Known limitations
Note that some of the following limitations may be resolved in the next major version of Kryptor. Please see the Roadmap for more information.

File metadata

Kryptor files are identifiable by looking at the magic bytes. You cannot hide the fact that a file was encrypted by Kryptor since the magic bytes are authenticated, meaning they cannot be tampered with.
Kryptor also does not strip file access, modification, and creation timestamps from encrypted files because not all of these timestamps can be modified if you want to mark files as read-only. This means that if you do not overwrite the input file, someone can compare the accessed time of the input file and the creation time of the output file.

Directory encryption

If a password and/or keyfile was used for directory encryption, then an attacker can determine whether multiple encrypted files were encrypted using the same password and/or keyfile by looking at the salt of each encrypted file. However, they cannot tell whether the files were encrypted using a password, a keyfile, or a password and a keyfile. This is unavoidable when allowing the user to decrypt files individually from an encrypted directory.
Another quick way of identifying whether a directory was encrypted using a password and/or keyfile is by looking for the kryptor.salt file. Directories encrypted using asymmetric keys do not have this file.
Finally, the number of files in an encrypted directory is also not a secret.​

Compromised machine

If an attacker has physical or remote access to your machine, then they could retrieve sensitive data (e.g. encryption keys) whilst Kryptor is running.
Note that Kryptor does attempt to zero out sensitive data as soon as possible from memory. However, this cannot be guaranteed due to garbage collection in .NET.

Fault attacks

Ed25519 for digital signatures is susceptible to fault attacks when an attacker has physical or remote access to the machine. However, Kryptor currently does not attempt to protect against such attacks as they are primarily a concern for embedded devices. Furthermore, most countermeasures are ineffective and slow.
With that said, if this concerns you, then you can use the -l|--prehash option to provide some protection. Note that prehashing occurs by default for messages larger than 1 GiB in size.

Post-quantum security

The asymmetric algorithms in Kryptor are not post-quantum secure. However, this should not concern you yet because such quantum computers are hopefully a long way off.
Once post-quantum cryptographic algorithms become available in libsodium and common in online protocols, I will investigate making the switch to future-proof Kryptor.
Last modified 9d ago