Speedcrypt Security

Security...

Encryption Engines, HASH Engines, Memory Protection

Speedcrypt is a project that offers multiple solutions for the security of your data, provides powerful and secure algorithms and is already prepared for future updates. Let’s now see the main features regarding the safety and performance of the project.

Filling of the Master Key

Whenever a Master Key is inserted, Speedcrypt it helps the user to make the key as strong as possible, transforming it initially with fill characters at the beginning and at the end of the inserted string. At the beginning of the string the references linked to the unit from which the Master key is dragged are cut. Let’s observe the following scheme:

If the string is less than 16 Characters it is filled up to 16
If the string is greater than 16 Characters and less than 32 it is filled up to 32
If the string is greater than 32 Characters and less than 64 it is filled up to 64
If the string is greater than 64 Characters and less than 128 it is filled up to 128

Speedcrypt takes care of the Master Key by implementing various techniques to enhance its strength and security. You can find more detailed information about this process in the dedicated section of the Online Guide as well as in the integrated guide within the project. These resources provide step-by-step explanations and insightful examples that illustrate how the inserted Master Key is strengthened. By following these guidelines, you can ensure that your Master Key is optimized for robustness and resilience against potential attacks.

Protected Mode

Speedcrypt offers its users the option to operate in Protected Mode, meaning within a Secure Desktop capable of repelling most known Keylogger attacks. You can read about the features of this new functionality on this page of the Online Guide. It has been introduced to protect keyboard input through which you can enter a single Master Key for all file encryption sessions.

File Encryption

To encrypt your data, Speedcrypt relies on three of the most highly regarded and well-known algorithms in the world. Widely used in the developer community interested in cryptography, they offer an extremely high level of reliability, security, and execution speed.

Engines	Key Size	Information
AES-GCM	256 Bit	Nist SP 800-38D
AES RIJNDAEL	256 Bit	NIST FIPS 197
PGP	Double Key	NIST SP 800-45 Version 2

You can use the preferred HASH length with all encryption engines. Speedcrypt and the algorithms themselves will ensure that the keys correspond to the exact length required to properly initiate the encryption and decryption processes.

How much is illustrated is feasible on a good number of PCs, however, you should see what are the characteristics of your device and adjust the parameters accordingly. You can consult various sources on the internet to understand which may be the best strategy in this regard.

Regarding the PGP Encryption Engine, reference is made to the page of this online guide called Working with PGP, where it is explained in great detail how to use this powerful algorithm.

Random Number Generator

To generate reliable SALT strings, Speedcrypt uses some of the most well-known and appreciated random number generators in the world of cryptography. Three, in particular, are very performant and offer a high degree of security: Bcrypt, Mersenne Twister, and Fortuna. The latter is particularly recommended. Through these generators, as mentioned, SALT are implemented, which will be added to each new Master Key.

PRNG	HASH	Output	Condition
PRNG	Skein 256	Base64	Classic
BCRYPT	BCrypt	BCrypt	Good
RANDOM	Skein 256	Base64	Classic
MERSENNE TWISTER	Skein 256	Base64	Very Good
RANDBNC	Skein 256	Base64	Good
FORTUNA	Skein 256	Base64	Very Good

Once generated, the random numbers are derived using the Skein 256 HASH Function and then outputted in Base 64. The length of the resulting string will be 29 characters for the generation using BCrypt and 44 for all the others. As we saw in the example related to the insertion of the Master Key, the SALT will be added to the strings entered by the user. Each Master Key will have its own SALT that is totally different from the others.

Note: when the Argon2id, Scrypt and PBKDF2 is used, the length of the SALT is reduced to 16 characters, that is 128 Bits, as recommended by the developers of these functions.

SALT Encryption

The SALT generated through the selected algorithm becomes an integral part of the Master Key and will be used in the encryption and decryption processes of the list of files. For this reason, it is encrypted and subsequently stored in a specific archive from which it will be later extracted and decrypted to be added to the Master Key. In this way, the decryption process of the list can be started. The SALT is encrypted using the following engines:

Crypto Engines	Information
Advanced Encryption Standard (AES / Rijndael)	NIST FIPS 197
AES-GCM	Nist SP 800-38D
CHACHA20	RFC 7539
XCHACHA20-POLY1305	RFC 7539

The password used to encrypt the SALT is the Master Key entered by the user and strengthened by Speedcrypt through a transformation that will follow the derivation via the HASH Function Blake 256 or Blake 512, depending on the user's selection.

