Forums Community AxCrypt 2.0 and 1.7

This topic contains 134 replies, has 3 voices, and was last updated by  Doug 5 years, 2 months ago.

Viewing 15 posts - 91 through 105 (of 135 total)
  • Author
    Posts
  • #5239 Reply

    Nathaniel

    Actually you have to go onto this page first

    http://www.axantum.com/AxCrypt/Downloads.html

    Then click the link which says AxCrypt-1.7.3180.0-Setup.exe to download it.

    #5240 Reply

    Nathaniel
    #6092 Reply

    Dave

    Svante,

    I’ve been a long time supporter of your product development – I’ve done the manual paypal one off donations on a periodic basis until you provided a method of doing annual automatic donations through your online password vault service offering.  While I stored a few small things in the online vault, I really didn’t want/need the online vault, but rather, a way to regularly support you financially on an ongoing basis as I truly believe your file encryption application is one of the most trusted, versatile and easy to use products out there.  Now that you’ve released Version 2.0, what exactly happens to those paying customers to your online password vault product?  Should I cancel that “subscription” or does it convert somehow if/when I subscribe to the 2.x product?

    Regarding the changes made from 1.x to 2.x, I believe that I’m going to run into a problem with the existing 2.x version.  I’ve used the 1.x release as a sort of Multi-Factor Authentication mechanism for keeping sensitive data that my wife and I can easily access.  The MFA principle is that you have something that you know and something that you have.  In the case of my wife, she knows a very simple password that she never has to write down.  She also has a USB stick which contains a much longer key file stored on it (it actually contains many key files on it but only she knows which key file # to select in order to decrypt the encrypted files I copy to her laptop).  So when she needs to access our sensitive data on her computer, she grabs the USB stick, puts it in her laptop, and then when she double clicks on the encrypted file she wants to decrypt, she only has to remember her simple password and she must select the correct keyfile to decrypt the file.  We’ve used this method for years and I feel very satisfied knowing that she can easily access our sensitive data while anyone else trying to access it would have a particularly difficult time getting to it.  They would need to know the physical location of the USB key, which one of the keys on the USB stick is the right key file to use and they would need to know my wife’s password that she uses (which is different than what she uses for email, different than her laptop password etc.).  So your 1.x application has been a lifesaver for us.

    If I understand the change that comes with 2.x, key files are no longer an option to use to encrypt data and we are now stuck with a single password to encrypt/decrypt all files unless we choose to register the 2.x version multiple times with multiple email addresses.  Is my understanding correct?

    Being able to select an alternate password to encrypt a file is actually a desired feature for myself (and I suspect for many others) as I can encrypt files for my wife using the password she prefers, I can encrypt files for my friends and family that they prefer.  The use of “key files” provides a nice enhancement for those who simply are not into complex pass phrases.  Or even if they are into complex pass phrases, needing the key file adds the MFA experience into the equation.  The encrypted files can be safely backed up to a cloud service, while the keys can be kept offline.  That logical/physical separation is more secure – correct?

    Thanks again for listening to your supporters.  You have given so much to the community (freely) and I definitely want to continue to supporting you financially as I trust your work.  However, if the key file option is a thing of the past and the separate password to encrypt file option is also a thing of the past, then I’m going to severely struggle making the switch to 2.x.  I’m obviously going to continue 1.x for now and I hope that 2.x adopts some of those “classic” features that your follows have grown to love and depend upon.

     

     

    #6094 Reply

    Klaus

    I can assist you Dave from a users’ perspective.

    Your ‘MFA’ system is a relatively secure one although it is no more secure than a single complex passphrase. It’s definitely not a multi-factor authentication system – allow me to explain:

    AxCrypt 1.7 key-files work by storing an encryption key in a text file (which you store on a USB drive). You then throw in an easy to remember password; i.e. the key-file is really only a password!

