Protected Mode... Anti Keyloggers Shield |
With version 1.3, Speedcrypt introduces a new Password Input Protocol, namely traditional keyboard typing. Now, it's possible to encrypt as many files as you want with just one Master Key. In practice, there are two protocols: Dragging with the mouse or Keyboard Typing. The first is much more rigid, as it accepts only one file list for each Password, while the second is much more flexible, allowing you to encrypt as many files as you want with a single Master Key. Of course, Keyboard Typing exposes users to the risk of infamous Keyloggers, programs capable of recording everything that is typed. That's why Speedcrypt offers its users some precautions to minimize the aforementioned risk as much as possible.
I highly recommend reading the information provided on this page of the Online Guide. You will find many details that can be helpful in understanding and mastering the new features that the Speedcrypt Project offers to its users!
Keyboard Typing |
The Password Typing takes place within a protected text box that tries in every way to assist the user so that the entered Passwords are as robust as possible. Now let's see the criteria with which Speedcrypt manages the input of passwords via the keyboard.
- For a password to be considered suitable and accepted by Speedcrypt, it must have a score higher than 2 points. This significantly reduces the risk of entering strings that are not up to the task they will have to perform.
- You can view the string with the dedicated button, but not during typing. This provides much better protection against any prying eyes.
- The Delete key has been suppressed; instead, you can use the Backspace key or any other combinations that perform its function.
Inserting a Master Key
When entering a Password via keyboard input, always ensure that you adhere to the rules that characterize a good Master Key, avoiding the classic mistakes that allow a malicious actor to guess the typed string. In this regard, Speedcrypt assists you significantly by accepting only values that exceed the minimum estimated score, which is 2 points.
If your Password is deemed suitable, it should not be the same as the one you use for your accounts or other certification protocols. You can still research online to understand what the best strategies are for creating a strong password. There are many websites that offer excellent solutions, like this one I recommend.
The strong password generator
In this version, Speedcrypt introduces a small Password Generator that will be expanded and enhanced in subsequent releases. This generator produces strings with a length of 30 characters and can be created in two different ways:
- Generation via specific button
- Generation via mouse cursor
Clearly, generating complex passwords with thirty characters can be quite challenging to memorize and recall when they need to be typed. For this reason, Speedcrypt helps you save them in specific encrypted files with a .msk extension using an alphanumeric PIN. Let's see what could be a good strategy for storing Master Keys within an encrypted file:
- Enter an alphanumeric PIN that is easy for you to mentally memorize while being complex enough to deter potential wrongdoers. Ten characters, including letters and numbers, should be more than sufficient for a robust PIN. If you prefer, you can rely on Speedcrypt to generate a random PIN using the dedicated button: values within a range of 4, 5, 6 numbers will be provided. You can then add letters to create a string that is familiar and easy for you to remember.
- For manual PIN generation, you can also use the numeric keypad provided by the program. If you suspect that a Keylogger might be installed on your system, this is the optimal solution to render it ineffective. You would only need to enter any letters. Specifically, the Keylogger would only capture a small portion of the PIN, making it quite challenging to reconstruct the original string.
Once you have generated the PIN that you deem suitable for your needs, you can store the complex Password inside a file encrypted with the .msk extension, which will be entrusted to the AES Rijndael algorithm with a 256-Bit Key. During this process, using the same technique to enhance the Master Keys, your PIN will be strengthened by Speedcrypt using the Blake 256 HASH Function and then encrypted. If possible, always save files with the .msk extension on external mass storage devices such as a USB Flash Drive over which you have sole control.
When you need to retrieve the encrypted file, simply enter your PIN and then, using the appropriate button, load the file. At that point, you will be ready to potentially decrypt the list of files previously entered.
Protected Mode |
The Protected Mode feature introduces, in this version of the Speedcrypt Project, a shield to better defend against the notorious Keylogger programs. In practice, a Secure Desktop is created within which Speedcrypt can operate with relative tranquillity, repelling attacks from most known Keyloggers. Use this mode only if you decide to use the Password entry protocol that includes Keyboard Typing. The Drag-and-Drop protocol is completely immune to software that captures keystrokes. Let's now see what the requirements are for the Protected Mode to function correctly within your system:
- .Net Framework 3.5. Many applications use this runtime execution environment, so it's very useful to have it installed on your system. If it's not the case, the operation is quite simple: when you launch Protected Mode, Windows will notify you that this tool is needed and will allow you to download and install it through an easy and convenient procedure. Alternatively, you can download it from the Official Website and then proceed with the installation.
