in ECB mode
Please note again that I am not saying you shouldn't continue working on your project -- I think it is great you wrote this and chose to make it available for NANY! Just make sure potential users are aware of it if you came up with your own encryption algorithm, and know whether the goal is to keep their family members or professional cryptographers from being able to read the file.
On a side note, there is a key derivation algorithm called scrypt