Do we need a new encryption? Why do we need a new cryptography? Those are the two questions I’ve asked the creator of Krypton-320 a 320 bit Java based symmetrical encryption repeatedly for months.
Creator notaidan, believes that we do need a new cryptography, many of his answers over the months to questions are privacy driven. In the early days of krypton formerly uwucrypt, i asked why not just use AES? Notaidan pointed to that AES is government approved and we need protection from the government. While he didn’t say it nor does he believe he implied it, this argument inherently states that AES must be insecure , which no one knows of for the government to approve it. We whole heartedly disagree here, since anyone can read the code of AES that’s been available for decades.
So why krypton cryptography? Could it be that notaidan is 14 per his github site and just wants to create for the fun of it? No, he believes it is stronger than aes-256 because it is 320 bits. He has rewritten it about ten times. Whenever a bug is found, he doesn’t just patch the bug, he rewrites it entirely.
So is krypton encryption something we should use? That’s where uncertainty lies. With the codebase being rewritten all the time, it’s hard to analyze it and decide okay this is secure or insecure. What was said about Krypton earlier this week, no longer applies, so trying to form an opinion about it, is simply not doable at this time.
Is the Java libraries used safe? It uses secure random, big integer, scanner, and one other. All of these are well known, secure, libraries so yes there is no problem there. The only thing left is for some of the cryptography community to decide if the latest krypton-320 bit encryption is indeed better than AES and more secure as it is being touted. This will be updated as information becomes available.
One thought on “Krypton, a new encryption — is it worth our time?”
Greetings! Very useful advice within this article! It is the little changes that make the most significant changes. Many thanks for sharing!