    True multi-factor means exactly that: multiple (>=3) factors. For example a bank safe is a two-factor safe if it has a key and a combination. Having two different keys provides only a single factor of security even if two bank clerks held one key each. This setup is only designed to prevent one of the bank clerks opening the safe on his own.

    A thief would take his lock-picks and open both locks. Having one key and a combination makes it two-factor because it increases the factors (i.e. a key and a combination) needed to open it. It’s also much less likely that one thief on his own is going to be an expert at picking locks and breaking combinations. A bank would also throw in a third factor (hence multi-factor) by introducing a time-lock.

    Therefore your system, secure as it seems, isn’t providing true security. I’m not suggesting that your files are insecure, they’re not, but the system you operate gives you a false impression of multi-factor operation when it’s not: you’re actually just using one (very long) password albeit broken stored in separate places (your brains and your USB drives). A key-logger could capture the input and render it useless. Whereas a two-factor (e.g. a YubiKey) system would physically need a key stored irrevocably on the device – they’re glorified smartcards but much more robust and easier to carry around.

    AxCrypt 2 doesn’t support key-files. It has a new mechanism which is actually better suited to you and your wife.

    • You create an AxCrypt 2 account with your own email address and your own password
    • Your wife creates an AxCrypt 2 account with her email address and her password
    • You (or she) then share the files you both want access to

    That setup works perfectly because you both have your own password and the added security that you don’t need to mess around with key-files. Imagine if your USB was lost, stolen or damaged! You’d lose access to all your files (unless you had all of they key-files backed up).

    With AxCrypt 2 the security is increased to AES-256 bit which is twice as strong as AES-128 to that used in AxCrypt 1.7.

    However if you want the experience of a key-file in AxCrypt 2 you could buy yourself and your wife a YubiKey (other devices are available) and use a static password. Read the link for more. Basically you insert the key into your USB drive, press the button and it will input a password of “any combination of 16 to 64 characters and/or numbers”.

    Example:

    • DAVEU9l3#iIOVX1hG1$hY@ted6405
    • U9l3#iIOVX1hG1$hY@ted6405DAVE

    So you you’d type in “DAVE” (or whatever your easy to remember password is), press the physical button on the YubiKey and then the whole password would be inserted. Or you could press the physical button, the password would be inserted and then you type “DAVE”.

    Your wife could have a similar setup but with her own password. It’d actually be a more secure setup than your current situation because you’d each have your own password. You’d also be able to have files that only you could access and similarly she could have files that only she could access. Anything shared would be accessible to both.

    Using a YubiKey in the suggested manner doesn’t utilise its smartcard functionality – i.e. if you lost it, just as if you lost your USB, somebody could trivially extract the password. That’s why it’s so important to substitute “DAVE” with something you’ll remember. My advice would be to store the master password, i.e. both parts, somewhere very safe.

    AxCrypt 2 gives you increased security because you choose one very complex passphrase and that’s it. No more multiple key-files, and therefore less chance of you damaging a key-file, you’re less likely to forget one password and you get the benefit of modern encryption.

    You can also upload your files into your cloud storage service far more conveniently with AxCrypt 2’s ‘cloud awareness’ feature as it allows you to have a designated folder where only encrypted files will be uploaded to the cloud.

    Only one person needs the premium version in order to share the files with the other although if you wanted to support AxCrypt you could always buy two licenses.

    If you really like AxCrypt 1.7 you can still use it but the security is greater in AxCrypt 2 and your use of AxCrypt 1.7 doesn’t significantly increase your security whereas upgrading to AxCrypt 2 does.

    #6105 Reply

    Svante
    Spectator

    Thank you Klaus!

    #6106 Reply

    Svante
    Spectator

    Hello Dave,

    Thank you for your support! It’s really nice to hear. I think Klaus responded fairly exhaustively on the multiple key-issue. We may add some stuff to 2.0 like the ability to share via passwords, but it depends to be honest on resources which are still very limited.

