Forums Help & support AxCrypt Portable – truly standalone?

This topic contains 16 replies, has 2 voices, and was last updated by  Hjalmar 7 years, 7 months ago.

Viewing 2 posts - 16 through 17 (of 17 total)
  • Author
    Posts
  • #6217 Reply

    Hjalmar

    The problem that will have to be investigated is just how robust such a large HTTP header is in practice. For it to be a relatively “simple” fit, I’d like to continue using basic authentication, and this entails sending the password in a HTTP header.

    Last time I checked I recall sure the default for IIS being 16k (maximum of 64k) – I’m referring to the sum total, i.e. everything.

    At an average of 4k-5k for a miniature AxCrypt file I think that the default IIS configuration would leave you with enough to play with. Setting the parameter to high risks encoding and traversal attacks and would be unecessary.

    I foresee no reason why it wouldn’t be robust enough as it’s not a huge amount of data and it’s transmitted over TLS. If anything it could be a metric of detection – if somebody is having problems connecting it could potentially indicate compromise of the channel.

     

    I’ve received your email response, thanks. I’ll try to respond to you sometime tomorrow.

     

    The digital signing of the licence file is what I had in mind, very easily integrated and sufficiently robust to dissuade casual individuals.

    A basic ASCII text file and maybe a QR code would help those with air-gapped systems. Some have more curtailments (data diodes, sluices etc.) and even no external media device (USB, CD, SD, floppy) but allow input into a sanitised, sandboxed environment which is where the QR code would come handy. Failing that it would have to be inputted by hand.

    I’m not suggesting you build a QR scanner into AxCrypt as some air-gapped systems in high security environments have their own data input units (barcode, QR etc.)

    #6218 Reply

    Hjalmar

    One nice enhancement which came to mind after I’d posted my last message was that it may be nice to give users the option to export their public/private key onto paper by means of a printable QR code.

    I’ve seen a number of open source projects on GitHub which offer QR functionality to save you reinventing the wheel.

Viewing 2 posts - 16 through 17 (of 17 total)
Reply To: AxCrypt Portable – truly standalone?
Your information: