General questions
What is the difference between Kryptel and Silver Key?
Kryptel has been designed for safe file storage, and Silver Key for safe file transfer. Both are based on the same crypto components and provide the same encryption strength, but the different design goals lead to several major differences in implementation.
Kryptel
- Kryptel includes additional code for erasing sensitive data and all possible memory traces as soon as the data are no more required.
- Kryptel container can be easily modified; you can add or remove files.
- If you send a Kryptel file to another person, the recipient must have Kryptel installed in order to access the data.
Silver Key
- Silver Key assumes that your computer is a safe place, so it does not care much about data traces in memory. Silver Key provides very high security when it is used for sending files over the Interner, but it was not designed as a general-purpose encryption tool.
- Silver Key parcel cannot be modified, nor can you view its contents.
- Silver Key parcel includes the decryptor program as part of the parcel, so the recipient does not need additional software to decrypt it. In addition, Silver Key lets you create rather sophisticated decryption scenarios – you can even include an uninstaller!
To sum it up:
If you want to encrypt a file to keep it safe – use Kryptel.
If you want to send a file securely over the Internet – Silver Key is
the best tool for that.
What is Silver Key Extractor?
What is the difference between Silver Key and Silver Key Extractor?
Silver Key Extractor is the decryption-only part of Silver Key. Another important difference is that Silver Key Extractor is completely free.
Sometimes it is not possible to send a self-decrypting file because the sender/recipient mail server is configured to block executables (see the question "My mail server rejects emails with Silver Key attachments..."). One of the possible solutions is to create and send a non-executable (.sk) parcel, but the recipient should install either Silver Key or Silver Key Extractor to decrypt such a parcel. Silver Key Extractor lets the recipient decrypt non-executable parcels without paying for Silver Key license.
If you have Silver Key installed, you don't need Silver Key Extractor.
Can your program lock my notebook so no thief could use it?
No program can protect your computer. You can protect your data, that's all.
You can encrypt a file or a text message. How you send the encrypted Silver Key parcel is up to you – you can attach it to an e-mail message, or you can store it on a diskette and send it with a pigeon. Silver Key does not rely on a specific delivery method.
Can your software encrypt a video (audio, Office, etc.) file?
Yes! Our software will encrypt any file, no matter what it contains.
Does your software use public key encryption?
No, our software uses secret-key encryption.
Many people don't really need public-key encryption, they just think it is ‘better’. In fact, the opposite is true: secret key algorithms are faster and more reliable. If you are new to encryption software, please read our Quick Intro to Encryption – it may give you an idea what is what.
Does your software use digital signatures?
No, and there is a good reason why it doesn't.
Digital signatures are used to ensure the authenticity of unencrypted data. For encrypted data there are more appropriate methods, namely, CMACs/HMACs and encrypted hashes, and our products use them extensively. They do basically the same thing as digital signature does, although they are never mentioned in advertisements.
Can your program make my file invisible (impossible to delete, etc.)?
No. There are several programs on the market that offer such capabilities, but we don't think it is a good idea. The level of protection gained by such methods is very low and simply gives you a false sense of security (not mentioning the risk of fiddling with disk low-level structure). If you really need to restrict access to your files, consider using Windows security attributes. Just remember that no access restriction system can protect your data reliably; the only way to provide real security is to use strong encryption.
Exactly how strong the supplied ciphers are?
It is impossible to measure cipher strength. Generally speaking, a cipher is strong until somebody proves otherwise, so it is mostly a matter of trust. However all the ciphers we provide got a lot of attention from cryptanalysts, and no practical weaknesses were discovered.
The default AES cipher seems to be the best choice, so leave it as is unless you have a reason to choose another cipher.
Which cipher is the strongest one?
Nobody knows it for certain because it is not possibe to measure cipher strength. From the practical point of view though any of the supplied ciphers would be a good choice.
- Rijndael was adopted as Advanced Encryption Standard (AES). It is a very reliable and fast cipher; if you are unsure what to use – use AES (it is set as the default cipher).
- Serpent and Twofish are other AES finalists, and like all AES candidates they were thoroughly investigated for possible weakness.
- Blowfish has been known for some time already and is used by many programs.
- Triple-DES is the oldest cipher, but this is probably an advantage. There is no other cipher researched that well.
Blowfish uses the longest key. Does this mean it is the strongest cipher?
It might, and again, it might not. The cipher strength mainly depends on the general cipher design, not on the key length. The key length must be long enough to make brute keysearch impossible, that's all. As far as the key length is sufficient – say, at least 128 bits – increasing it will not add to the cipher strength.
How long should a password be?
The short answer is: at least 16 characters. However there are a lot of complications and the short answer is very incomplete. Please check the article How to Choose a Good Password for a more detailed discussion.
What information can be obtained from an encrypted file?
Kryptel: container description (if present) is not encrypted. If you wish to attach a description to a container, keep in mind that anybody can see it.
Other information that can be obtained by analyzing a container header are the type of the key material used (password or binary key), the name of the used cipher and its parameters, and the list of the components required for decryption.