    You also asked about the old subscription vs. the new. They are interchangeable, i.e. if you paid for old Axantum Xecrets, you’re also an AxCrypt Premium user and vice versa. However, we have discontinued new subscriptions to Axantum Xecrets, so when that expires you can continue to support us (and get the Premium features like mobile apps etc) by subscribing to AxCrypt Premium instead.

    #6135 Reply

    Dave

    Thanks for your quick reply.

    You mentioned that Axcrypt 2.x doesn’t support Key Files.  So for all of the encrypted files that I currently have which require a Key File, does that mean that 2.x will not be able to open those files?  Or when prompted for entering the password in 2.x, I have to type in my memory known password + manually copy and paste the keyfile data and append it to the end of the memory based password before I can open the file?  Once I close the file in 2.x, does it then save it using my 2.x master PW or is the file still encrypted in the old 1.x 128 bit encrypted format using the memory password + key file pw combo?

    I’ll have to read more on the 2.x product before trying to make the switch.  I guess the part that bothers me is that my once private complex password is now tied to an email address.  If my email ever gets hacked then it sounds like the hacker can then easily access my local encrypted files by using some sort of recovery option that the Axcrypt team have engineered.  Again, I’m not sure I 100% understand the tie in with email so I’ll go back to reading your documentation on 2.x.  For now, I’ll stick to 1.x.

    Thanks

    Dave

    #6136 Reply

    Svante
    Spectator

    Hello Dave,

    AxCrypt doesn’t support key files for new files, but it is backwards compatible with AxCrypt 1, so you can enter the path to a key-file in order to decrypt and open AxCrypt 1 files.

    #6137 Reply

    Gustav

    Dave- Klaus has given an excellent reply, he covers a number of issues which are worthy of reading carefully.

    I’ll answer your new questions: excuse any poor English.

    “You mentioned that Axcrypt 2.x doesn’t support Key Files. So for all of the encrypted files that I currently have which require a Key File, does that mean that 2.x will not be able to open those files?”

    AxCrypt 2 supports the old key file but only to allow you to open the old AxCrypt 1.x files. You will get asked for your password at same time.

    When AxCrypt 2 decrypts your AxCrypt 1.x files using your key file it’ll convert it into AxCrypt 2 version. At this point your key files are no longer needed.

    “Once I close the file in 2.x, does it then save it using my 2.x master PW”

    Yes.

    “or is the file still encrypted in the old 1.x 128 bit encrypted format using the memory password + key file pw combo?”

    No.

    “If my email ever gets hacked then it sounds like the hacker can then easily access my local encrypted files by using some sort of recovery option that the Axcrypt team have engineered.”

    Your email being hacked would not degrade your security. AxCrypt encrypts your files using password that only you know. With AxCrypt 2 you have associated online account. This is only created to allow you to easily share files with other people like wife or friends.

    Your password is not tied to the email address. If you forget your password then you lose access to your files. The password only gives you access to online account.

    You can “reset” password in AxCrypt 2 but this only allows you to setup a new password so you can continue using AxCrypt otherwise you’d be locked out forever. It “resets” password going forward. Any files encrypted with old password cannot be decrypted unless you remember old password.

    A hacker getting access to your email would not change your security. All they could do is “reset” your online account password which would be pointless because AxCrypt online account doesn’t store your files. YOU still be able to decrypt your files but the hacker couldn’t (even if he got your file).

    “Reset” in AxCrypt 2.x is like using a new password in AxCrypt 1.x

    WARNING TO PEOPLE READING – AXCRYPT CANNOT DECRYPT YOUR FILES IF YOU FORGET YOUR PASSWORD. KEEP IT VERY SAFE.

