f0dder's comments may be a bit direct, but try to take them as constructive criticism.

Writing your own encryption is a great project, but when you make it available for other people to use, it becomes important to be clear about the level of security. This is because a false sense of security is worse than no security. Imagine a person who downloads your program, encrypts all his banking information using it and sends them over email.

Cryptography is hard, and even seasoned programmers sometimes fall for Schneier's Law. That is why it takes years of public scrutiny and analysis for any algorithm to be widely accepted.

And even if you use algorithms generally accepted to be secure, there are details surrounding their use and combination that can compromise the security (like using an insecure source of randomness, storing plain password hashes, or using a block cipher in ECB mode).

Please note again that I am not saying you shouldn't continue working on your project -- I think it is great you wrote this and chose to make it available for NANY! Just make sure potential users are aware of it if you came up with your own encryption algorithm, and know whether the goal is to keep their family members or professional cryptographers from being able to read the file.

On a side note, there is a key derivation algorithm called scrypt.

Sometimes I've simply had my phone in my pocket while out taking pictures, and then went to Google location history (think it's called timeline now), which automatically tracks your movements, and exported the data and imported it into Lightroom.

I haven't done that for about a year or two though, so I don't know if this is still possible.

Good idea about taking a picture of your clock!

Information is now available at https://efail.de/

From a cursory glance, it seems the problem is in how some programs (email clients) handle image links embedded in html messages.

Basically, an attacker who has gotten hold of a message encrypted for you can send you an email with that encrypted message as part of a link to an image, and the email client will decrypt the encrypted part and then attempt to retrieve the image, effectively sending the plaintext to the attacker as part of the url.