Encryptr App.

Updated 12 November 2017.

Copyright: European Union Public License, version 1.2 (EUPL-1.2).

There are specific use cases where Encryptr is the best solution. We explain this in this article.

Disclaimer : we are not affiliated to any of these Companies, this article is 100 % our own findings and there is no affiliate marketing in place through the links provided below for your convenience.

How we write our reviews: To ensure an unbiased and thorough review all apps are tested:
• In real time, i.e. we use it on real projects.
• By different team members located in different countries.
• With different devices and operating systems.
• For a minimum of two weeks, four on average.
• Article is peer reviewed by other team members then sent to the app’s publisher for final review.

We created an article where we reviewed password managers; our aim was to decide which application was best to use for our business. Encryptr was included despite the fact that it is not usable for groups as it has no sharing feature. You can find a full description of Encryptr on Spideroak’s website. There are specific use cases where Encryptr is the best solution.

1. Use cases:

  • To pass-on data anonymously.
  • To backup some specific credentials you don’t want to see in your main password manager, but you don’t want to register to another provider.
  • To sync specific data between your devices.

2. Specifications of Encryptr:

  • End-to-end, zero-knowledge encryption (Note 01).
  • Open source (Note 02).
  • Auto log off.
  • Intuitive.
  • Free.
  • Cross-platform (Note 03).
  • Can share notes as well.
  • No recovery option.
  • Offline access which is sensitive to device theft as it stores data on APPDATA folder (Note 05).

3. Example for passing on data anonymously:

Step 1:

  • Create a specific login-password combination for the data you want to pass on.

Step 2:

  • Give this combination to your addressee.

Step 3:

  • Once the addressee has confirmed he/she has access to the Encryptr, delete it from your computer.

4. Pros and Cons in this use case:

4.1 Pros:

  • Your addressee does not need to open an account with a password manager provider.
  • Intuitive application, there is nothing to learn or understand for your addressee.
  • Downloading the Encryptr application is free and anonymous: no registration with Spideroak.
  • Cross-platform means you can use it with anyone regardless of their computer habits.
  • You can share login credentials but also notes.
  • No direct real time communication between parties during the transfer, by reducing communication events there is less chance of interception.
  • No recovery option (SMS or email) means less attack surface for state-sponsored criminals (Note 04).

4.2 Cons:

  • Data is stored locally on your computer meaning it can be hacked (Note 05). Your hard drive must be encrypted at all time and once you’re done with an Encryptr you should delete it by going to the APPDATA folder and using a freeware like Privazr (Windows).

5. Notes:

(1) Zero knowledge encryption means key must be stored on the user’s device otherwise it’s not protected against state-sponsored criminals. Of course, this doesn’t mean they can’t give the government plain text messages — just that it would require them to actively hack the user in order steal the required password.

(2) Open source doesn’t guarantee someone has actually taken the time to audit the code for backdoors or weaknesses, but it shows a will to be transparent. Source code of Encryptr is available.

(3) Must be accessible from iOS, Android, Windows, Linux and Mac desktops. We don’t do Windows phones or Blackberry because it would restricts the list, it’s almost impossible to find a solution.

(4) Police, prosecutors etc. Their crimes are “legal” since they’ve corrupted state institutions. They are the most dangerous sort of criminals, to an individual or to a country. If they’ve done something illegal, they can cover it up any ways they like. They can intercept and read IMAP, POP3, TLS, SSL. They can spoof your email provider SSL certificate. They can have access to your SMS, emails, meaning a recovery option is often an easy attack possibility for them. That’s why you should always use encryption software, encrypt your devices, and buy hardware outside the country you operate.

(5) There are specific software designed to crack these password managers, for example Elcomsoft: https://blog.elcomsoft.com/2017/08/one-password-to-rule-them-all-breaking-into-1password-keepass-lastpass-and-dashlane/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s