- In the auto-installing version, Administrator Privileges are required, a condition that can be easily achieved by right-clicking on the program's icon or directly within Speedcrypt. Automatically, Speedcrypt is capable of assigning itself these privileges.
Based on the tests conducted, Protected Mode works excellently on the vast majority of systems. However, this doesn't mean that on specific devices it might encounter issues, especially in the presence of certain graphics drivers. The results of our tests show a very positive outcome. We will learn more as Speedcrypt becomes more widely used among users.
Entering Protected Mode
As previously mentioned, to use the Protected Mode with the auto-installing version, the first step is to assign Administrator Privileges to Speedcrypt. This can be done in two different ways:
- Right-click on the program's icon and then left-click on the Run as Administrator option. Speedcrypt will start with these privileges and will immediately be ready to enter Protected Mode.
- Once Speedcrypt is launched, simply click on the menu item called Administrator Privileges in the program's Options (CTRL+N) or click on the corresponding button. Speedcrypt will restart with the required privileges and will be ready to enter protected mode via the menu item called "Launch Protected Mode" (CTRL+P) or by clicking on the respective button.
Note: It may happen that, during the transition of Speedcrypt to Administrator Privileges, the alarm message may be displayed warning of a change in the Configuration File. Simply ignore it as there is no tampering condition with it.
Regarding the Portable Version, the step involving Administrator Privileges is not necessary at all. Since it doesn't require installation, it is immune to the restrictions that Windows imposes on programs residing in the Program Files and Program Files (x86) folders. You can run the Portable Version directly from an external mass storage device, and the Protected Mode will work perfectly. One recommendation: do not change the name of the folder containing the Portable version, which is Speedcrypt.
Speedcrypt in Protected Mode
When Speedcrypt operates in Protected Mode, it disables certain components of the program that could cause functionality and security issues. Therefore, some menu items and related buttons will be disabled. Let's see which ones:
Protected Mode | ||||
Menu Items | Password Entry Protocols | Keyboard Combinations | ||
Restore Encryption Archives... | Drag and Drop | Ctrl+Alt+K: Emergency exit | ||
Reset all Archives... | Keyboard Typing | Ctrl+Alt+V: View processes currently open in the Protected Mode | ||
Ctrl+Shift+Esc: Open Task Manager in the Protected Mode | ||||
Contents... | ||||
Topich Search... | ||||
First Steps... | ||||
Security... | ||||
Help Online... | ||||
Speedcrypt Website | ||||
About Speedcrypt |
Inside Protected Mode, all operations related to dragging files and their respective Master Keys are temporarily suspended. You can use Speedcrypt with the second security protocol instead. You can import files to encrypt or decrypt using the appropriate menu items and buttons. Password input can be done through typing or generation. The same applies if you choose to launch Speedcrypt with Administrator Privileges.
Note: If something goes wrong, for any reason, and the Protected Mode is closed, a file named ProtectedMode.lock is created which prevents the next restart of the Secure Desktop. Nothing to be alarmed about, simply navigate to the program's folder and delete the mentioned file. Everything will return to its previous state and function as usual. Please note that exiting Protected Mode also results in the immediate closure of the program!
The advantages of Protected Mode
- An excellent hedge against currently known keyloggers
- Prevents accidental presses of PrintScreen if privacy is a concern. You can act by holding down the Ctrl.
- After the Primary Process is closed, an efficient cleaning system eliminates all orphan processes usually created by Malicious Programs.
Limitations of Protected Mode
- The functionality is not guaranteed on every type of device. On some systems, graphics drivers or other types of drivers might interfere with its operation.
- The Protected Mode creates a new Desktop within which access via WinApi is not possible, which implies limitations regarding Mouse and Keyboard interactions. Despite this, Windows memory management allows processes free access, enabling the modification of any other process's memory regardless of the desktop they are on.
- Unfortunately, the Protected Mode is unable to mitigate hardware Keyloggers or remote administration tools with privilege levels higher than Ring-3.
Conclusions
Speedcrypt provides a good level of security and strives to do so. Therefore, using the Protected Mode is not mandatory. You can work with the program in a context of relative tranquillity as there are already tools available that offer a good data flow. However, resorting to the Protected Mode, if deemed necessary, is an additional option for a secure cryptographic session. It's up to you!
Before using the Protected Mode and the new features of version 1.3, please take the time to carefully read the Online Guide pages that cover these topics. Compared to the previous version, Speedcrypt is now even richer in features. For effective use, it's advisable to educate yourself with the documentation!