Jump to content

Kruptos 2 Professional v7.0.0.2: lies on how keyfiles are used


medp7060

Recommended Posts

Just wanted to share with all of you my testing of Kruptos 2 Pro v7.0.0.2.

 

On their website, they said:

Quote

Using Keyfiles

A Kruptos 2 Professional keyfile is a file whose content is optionally combined with a password. You can use any kind of file as a keyfile. The maximum size of a keyfile is not limited; however, only its first 2,097,152 bytes (2 MB) are processed (all remaining bytes are ignored due to performance issues connected with processing extremely large files).

However, my own test showed that only first 2048 bytes (2 KB) of a key file are processed. This is a big difference from the above claimed: first 2,097,152 bytes (2 MB).

 

I also found how they implemented the keyfile. They just appended the SHA-256 hash of the first 2048 bytes of the keyfile to the password, i.e. password +  SHA-256 (keyfile).

 

For example:

Your Password: HelloNsane
The SHA-256 value of the keyfile: 6c5b8be52f33a8274679ec6e4d125ec924385316a49c545773a1c53012fe3aea
Your final password will be: HelloNsane6c5b8be52f33a8274679ec6e4d125ec924385316a49c545773a1c53012fe3aea

 

Therefore, you don't need the physical file if you know the SHA-256 value. Just simply use the combined passphrase for encryption/decryption without loading the actual keyfile.

 

They do not describe technique details on how they implemented the AES-256 encryption except providing a general information on "The science behind Kruptos 2". If this is how they used the SHA-256 hash function, the security of Kruptos 2 Pro is really a big concern. 

 

BTW, there was a report on the lie of a USB Encryption software:  "Gilisoft USB Encryption 10.0.0: Lies About Encryption" (here: https://nsaneforums.com/topic/370162-gilisoft-usb-encryption-1000-lies-about-encryption/#comment-1574012)

Quote

Gilisoft USB Encryption does not encrypt your files but simply stores them in their original state in a hidden file on your USB drive

Read the full report here: https://reverseengineeringtips.blogspot.com/2020/04/gilisoft-usb-encryption-1000-lies-about.html

Edited by medp7060
Added more explanation
Link to comment
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...