Skip to content

Releases: victormeloasm/froglock

FROGLock GHOST 5.4

08 Nov 23:01
@victormeloasm victormeloasm
5.4
1a41a52
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
FROGLock GHOST 5.4 Latest
Latest

v5.3.1 — Ghost Hardened

Security

  • Unbiased FROG private key generation

    • frog_privkey_generate() reimplemented using rejection sampling over [1, n-1].
    • Removes the small statistical bias caused by k % n when generating ECCFrog522PP private keys.

  • Time-based Argon2id autotune

    • argon2id_autotune() now calibrates {t, m, p} by measuring real derivation time.
    • Aims for about ~500 ms per derivation on the user’s machine.
    • Keeps Argon2id expensive on powerful machines without destroying low-end systems.

  • Explicit hybrid scheme metadata

    • pass_params_make() now records the following fields in the header:
      • wrap_order = "kem_then_pass"
      • alg_suite = "FROG-522PP|AES-256-GCM|Argon2id"
    • Makes the hybrid format self-describing and easier to validate in future versions.

  • Strict validation when reading headers

    • decrypt_stream() now rejects files whose wrap_order or alg_suite do not exactly match:
      • wrap_order = "kem_then_pass"
      • alg_suite = "FROG-522PP|AES-256-GCM|Argon2id"
    • Prevents partially compatible or unexpected hybrid schemes from being accepted.

  • Extra zeroization of sensitive material

    • In addition to the DEK, the password-derived KEK (kek_pass) is now also:
      • converted to a bytearray,
      • locked with VirtualLock (when available),
      • wiped with RtlSecureZeroMemory after use,
        in both encrypt_stream() and decrypt_stream().
    • Reduces the exposure window of derived keys in memory dumps.

  • Optional anti-debug via environment variable

    • Old behavior: detecting a debugger (_dbg()) would always terminate the process.
    • New behavior:
      • The app only exits if FROGLOCK_STRICT_ANTIDEBUG=1 is set in the environment.
      • In normal / dev usage, the app no longer kills itself just because a debugger is attached.
      • For paranoid deployments, setting the variable restores the aggressive protection.

UX / Interface

  • More compact window (no stretched look)
    • Window size adjusted from 940x680 to 820x620.
    • Keeps the exact same layout (cards, buttons, labels), but with a more balanced aspect ratio
      and less empty horizontal space.

Compatibility

  • Keeps the existing .aesc / .froglock file format intact.
  • Preserves:
    • The keypair generation & saving flow (frog522pp.sk / frog522pp.pub).
    • The FROG recipients flow via GUI.
    • Paranoid Mode, AttemptTracker, and other existing protections from v5.3.
  • Changes focus on hardening the cryptographic core without breaking user experience
    or compatibility with previously encrypted files.
Assets 3
Loading

FROGLock Argon 2025AK — Ghost (v5.3)

20 Oct 23:19
@victormeloasm victormeloasm
5.2
4ba8ff8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
FROGLock Argon 2025AK — Ghost (v5.3)

🐸 FROGLock Argon 2025AK — Ghost (v5.3)

Release date: October 20, 2025

Changelog:

  • New SecureEntry: Passwords are now handled as in-memory bytearrays and immediately wiped after use to reduce exposure.
  • Parallel KEM: Added multi-recipient parallel encapsulation using adaptive thread pool.
  • Adaptive Chunk Size: Encryption chunk size now auto-adjusts up to 4 MiB based on system RAM and file size.
  • Optional mmap Mode: For files ≥ 1 GiB, memory-mapped I/O can be enabled with FROG_MMAP=1 for faster throughput.
  • Improved Windows Hardening: Added SetErrorMode, IsDebuggerPresent checks, and secure memory locking with best-effort fallback.
  • Automatic ACL Protection: Files are restricted to the current Windows user when pywin32 is available.
  • Clipboard Hygiene: Clipboard is wiped automatically after encryption.
  • Enhanced Paranoid Mode: Locks browsing, forces manual paths, randomizes output name, and suggests secure deletion.
  • Memory-Safety Enhancements: DEK, password, and KDF buffers are explicitly zeroized with RtlSecureZeroMemory.
  • Modern Dark UI: Redesigned Tkinter interface with responsive dark theme, tooltips, and virtual keyboard.
  • Anti-bruteforce: Added per-file attempt limiter with cooldown window.
  • Miscellaneous: Code cleanup, canonical Base64 handling for public keys, and improved hybrid KEM+pass validation.
Loading

FROGLock GHOST

08 Oct 21:37
@victormeloasm victormeloasm
1.0
6cdc3cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
FROGLock GHOST

📜 Changelog

[1.0.0] – 2025-10-08

Added

  • Initial public release of FROGLock.
  • Hybrid cryptography core: AES-256-GCM + ECCFrog522PP.
  • Full keypair generation for ECCFrog522PP (Presunto Power) with secure .sk handling.
  • Support for recipient public keys with Base64 encoding.
  • Secure file encryption and decryption workflows.
  • Automatic clipboard sanitization after use.
  • Paranoid mode toggle (UI + hotkey F9).
  • Virtual keyboard to protect against keyloggers.
  • Secure random password generator (45 chars, full charset).
  • File wipe on exit (frog522pp.sk securely deleted).
  • Windows-specific hardening: disabled Min/Max buttons, memory protections, ACLs.
  • Auto-clear password field after 5 minutes of inactivity.
  • Status/progress bar with percentage.
  • Logging is memory-only (never touches disk).

Changed

  • Improved UI symmetry: centered header, buttons aligned.
  • Security notes embedded in UI (clipboard, paranoid mode, key wipe).
Loading