As already mentioned, the SALT is immediately encrypted and stored in the appropriate archives that Speedcrypt will create as the encryption processes occur. These archives also store the Initialization Vector (IV) of the AES-GCM Engine and the Nonce related to CHACHA20 and CHACHA20-Poly1320. The latter are stored in clear text since there is absolutely no need to encrypt them.

Key Hashing and Key Derivation

Speedcrypt offers a wide range of HASH Functions for transforming Master Keys, as well as some of the most well-known and commonly used methods for deriving the Master Key itself. It is also already set up for future expansions in this regard, in this version it includes the following functions:

HASH Engines	Key Stretching	Parameters	Condition
ARGON2id		Memory Size, Iterations, Parallelism, HASH Size	Very Good
SCRYPT		Memory Size, Block Size, Parallelism, HASH Size	Good
BCRYPT	BCrypt Rounds R4 R10 R12 R31		Good
BLAKE 256			Very Good
BLAKE 512			Very Good
SKEIN 256			Good
SKEIN 512			Good
SKEIN 1024			Good
SHA 256			Good
SHA 384			Good
SHA 512			Good
HMACSHA 256	PBKDF2 Iterations 7000 base -> 350000		Good
HMACSHA 384	PBKDF2 Iterations 7000 base -> 350000		Good
HMACSHA 512	PBKDF2 Iterations 7000 base -> 350000		Good

They are all very valid and considered secure functions that you can test within the window called Settings under the HASH Test section. Based on your needs and the hardware characteristics of your system, you can plan the best HASH transformation and Master Key derivation strategy.

Please note, as already explained in the introductory paragraph related to the Master Key, that for the final generation, Speedcrypt transforms the string through a HASH Function after adding a random SALT to it. At this point, you can make life difficult for a malicious person by deriving the key in such a way as to prevent precomputation and make dictionary and Guessing Attacks (Brute Force) much more difficult.

Protection Against Dictionary Attacks

Speedcrypt provides its users with protection against Dictionary Attacks, Guessing Attacks or Brute Force attacks and Rainbow Table Attacks. These types of attacks cannot be prevented in any way, but they can be made much more difficult to carry out. This can be achieved by using the technique described above, that is, deriving the Master Key with a random SALT. This adds a Time Factor aimed at preventing the pre-calculation of the Master Key and increasing the computational difficulties associated with the attacks described above.

The functions to implement the described strategy are numerous: go to the window named Settings in the HASH Test section and select the parameters that you deem most suitable for your needs and the type of device being used. Please note that the transformation time may vary from device to device, so make sure to use the appropriate function and parameters by testing them. Now let's see how to use certain functions and what parameters might be most suitable:

Argon2id

Speedcrypt offers, among the three variants of the Argon2 algorithm proposed in the official specification - Argon2id, Argon2d, and Argon2 - the first one in the list, Argon2id. This variant seems to be less resistant to GPU/ASIC Attacks, but it makes any potential Side-Channel Attacks more difficult. Specifically, this is what Speedcrypt needs since it does not handle encrypted databases but only protects the Master Key when it is inserted into an encryption or decryption process.

When using Argon2id for a HASH transformation it is absolutely necessary to configure the parameters correctly, that is, suitable for the environment in which the algorithm will be executed. Let’s see, in theory, what might be the basic parameters:

Memory Size: the memory used expressed in kibibytes. To make an attack as difficult and expensive as possible, the value should be set at rather high levels.
Iterations: this value is related to the number of iterations on the memory, then to the time of execution and calculation of the HASH Function.
Parallelism: the number of lanes or threads to be used. This value, too, should be set as high as possible if the hardware equipment allows it. This significantly reduces the threat of a parallel attack.
SALT Length: the length of the random string recommended by the developers of Argon2id is 16 characters, equal to 128 Bit and 64 Bit if you do not have the necessary resources. Speedcrypt, by default, uses a SALT of 128 Bit.
HASH Size: the size of the transformation is linked to the user for which it is generated.It would seem that, a length of 128 Bit should be enough for most applications. So say the developers. Using the function as a derived key, such as an AES implementation, you set this parameter to get the appropriate length.

