Comments on: Encrypt Files and Folders With Pictures and Not Passwords

By: mohamed

mohamed — Sun, 18 Jul 2010 14:21:05 +0000

je cherche mot passe de on msn ?

By: folder encryption software

folder encryption software — Fri, 09 Oct 2009 10:01:50 +0000

thanks for sharing ..very useful blog

By: sensi

sensi — Thu, 17 Sep 2009 10:36:14 +0000

Thanks for blogging about this software.VERY nice, i am impressed. keep up the excellent work.
Raymond.

By: MikeD

MikeD — Sun, 27 Jan 2008 15:33:55 +0000

Raymond, one of the first rules of encryption security is to always assume that the attacker knows the software and method you used. If you’re going to ignore that rule, then you might as well not encrypt.

It’s not hard to find out that someone has encrypted files on their system. It’s easy to see what software is installed. From those two facts you can deduce PixelCryptor. After that all you’d need to do is run a search on the system for picture files (Start, Search). Next, compare the last accessed date of the pictures with the creation time of the encrypted file. That instantly tells you the picture that was used.

You don’t even need computer forensic software or programming skills to do this, just a little knowledge.

If encryption companies really want to protect noobs, they shouldn’t make snake oil products like this. Noobs who want to protect their files should skip the gimmicks and learn to use TrueCrypt.

By: Raymond

Raymond — Sun, 27 Jan 2008 00:55:45 +0000

Andrew, that makes sense IF the attacker knew “how” the PixelCryptor works and able to write a program that searches all images on the computer.

If an attacker has this good knowledge, I doubt he wants to decrypt someone’s file that uses PixelCryptor. Instead, he should be looking for TrueCrypt to decrypt. It’s like a really good hacker trying to hacker a n00b.

By: Andrew

Andrew — Sat, 26 Jan 2008 19:08:33 +0000

So if the ‘attacker’ knew you used this program, he/she knows that you probably stored the image on the computer as opposed to the internet. Wouldn’t it be easy to write a simple program that takes all of your image files on your computer and try the decryption process?

Isn’t it more like saying, “Hey my password is an image file on my computer, start with My Pictures and move on from there”?

Let me know if I got something wrong!

By: Rob

Rob — Thu, 24 Jan 2008 03:59:09 +0000

The only issue I can see is that if someone even slightly alters the image used to encrypt the data, it’s end of story. Let’s say you use a JPEG to encrypt the data – Open the JPEG file in an image editor to look at it, accidentally hit “Save” and the file is re-compressed, changing the data in the JPEG and denying access to your encrypted data.

But then again, if you treat the encryption image like a password and keep it safe (from editing etc) then it won’t be a problem.