Softpedia >Windows >Portable Software >Security >Encrypting >Portable CrococryptMirror >  Changelog

Portable CrococryptMirror Changelog

What's new in Portable CrococryptMirror 1.42 Free

Feb 8, 2020
  • Fix: Auto-Sync-Service fixed for Windows 10 which failed in some circumstances (manual syncing will definitely sync all files!)

New in Portable CrococryptMirror 1.41 Free (Apr 2, 2018)

  • Fix for Explorer View (WebDav) under Windows 10.

New in Portable CrococryptMirror 1.51 Pro (Apr 2, 2018)

  • Fix: Due to a problem with Windows 10, the Explorer View could not work properly (through WebDav). Please also note the general information above regarding WebDav.

New in Portable CrococryptMirror 1.4 (Jan 11, 2017)

  • New: Password change function added (see tab "Files")
  • New: As requested by many users, now, you can provide the password through a command-line option. Although not recommended, to provide your password in a script etc. you can use the following launch parameter: CrococryptMirror.exe /pw PASSWORD. This can also be used to "save" the password.
  • Fix: Windows symlinks/junctions are no longer followed. The previous behavior could cause race conditions.
  • Fix: Stability and performance improvements regarding source file read errors

New in Portable CrococryptMirror 1.3 (Feb 25, 2016)

  • Bugfixes and performance improvement.
  • CrococryptFile v1.3 includes the crypto suite "cloaked archives". What exactly does "cloaked" mean in this case? The answer is related to the topic of "plausible deniability", a feature for instance of the famous TrueCrypt and similar tools. However, there is no real deniability using single files.
  • Basics:
  • TrueCrypt - as an example - allows to store an encrypted container within an encrypted container. Since without knowing the decryption key an encrypted container looks like random numbers, a hidden container within an encrypted container is generally not detectable. I am solely talking about technical detection. It has been discussed very often which use plausible deniability can have in practice, let's say in case of torture, but that is not the topic of this article.
  • A "cloaked" CrococryptFile archive also looks like a file of random numbers. The archive has no visible header if you do not have the corresponding decryption key. However, a file full of random numbers can be detected as such and hence can be identified as an encrypted file with a very high probability. In this respect, there is no easy deniability in that case. On the other hand, no one can prove or verify that the file is a CrococryptFile archive.
  • Use case:
  • A file without header, without file extension and maybe a meaningless filename can be used as a backup archive, for instance to put into your cloud storage. CrococryptFile works stream-based and can create and extract archives of arbitrary size very efficiently.
  • For the use case of cloud backups the usage of cascading ciphers in this format is also interesting. AES and Twofish using 256 bits keys are used. This is similar to the file encryption tool CrococryptMirror.
  • Encryption scheme
  • Other than for instance TrueCrypt, this archive format of CrococryptFile does not use a fixed iteration count when deriving the encryption key from the password or passphrase. The current version indeed uses a specific value between 50000 and 60000 (suitable for using on a standard PC at the moment), but this can be changed in the future or even be made customizable by the user and still would be compatible to the format. Following PBKDF2 (PKCS#5), the current implementation works with an iteration count up to 9223372036854775807 (maximum long value). Even this could be enlarged.
  • The correct derived keys (and hence the correct passphrase) are determined through the first 128 bytes of the file which - as said before - looks like random numbers without any pattern. The first 64 bytes are a random vector, the second 64 bytes contain the random vector encrypted using AES and Twofish. At every single iteration step, it will be checked if both values match by performing a decryption attempt. The iteration count used at generation time (encryption) is not stored.
  • The technically adept reader has probably already realized that the derivation is an endless loop. That means, CrococryptFile will never finish in case a wrong passphrase is provided. However, the decryption process can be canceled comfortably at any time by the user. In the normal case, the decryption lasts only a few seconds - if you know the passphrase. An attacker however who wants to try a brute-force attack using a password generator or a password list has to use a fix iteration count to make the attack reasonable.
  • This format obviously is not meaningful for any use case. And to clarify again: CrococryptFile saves this format without file extension. The file can be renamed arbitrarily and a decryption attempt can be performed on any file using the corresponding application option (Windows: see startmenu). However: CrococryptFile itself does not know if the file is a known archive until it discovers the fitting key!
  • The sky is the limit:
  • To "cloak" files even better, there exists a second mode which enlarges the created archives to a multiple of 1MB using random numbers. At decryption these will simply be ignored. It is also possible to enlarge these files to an arbitrary size using external random number generators and tools to add data at the end of the file. This data will be ignored as well when decrypting.

New in Portable CrococryptMirror 1.2i (Feb 10, 2016)

  • Fix: This is a minor security update because of a NSIS installer security fix (Windows-Setup only). The application has not changed.

New in Portable CrococryptMirror 1.2 (Jan 18, 2016)

  • Support for 32Bit-Windows added
  • Small bugfixes, especially: Under unclarified circumstances, it could happen that no file dialogs appear. This is fixed now.

New in Portable CrococryptMirror 1.1 (Jan 18, 2016)

  • Rebranding: This is the first version which includes the new naming convention "CrococryptMirror"
  • Minor bugfixes for more stability

New in Portable CrococryptMirror 1.0 (Mar 26, 2015)

  • Bugfix: Special characters or non-ASCII chars in the container path prevented the synchronization.
  • Enhancement: Existing and to be imported containers, now, do not require an existing source folder. Hence, decryption and Explorer view work without source.
  • Enhancement: If the manual synchronization is not finished, now, a message box appears when clicking the sync button again.