Jump to content
Login new information ×
Login new information

Kruptos 2 Professional v7.0.0.2: lies on how keyfiles are used

medp7060

By medp7060
in Software Chat

Recommended Posts

medp7060

medp7060

Posted
Posted

Just wanted to share with all of you my testing of Kruptos 2 Pro v7.0.0.2.

 

On their website, they said:

Quote

Using Keyfiles

A Kruptos 2 Professional keyfile is a file whose content is optionally combined with a password. You can use any kind of file as a keyfile. The maximum size of a keyfile is not limited; however, only its first 2,097,152 bytes (2 MB) are processed (all remaining bytes are ignored due to performance issues connected with processing extremely large files).

However, my own test showed that only first 2048 bytes (2 KB) of a key file are processed. This is a big difference from the above claimed: first 2,097,152 bytes (2 MB).

 

I also found how they implemented the keyfile. They just appended the SHA-256 hash of the first 2048 bytes of the keyfile to the password, i.e. password +  SHA-256 (keyfile).

 

For example:

Your Password: HelloNsane
The SHA-256 value of the keyfile: 6c5b8be52f33a8274679ec6e4d125ec924385316a49c545773a1c53012fe3aea
Your final password will be: HelloNsane6c5b8be52f33a8274679ec6e4d125ec924385316a49c545773a1c53012fe3aea

 

Therefore, you don't need the physical file if you know the SHA-256 value. Just simply use the combined passphrase for encryption/decryption without loading the actual keyfile.

 

They do not describe technique details on how they implemented the AES-256 encryption except providing a general information on "The science behind Kruptos 2". If this is how they used the SHA-256 hash function, the security of Kruptos 2 Pro is really a big concern. 

 

BTW, there was a report on the lie of a USB Encryption software:  "Gilisoft USB Encryption 10.0.0: Lies About Encryption" (here: https://nsaneforums.com/topic/370162-gilisoft-usb-encryption-1000-lies-about-encryption/#comment-1574012)

Quote

Gilisoft USB Encryption does not encrypt your files but simply stores them in their original state in a hidden file on your USB drive

Read the full report here: https://reverseengineeringtips.blogspot.com/2020/04/gilisoft-usb-encryption-1000-lies-about.html

Link to comment
Share on other sites
  • Views 1.1k
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...