As shown above, the parameters Memory and Iterations depend on the computational cost of the transformation. The higher these values, the longer the time associated with HASH generation. This clearly implies that an attack to guess the Master Key will be exponentially difficult. If Speedcrypt is running on a multi-core PCs, you can reduce runtime without compromising cost. To do this you need to increase the Parallelism Value, taking into account that changing this value affects the output of the transformation.

Let's see, in general, what could be the best parameters to set for the Argon2id HASH Transformation Function, keeping in mind that the values, as explained above, vary based on the hardware of your device:

Memory Size: 128 * 1024
Iterations: 4
Parallelism: 4
SALT Length: 16 Speedcrypt default 128 Bit
HASH Size 32

Alternatively:

Memory Size: 1024 * 1024 1GB
Iterations: 4
Parallelism: 8 Four cores
SALT Length: 16 Speedcrypt default 128 Bit
HASH Size 32

As previously stated, in order to set the most appropriate parameters for your system, you need to perform tests that can achieve a good compromise between security and execution speed. However, you can also research on the internet using very interesting websites such as this one, or this one, and many others that publish technically sound articles.

Scrypt

Scrypt is a strong Cryptographic Key Derivation Function (KDF). It is memory-intensive, developed to prevent GPU, ASIC, and FPGA Attacks, which are among the most efficient password cracking methods currently in circulation. Even the Scrypt key derivation function responds to certain parameters that should be set optimally to achieve high-performance and efficient security. Let's see what these parameters are:

Memory Size: N iterations count (affects memory and CPU usage), e.g. 16384 or 2048
Block Size: r block size (affects memory and CPU usage), e.g. 8
Parallelism: p parallelism factor (threads to run in parallel - affects the memory, CPU usage), usually 1
HASH Size: how many bytes to generate as output, e.g. 32 bytes

In addition to the parameters mentioned, there are two other parameters that are not visible in the test window but that Scrypt sets automatically for its users:

Password: the input password (8-10 chars minimal length is recommended)
SALT: securely-generated random bytes (64 bits minimum, 128 bits recommended)

Let's now see how the memory required to set up key derivation in Scrypt is calculated:

Memory required = 128 * N * r * p bytes Example: e.g. 128 * N * r * p = 128 * 16384 * 8 * 1 = 16 MB or 128 * N * r * p = 128 * 2048 * 8 * 1 = 2 MB

The choice of parameters is clearly dependent on the desired wait times and the level of security we want to achieve in our system. Based on this, let's see what the ideal parameters might be for a program like Speedcrypt, whose task is to encrypt files:

Memory Size: 1048576
Block Size: 8
Parallelism: 1
HASH Size: 32

Generally, when files are encrypted, they will be decrypted rather infrequently, usually no more than once or twice a day. This means that, for security reasons, it is worth waiting a few extra seconds.

In any case, it all depends on you, your system, and the hardware used. The higher the hardware performance, the more you can push the Scrypt parameters to achieve a very high degree of security. As with Argon2id, you can research on the internet, for example, on a website like this (for developers) or others that explain how to use this key derivation function.

PBKDF2

Another defensive option that Speedcrypt offers to its users is the key derivation function called PBKDF2, which is capable of resisting Dictionary and Rainbow Table Attacks. Described in the internet standard RFC 2898 (PKCS #5), it is based on iterative derivation using HMAC with padding when necessary.

Let's now see, from a strictly technical point of view, the parameters to set:

Password: array of bytes string.
SALT: securely-generated random bytes 128 BIT
Iterations: 7000 -> 350000
HASH function for calculating HMAC: SHA256-384-512

One of the most important options offered by PBKDF2 is the opportunity to configure the number of iterations, that is, the time required for the key derivation. Let’s see what are the characteristics related to this possibility:

Setting the key derivation with a large number of iterations means that the process becomes slower and therefore a long time for decryption. This implies increased resistance to password cracking attacks.
On the contrary, setting the derivation of the key with a small number of iterations means that the process becomes faster and as a consequence the time of the key derivation will also be faster. Clearly this implies less resistance to password cracking attacks.