    #6148 Reply

    Dave

    Once again, thanks for the quick replies to my post and for the clear answers.  Thanks for clearing up my confusion regarding tying the application configuration to an email address.  Also, while it is too bad that you no longer support the ability to easily encrypt different files with different passwords, I can appreciate your motivation for keeping things simple.  If it’s simple, people should use it.  The challenge, I believe, that you are having with your existing customer base, is that many of them are very technical and they have no problem selecting and using different passwords to send files (in the fashion they like) to other people.  I’m going to try to make the change to 2.x while still hoping that you will eventually build in the ability to encrypt files with a “temporary password” which is different than the master password.  It was your Version 1.x feature that first attracted me to your product in the first place and to have that taken completely away is dissapointing.

    Thanks again for the great work the team is doing.  Here’s to hoping that it takes off with the masses and that it becomes a profitable enterprise.

    Dave

    #6149 Reply

    Rascal

    I sure wish I understood the new version-I gave up trying.

    #6318 Reply

    Darmar

    I hate to register to anything.

    #6319 Reply

    Svante
    Spectator

    Hello Darmar,

    Thanks for your input – noted.

    #6589 Reply

    Doug

    Version 1.7 worked great, on Windows 7 and Windows 10.  I tried Version 2 lately, and find it to be complicated and confusing.  Worse than that, it has created an icon on my Windows menu that allows anyone to click it and up comes a window that shows any user the list of filenames that I have recently accessed.  This is just not acceptable – there seems to be no way to remove this list.

    Right clicking on any file in V1 gave a menu item to Clear Passphrase Memory, very important.  This seems to be missing in V2.

    I also say it is confusing because the first time I try to run V2 it asks me to create a long password, and there is no explanation offered in the Help feature, as to how this password is to be used.   Will that password be used to encrypt the files on my local PC?  If so, why does it need to be sent out over the internet and if not, why the very strict rules for password creation?

    What actually happened in my case, after I entered a “green” password, nothing happened when I clicked the continue button – after 10 minutes I gave up.

    I think these are several issues that should be fixed on V2, otherwise I’ll stick with V1.  But as free software, I do totally appreciate having use of V1.7 for several years and think it was a wonderful development.

    #6607 Reply

    Victor

    Worse than that, it has created an icon on my Windows menu that allows anyone to click it and up comes a window that shows any user the list of filenames that I have recently accessed.

    You can sign out of AxCrypt, or, press shift and scroll to the bottom of the list and then click on the last entry. Right click and select the “Remove from list and keep file secured” option. All your history will be deleted.

    It’s bad practice to allow other people access to your Windows user account, bear that in mind as it puts you at a security risk.

    Right clicking on any file in V1 gave a menu item to Clear Passphrase Memory, very important. This seems to be missing in V2.

    You sign out. AxCrypt 2 remembers your password until you sign out of the software OR shutdown your system.

    I also say it is confusing because the first time I try to run V2 it asks me to create a long password, and there is no explanation offered in the Help feature, as to how this password is to be used. Will that password be used to encrypt the files on my local PC? If so, why does it need to be sent out over the internet and if not, why the very strict rules for password creation?

    The password needs to be long because it is an encryption password. It is used to encrypt the files on your PC. The files are never sent to AxCrypt. The password is sent to the AxCrypt server to authenticate you as an AxCrypt user.

    If you’re unhappy at using the new online features of AxCrypt 2 then use “Always Offline” mode but this means you won’t be able to share files with other AxCrypt users.

    What actually happened in my case, after I entered a “green” password, nothing happened when I clicked the continue button – after 10 minutes I gave up.

    You need to press OK and it will work.

    I think these are several issues that should be fixed on V2, otherwise I’ll stick with V1. But as free software, I do totally appreciate having use of V1.7 for several years and think it was a wonderful development.

    AxCrypt 1.7 is no longer in development by the people at AxCrypt. Version 1 works very well but version 2 is different and offers more features and greater security.

Viewing 15 posts - 91 through 105 (of 135 total)
Reply To: AxCrypt 2.0 and 1.7
Your information: