- OpenVPN IPv6 and IPv4 configuration - Mon, Mar 1 2021
- 4sysops author and member competition 2020 - Fri, Jan 1 2021
- Assign an IPv6 address to an EC2 instance (dual stack) - Tue, Dec 15 2020
Quick Crypt encrypts files with AES 256-bit up to a file size of 1GB. Depending on your computer’s power, encrypting such large files can take a while. To encrypt a file, you can either navigate to its location in Quick Crypt’s interface or just drag the file to the Target File field. Another option is to add Quick Crypt to File Explorer’s “Send to” context menu. You can find the corresponding command in Quick Crypt’s tool menu.
If you want to use a key file, you have to first create the key file and then drag it to the password field. You can secure the encrypted file with an additional password.
The free encryption tool doesn’t have many features, but some of them are interesting. The tool offers a switch that ensures that you can only decrypt a file on the computer where you encrypted it. Quick Crypt uses a “system ID” for this purpose but doesn’t say how this ID is created. The tool appears to use a technique similar to one that software vendors use when they want to make sure that a license key can only be used once on a particular machine. The help file warns that you might be unable to decrypt the file if you make major hardware changes to your computer.
This feature is useful if you want to store the encrypted file on a cloud drive. Even if someone knows the password or accesses your key file, that person would still have a hard time decrypting the file if he or she doesn’t have access to your computer.
Encrypt using a system ID
The developer seems to have had this use in mind because Quick Crypt can copy or move the encrypted file to a configurable cloud drive. You just have to make sure that you don’t decrypt the file on the cloud drive later. Even if you erase the clear text file later (which Quick Crypt supports), your cloud provider might have already created a copy of the file, which you can no longer access. Unfortunately, Quick Crypt always stores the decrypted file in the same folder as the encrypted file. Thus, you have to first copy the file from the cloud to your PC before you decrypt it.
Sync with cloud drive
Another interesting feature allows you to configure a period after which the file destroys itself if someone tries to decrypt it. I’d say this is a nice feature for James Bond wannabes. Aside from serving the Queen and country, I wasn’t able to think of another purpose.
Perhaps this feature is connected to Quick Crypt’s ability to add a clear text comment to the encrypted file. You can view this comment by clicking the key symbol next to the file name field after you load the encrypted file into Quick Crypt. You could use this feature to add hints about the password that only the person who is supposed to decrypt the file can know. Of course, this is another Secret Service knick-knack, and I wonder if this tells us something about the people behind Quick Crypt. This brings me to my warning.
I started to test the tool in good faith after I read reviews on reputable sites. I somehow assumed that journalists would only review software from reliable sources. However, when I looked more closely at the website of Quick Crypt’s maker Valkova Technology, I was quite surprised that no information is available about the organization or the persons behind the tool. The domain name is registered at GoDaddy without any information about the domain owner. GoDaddy is well known for hosting all kinds of dubious websites; if the creator of a free encryption tool uses such camouflage tactics, it is, of course, highly suspicious.
Quick Crypt is listed on various download sites and usually gets high ratings. One of the antivirus engines in VirusTotal believes to have detected malware, but this was probably a false positive. However, such tests can’t tell you anything about the trustworthiness of an encryption tool. The point of encryption is to secure sensitive information—information that could be valuable to third parties. Hence, whenever you encrypt files, you have to trust the developers because you have to be certain that your files are not shared in clear text with third parties. Checking if the program establishes an Internet connection before using it is pointless, because the tool could just wait a certain amount of time before it contacts its owners.
I contacted Valkova Technology for a comment, but it’s been three days and I haven’t received a reply despite the website’s claim that the developer would respond to requests within 24 hours. Obviously, he didn’t really like my questions. Therefore, I can only warn you against using the tool at this point. This same applies to all other free encryption tools, including TrueCrypt, where it was unclear who is really behind the software. When it comes to using encryption software, you always have to believe that the developers are trustworthy and that bad PR would do the company more harm than anything they could gain from your data. If I receive a comment from Valkova, you will read about it on 4sysops.
What do you think? Would you trust an organization where no information is available about the person behind it?