Keep in mind that, unfortunately, PBKDF2 is not able to withstand GPU Attacks, the infamous parallel cracking of passwords via video card and ASIC Attacks, ie made with specialised hardware for password cracking. If you are sure you are not exposed to these types of attacks then PBKDF2 could be a good solution, otherwise it is good to use more current derivative functions such as Aegon2id or Scrypt.

The discussion on the Argon2id, Scrypt, PBKDF2 derivation functions is clearly applicable to all the other HASH Functions provided by Speedcrypt. Based on your hardware system, try to gather information to obtain the best strategy to apply during file encryption processes. As already mentioned, on the internet, you can find many sites that present very comprehensive articles and equally valid documentation.

Finally, please note that, for reasons of compatibility with as many devices as possible, Speedcrypt proposed by default, for the three derivation functions mentioned above, the following parameters:

Argon2id

Memory Size: 16384
Iterations: 4
Parallelism: 4
SALT Length: 16 Speedcrypt default 128 Bit
HASH Size 32

Scrypt

Memory Size: 16384
Block Size: 8
Parallelism: 1
SALT Length: 16 Speedcrypt default 128 Bit
HASH Size: 32

PBKDF2

Iterations: 7000
SALT Length: 16 Speedcrypt default 128 Bit

As a result of the above, when using Speedcrypt for the first time update the parameters as recommended, or depending on your device or the documentation you found on the internet (only serious and qualified sites) related to the system in use.

Secure Deletion

Whenever a single or a list of files is encrypted using Speedcrypt, the original files are deleted to ensure they cannot be recovered. This action aims to ensure that sensitive data is no longer accessible or recoverable by unauthorised third parties, thus preserving the privacy and security of the encrypted information.

However, it is important to note that the permanent deletion of the original files is irreversible, and it is not possible to recover the data once it has been deleted. Therefore, it is recommended to back up the original files to a secure storage device before proceeding with encryption. Let's see now what algorithms Speedcrypt has available to perform a permanent deletion of the original files after encryption process:

Algorithms	Execution Speed	Condition
QUICK 1 PASS	Very Fast	Not Sure
RANDOM 1 PASS	Very Fast	Not Sure
DOD 3 PASSES	Very Fast	Not Sure
DOD 7 PASSES	Fast	Very Sure
GUTMANN 35 PASSES	Very Slow	Very Sure (the Best)

To my knowledge, the DoD 7 Passes and Gutmann 35 Passes algorithms are considered very secure. The first method is based on the US Department of Defense standard 'National Industrial Security Program Operating Manual' (US DoD 5220.22-M ECE). It overwrites a file 7 times and also incorporates the DoD-3 Method. It is considered safe and should be used for files in general.

The Gutmann Method is based on the article by the same author: "Secure Deletion of Data from Magnetic and Solid-State Memory." The data will be overwritten 35 times in a procedure that takes more time: it is the safest method available and should be used for all files containing sensitive information.

Process Memory Protection

When Speedcrypt is running, sensitive data, namely the Master Key and its related SALT, are stored in an encrypted form in the process memory. This is done to ensure that if one were to attempt to read memory locations related to Speedcrypt, no sensitive data could be recovered. Additionally, wherever possible, all memory locations no longer needed are first overwritten and then deleted.

Speedcrypt uses the Windows DPAPI to encrypt sensitive data in memory via the ProtectedMemory feature. Using DPAPI, the key needed to encrypt memory is stored in a private, secure, non-transferable, and Windows-Managed Memory Area. DPAPI is available on Windows 2000 and later.

