This topic contains 22 replies, has 3 voices, and was last updated by Dave 2 years, 10 months ago.
how about implementing two-factor authentication for sign in on version 2, maybe with Google authenticator. That might help many of us who are concerned with having a single password in version 2.
Also would be great to have the option for an automatic timeout so that every set number of minutes it automatically signs out and we have to reenter our password and 2FA. Seems like the best way to help combat the fear of a zero day exploit taking over our account
Thank you for your input. I’ll be writing a longer text on Authentication vs. Encryption, but very briefly. Authentication is about proving to a system that you are who you claim to be, i.e. to provide evidence to support the claim. In the physical world, this might be a passport for example. Encryption is not really about proving anything, it’s about either knowing or not knowing an encryption key. Either you know it, or you don’t. Two-factor authentication is about providing stronger evidence to support your identity claim. With encryption, that doesn’t make sense, because there is no identity claim involved, it’s just about either posessing or not posessing the decryption key.
All that being said, we’re thinking about the possibility of some hybrid system if we can figure something out that makes sense both from a security point of view, and from a user point of view. Our main issue here is that we’d like to keep AxCrypt to be about *real* security, not *perceived* . I.e. we don’t want to add features that many users believes increases security, while in fact it does not.
A timeout for the sign in is in the works, by popular demand. You can follow it here: https://bitbucket.org/axantum/axcrypt-net/issues/208/sign-out-automatically-on-a-set-time .
Once again – thank you!
True but the likes of Google Authenticator generate a one time password so that there may be an indirect security benefit in that it facilitates the use of very long and complex passwords by offering the option of a single entry of the password on a specific device with the app (and therefore the encryption password) protected by by a one time authentication password.
OK strictly speaking that is not 2 factor authentication but rather the splitting of the two functions of encryption and authentication but that may become even more relevant when you implement a timeout.
I’m not following. The Google Authenticator is still about proving identity – not possessing a secret. Remember that AxCrypt is designed to handle the following scenario:
The attacker has access to the following:
– One or more encrypted files, and the original decrypted originals for all but the file(s) being attacked.
– All the source code and technical documentation for the application.
– Tools and skill to use, write and adapt code to try passwords/keys without interference of operating system or server authentication – i.e. entirely offline and under the attackers control.
– Lots and lots of hardware (think custom built supercomputers) and money, vast amounts of money (many, many millions of $).
In fact, the only things the attacker is not assumed to have is the password, and you (so you can’t be forced to reveal the password).
Therefore, having various additional stronger “authentication” methods does not really make sense, since we assume the attacker can get round those. We still want AxCrypt to stand strong. And it does, provided you use a sufficiently strong password, which we try relatively hard to help you with.
I don’t understand your argument that two factor authentication doesn’t enhance security other than making a poor and weak excuse for Ax Crypt not having it. Forget authentication v security semantics and perceptions and provide authentication. Better you spend time on this than on timeout.
Forget authentication v security semantics and perceptions and provide authentication
It will not be provided for a very good reason:
- implementing 2FA would weaken AxCrypt.
For more information read this:
For a longer explanation read this:
You need to understand that AxCrypt in particular and encryption in general is not about authentication. Therefore, two-factor authentication does not make sense.
Encryption is about having a secret, or not having a secret, making decryption possible. There’s no authentication involved. There’s no software checking your credentials and then giving, or not giving, access to your data. That’s authentication. That’s not what AxCrypt does.
The data is encrypted. Either you possess the secret, and the decryption works – or you don’t and the decryption won’t work.
Sure, we can split the secret (the key) into parts, and store them on tokens etc – but it’s not two factor authentication, because we’re not authenticating. We’re encrypting and decrypting.
Do read the blog posts referred to as well for more detail.
Our process is designed around entering a password/key *at* the file-open action. This prevents an interactively compromised/shared host from being able to open secured files — the second factor is not the workstation login; it is the entry of the passphrase upon the file-open action. The 2.0 mechanism prevents this process. 1.X allows a fully-offline control of accessing our files. Does 2.x allow this?
I feel less secure with axcrypt than I do with something like my protonmail, which uses 2 passwords, 1 to log in, and a second for the mailbox, and also google authenticator.
I’ve had keyloggers steal my passwords and log into my encrypted archives, what can be done to provide protection against key loggers. No hacker will try and break encryption when its so easy to just steal passwords.