Silver Key parcel description text is not encrypted. All other parcel data – including even the color of the custom background – are encrypted and cannot be acceessed without knowing the right password.
Why do you keep in the open the name of the cipher being used? Doesn't that weaken the protection?
That does not. Any serious cipher is designed with the assumption that an adversary knows everything about the cipher and its implementation. If security is based on hiding the cipher algorithm, it is a clear sign of very weak security.
Given an encrypted file, can the computer, which has been used for producing it, be traced?
No, the program uses or stores no system-specific information.
What are files with the .shr extension?
If you turn on the option ‘Show hidden files’ in the Windows Explorer, you can see strange files in the directory where encryption occurs with names looking like 8AB59B31820F0000-6F060000-4D75603B.shr.
Those files are produced by the shredder. File shredding is a lengthy process, and in order to avoid name conflicts, the shredder renames the files in the shredding queue before processing. The strange names you see in the directory list are temporary names of the files being shredded. Simply ignore them; they will disappear as soon as the shredder finishes processing.
You can find more information about the shredder in the article Data Shredding.
How can I prevent other users from running Kryptel (Silver Key)?
Log in as administrator and open the Crypto Settings panel. Open the User Interface group and turn on the Advanced Settings option. Click the Access Control parameter and select Edit List in the drop-down list. Check the users that are allowed to use Kryptel (Silver Key) and press OK.
If the access control system is active (see the previous question), Kryptel (Silver Key) creates its desktop icon and program group dynamically. This means you cannot delete the desktop icon or move the program group manually because the program will re-create it next time the system starts.
In order to remove the Kryptel (Silver Key) desktop icon or move the Kryptel (Silver Key) program group, open the Crypto Settings panel and select the Kryptel (Silver Key) page. Open the Integration group and select the desired options.
You can specify a multi-level program group name – just separate the subgroups with the backslash character. For example, if you want to move the Kryptel group to Programs->Security->Kryptel, enter Security\Kryptel.
How can I change the encrypted file icon?
Open Windows Explorer and select the Tools / Folder Options command.
Switch to the File Types pane and select the edc (or
ebk) extension. Press the Advanced button and change the icon
to anything you wish.
We don't think there is much sense in changing the extension (this trick won't fool a serious opponent), but yes, Kryptel can work with renamed files.
Open the Crypto Settings panel and select the General page. Open the User Interface group and turn on the Advanced Settings option. Next open the Integration group and change the Recognize Encrypted Files by parameter from ‘File Extension’ to ‘File Contents’.
The negative side of this method is that if you select a large number of files and right-click them, the menu may appear with a delay because Kryptel will have to analyze the contents of each selected file in order to recognize containers. The delay may be quite significant on a slow device like a DVD drive.
Are Kryptel files compatible with Kryptel Lite?
The compatibility is one-way. Kryptel can read Kryptel Lite files, but not vice versa. Please note also that Kryptel containers are much more secure, so if you upgrading from Kryptel Lite, re-encrypting your files would be a good idea.
Is there a limit on the file size or on the number of files being encrypted?
File size: Neither Kryptel nor Silver Key have any file size limit, but Windows does. The resulting file cannot be larger than 4Gb if the target drive is a FAT32-formatted volume.
Although Silver Key allows you to create an encrypted file of any size, Windows will not run a too large (say, larger than gigabyte) executable. Such file still can be easily decrypted with Silver Key or Silver Key Extractor, you just can't decrypt it by double-clicking it. (see also "Silver Key produces EXE file that does not decrypt...").
Number of files: There is a limit on the number of encrypted files depending on your system configuration. You might get an error message if you try to place several millions files in a single container. However this number is so unrealistically large that for all practical purposes it is same as ‘no limit’.
After some time, encryption speed sharply decreases...
First, encryption time heavily depends on the number of files because every file open operation requires a lot of disk accesses. For example, encrypting a 10Mb file will take a second or two, while the time, required to encrypt 10,000 1kb files, will probably be close to several minutes. This is a Windows limitation; if you copy the files with Windows Explorer, you will see exactly the same picture.
Another factor is disk caching. If the number of files is large, the disk cache soon gets overflowed, and the speed noticeably decreases. Windows Vista and Windows 7 allocate larger caches so you will probably not notice any speed decrease on the newer Windows systems.
Please note that we are talking about huge encryption jobs processing tens of thousands files in a single operation. There is no speed issue with smaller file sets.
Why is Kryptel in the autorun list? Can I remove it from there?
"Kryptel Component Start" that you can see in the autorun list is a small program that does various small initialization tasks. Its main function though is restarting incomplete shredder jobs.
Shredding is a very lengthy process, and Kryptel performs it asynchronously in the background. As a result, if you turn your computer off immediately after encryption is finished, some data may remain undestroyed. That autorun program ensures that shredding will be resumed as soon as the system restarts.
It is not recommended to disable that program – if you do it, unshredded data will remain on the disk until another shredder job is started, and that may be too long. Anyway, you will not gain much by removing the component starter from autorun list – it is a tiny program that takes only a few milliseconds of processor time and immediately exits.