1) Blowfish's key length is variable from 4 to 56 bytes, however, Java's export restrictions only allow a maximum of 16 bytes. It's not 'Any length' as described in the 'Algorithm info' window.
2) ARC4's key length is variable from 1 to to 256 bytes, but again Java's export restrictions cripple this to a maximum of 16. It's also not 'Any length'.
3) The block ciphers only use ECB mode, and since a picture is worth a thousand words, I'll let the picture at the bottom of this section on Wikipedia explain why that's bad: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
4) RC4 is used in a more insecure way. There are no precautions taken against the Fluhrer, Mantin and Shamir attack.
5) The password input is used directly as a key, unless the password is greater than the key length, at which point it is hashed with SHA-1 and truncated to key length. Wouldn't it be better to just use truncated SHA-1 or SHA-256 in the first place? You might also want to use a salt.
6) There's no checking before decryption to see if the password entered was correct. I can understand the reason for this from a power user perspective, but Joe User is going to complain heavily to you when he decrypts his document with the wrong password and it comes out as garbage, but is still unaware of what went wrong.
I am a Free member 
+2
jFileCrypt
1) Blowfish's key length is variable from 4 to 56 bytes, however, Java's export restrictions only allow a maximum of 16 bytes. It's not 'Any length' as described in the 'Algorithm info' window.
2) ARC4's key length is variable from 1 to to 256 bytes, but again Java's export restrictions cripple this to a maximum of 16. It's also not 'Any length'.
3) The block ciphers only use ECB mode, and since a picture is worth a thousand words, I'll let the picture at the bottom of this section on Wikipedia explain why that's bad: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29
4) RC4 is used in a more insecure way. There are no precautions taken against the Fluhrer, Mantin and Shamir attack.
5) The password input is used directly as a key, unless the password is greater than the key length, at which point it is hashed with SHA-1 and truncated to key length. Wouldn't it be better to just use truncated SHA-1 or SHA-256 in the first place? You might also want to use a salt.
6) There's no checking before decryption to see if the password entered was correct. I can understand the reason for this from a power user perspective, but Joe User is going to complain heavily to you when he decrypts his document with the wrong password and it comes out as garbage, but is still unaware of what went wrong.
MatrixJam
Vuze