Speedcrypt must make the sensitive data unencrypted in the process memory available for certain operations. For example when the Master Key is initialised by dragging and then submitted to the evaluation procedure. During this path the Master Key is immediately embedded in a string array and then encrypted. The same procedure occurs during the creation of SALT. Master Key and SALT will be released in clear only and exclusively for internal operations that have been reduced to the minimum necessary. Each unencrypted release will correspond to an encryption process in memory. Once the mentioned operations are completed, the encrypted memory locations will be rewritten and deleted. Keep in mind that, during these operations, Windows and .NET may create copies of data in the process memory that cannot be deleted by Speedcrypt!

Self-Test

When Speedcrypt is opened, a Partial Self-Test of the algorithms included in the project is performed, so that users can be sure they are operating with fully functional engines. When the Partial Self-Test is successful, it will be indicated by a green light located at the bottom left of the main window, accompanied by the message "Partial Self-Test passed!". Otherwise, the light will turn red and be accompanied by the message "Partial Self-Test failed!".

The passing of the Partial Self-Test is sufficient to operate correctly with some of the engines included in Speedcrypt. However, it is good practice to perform a complete Self-Test that verifies whether all the algorithms used are able to pass their Test Vectors. A positive result puts the user in a position to operate with peace of mind and the awareness that everything is functioning properly.

Security Questions

During the period related to the functional tests of the Speedcrypt Project, I was asked some questions by users who were completely unfamiliar with cryptography and data security. Below are some of the most interesting ones:

Encrypting already encrypted files multiple times would not necessarily increase security and prevent modifications by a malicious program?
Encrypting backup archives would increase security by preventing modifications by a malicious program?
Encrypting the Speedcrypt executable file, folder content, and backup files would increase security by preventing modifications by a malicious program?

To the first question, i would answer that, in general, encrypting files multiple times, known as Double Encryption or Cascade Encryption, is not recommended as it can lead to decreased security due to increased complexity and potential for errors. It's generally better to use a strong, single encryption algorithm and key.

As for the remaining two questions, the answer is the same: NO, adding the precautions described above would not serve any purpose in terms of security. Speedcrypt raises a protective shield against Keyloggers, Master Key monitoring, various types of attacks such as Dictionary Attacks, Memory Dump Attacks, and more, but they would be ineffective if a program specifically designed to attack software like Speedcrypt is present on your system.

This is documented in Law #1 of the Ten Immutable Laws of Security, as reported in this Microsoft TechNet Article. Further insights can be found in the Microsoft TechNet Article Revisiting the 10 Immutable Laws of Security, Part 1, which states: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore!".

To avoid scenarios like the one described above, it is important to follow rules that, if respected, can make the system you operate on secure, thereby avoiding the theft of your data:

Your Sistem

If you operate within a Windows system version 10 and above, rely on the antivirus included in the operating system called Defender (the least worst around), making sure to set it up with the best options possible. The same goes for the Firewall and all other security options offered by this operating system
Never open attachments that come from unknown emails or appear to be from transport companies, banks, credit institutions, etc.
Preferably browse known, certified, and secure websites. Do not download and install software from untrustworthy website.

With Speedcrypt

Always check all the data you are about to enter into Speedcrypt, from Master Keys to lists of files to encrypt or decrypt. Entering unverified data can create security issues such as disclosure of sensitive data or execution of fraudulent code. This is a basic principle that must be applied to every program you use in your system.
Always enter very complicated Master Keys, with Speedcrypt you can do this because, once created you will only have to drag them without remembering them character by character.
Never apply weak key transformation settings if suggested by people who might turn out to be malicious. You would only favor an attack on encrypted data.
If you create your passwords by relying on a generator suggested by an attacker, your passwords will be weak as a result you will favor an attack on encrypted data.
If you are in contact with other users who use Speedcrypt and are entrusted with files to decrypt in your system, always be wary. You could decrypt extremely malicious files.
Regularly perform a full Self-Test of the algorithms in the project.

Remember: if you adhere to the above rules and carefully monitor your operational sessions, none of the attacks described above will be successful as an attacker always needs your unwitting complicity. This is because, being operations of the manual type, an attacker cannot perform them alone.

On the subject of safety with the Speedcrypt project, that’s all for now. Make good use of these tips and document as much as possible with texts on the subject and in serious sites that offer material of the highest level. Set the right strategy for great results and secure your data.