UwU

PyQuCryptor

What is PyQuCryptor?

PyQuCryptor is a modern, "post-quantum", open-source, encryption application. AES-256-CTR is the cipher used to encrypt the files. Then encryption keys are encrypted with AES-256-CTR again but this time with a key derived from the user generated password. This is a project for the Congressional App Challenge, but unlike most people with their apps for the challenge, I actually plan to support this for as long as possible. But keep in mind that the update frequency will be very random as I am lazy.

The program is licensed under the BSD-3 Clause No Nuclear 2014 license, which is a free and open source license. The program is purely written in Python and is made for Python 3.12 and 3.11 (3.12 came out during development and we just decided to port it over). PyQuCryptor has binaries for Windows and a MacOS port coming (if I ever got around to it).

In depth information about PyQuCryptor

The order of operations for PyQuCryptor:

* AES-256-CTR with a 11-byte nonce is used due to the limitaion of a 12-byte nonce only allowing for the encryption of up to 64 GiBs of data, 11 bytes would allow for 16 TiBs of data.

** The encrypted file is 207 bytes longer than the original due to the addition of the file headers.

Design Considerations

I wanted this app to provide quantum resistant encryption, and as such, I used AES-256-CTR. I chose a 11-byte nonce for the encryption of the file simply due to the need of large amount of encrypted data. 12 bytes would only allow for the encryption of 64 GiB (Gibibytes, 2^30 bytes). AES-GCM would be the better choice, but it has a file limit of 64 GiBs and I do not want to mess with padding for AES-CBC, plus AES-CTR is relatively easy to implement

I chose a 2 phase encryption setup due to the need of brute force protection and speed for determining that the entered password is wrong. If I chose to encrypt the entire file using the user-key then the program would have to wait until the entire file finishes decrypting. The extra time it would take to calculate the user-key, decrypt the internal header, and hash + verify it would take some extra time that is not noticeable to the average user but noticeable to anyone trying to brute force it.

The program limits users to passwords 12 letters and up and blocks them from using the same character 4 times in a row to allow for greater randomness in the user's password. The most easy way to break state-of-the-art encryption is to simply guess the password. But by forcing the user to use a strong password, this is relatively mitigated and teachs the user about strong password habbits.

GUI

The GUI for PyQuCryptor borrows from Mullvad VPN. Mullvad VPN features a quite frankly amazing GUI and I took design insipirations from it. Another person originally wrote the code for the GUI, but I have fixed it up a bit and improved it to fix the 2^256 global variables.

Other

PyQuCryptor follows the KISS philosophy, Keep It Simple, (Because I'm) Stupid.

This information is provided to the best extent of my knowledge, there may be minor errors in the details. If you spot one, please open an issue on the GitHub repository here.