As mentioned, the weakest link in the security “chain” will most likely be attacked. This would be your website. The encryption password / passphrase is the same as the key used to encrypt the files. Two-Factor authentication would be very appropriate at the website level. Thank you for your consideration.
Wow – is all I can say. As a security professional for over 24 years, you guys (AxCrypt) have quite a lot to learn. I will not be using this product any further if all you are focused on is encryption and not worried about WHO gets the keys. If you do not protect your keys properly through solid authentication, the encryption is useless.
“If you do not protect your keys properly through solid authentication, the encryption is useless.”
With a comment like that you cannot possibly be a “security professional”.
Learn the basics, then comment.
I’ve been finding it quite difficult to find encryption software that also uses some form of 2FA. I wasn’t sure why, but something tells me replies from the AxCrypt employees paints a good picture of the industry’s current mindset.
It seems AxCrpyt is only looking at the surface of 2FA when it comes to encryption. To them, a single key/passphrase is the only thing that matters. If you have that, then clearly the contents can be decrypted (as that is how encryption/decryption works afterall).
But why limit yourself to such a basic old-school technique as the only option? Why not double-encrypt the archive with a 2FA layer if the user so desires?
Assuming an encrypted archive is only intended to be accessed by a single person, why not take advantage of the vast array of 2FA options available? I mean let’s face it, unless somebody is going to be decrypting/encrypting the same archive over and over and over on a daily basis, chances are the complex password (that they should be using) will be easily forgotten. And more than likely, to make they they don’t forget the one and only password that unlocks everything, they will make a copy of it somewhere on their computer or in printed form. What if the person thinks “I’ll put this super secure password on my grocery list for May of 2010 in the Galaxy folder inside a Dog folder hidden in a .jpg file. Nobody will figure that out!” Then two years later, they completely forget the password. And since they tried so hard to secure that password, they completely forgot where they put it on their computer.
Why not give the user another option/layer of security before being allowed to see the actual contents of the encrypted file? Heck, with things like Yubikey nowadays, there is a heap ton of different 2FA options available (including 1FA that just use the physical key alone… ie U2F. The USB key can unlock everything without ever having to remember a complex password). Should everybody be limited to only one option of authentication before decrypting a file/archive via a memorized password only?
People constantly forget passwords when they use something different for every website/logon, it’s why many of us use password managers. We want the security of having a unique and complex password for every site, while at the same time still having an easy way to access them all with a single memorable master password (combined with 2FA, ideally).
Stop living in the past and think about giving people more options. 2FA could be implemented in encryption software as another layer of security. Just use your imagination. The software could be a gatekeeper with 2FA via 2-step encryption, all offline too.
Either way, more options are better. Encryption via a password to decrypt contents of a file only may be the easiest and simplest option, but it is not the only option. Layers are key. One extra layer can potentially keep the wrong person out where single layer security would let them through without hesitation if they met just one requirement. If somebody had a key to your house that you didn’t want in your home, would it not be ideal to at least have one extra requirement before they could open your door?
If you are not willing to use google or microsoft authenticator app why not lead the industry with your own authenticator application which requires use of the encryption key to set up? Improve security by requiring the axcrypt app on the PC or Mac has access to location services and the axcrypt authenticator app has access to location services on the phone. If both devices are not in the same location, authentication via authenticator app would be blocked.
I can understand users desire to have an authenticator app option because the users are still exposed to other security risks if they are storing their encryption key in third party password managers or some form of cold storage. A authenticator app created by axcrypt would allow users to store encryption keys in more secure cold storage solutions. The location services managed by axcrypt could allow axcrpyt to better understand the location and device tendencies of it’s users so that over time, it would be able to increase the security of access via authenticator app.
Granted, this would block use of the authenticator app when location services aren’t available but users would still have the encryption key for those situations.
It’s not about not wanting or being able to use various authenticator apps. It’s about fundamental aspects of encryption vs. authentication.
Encryption is not *access control*. When you store files in a server or a computer with access controls implemented, the software, i.e. operating system, app etc, will let you access the data if you prove that you are you. That’s authentication.
Encryption is about transforming data into another form, effectively making the content inaccessible by virtue of not being possible to interpret, under the influence of a key. A secret.
Without that secret, it’s computationally infeasible to decrypt.
That’s very different from access control, where access is controlled by software, either allowing or disallowing access. That’s where authentication comes into play – you prove to the software that you are you. But, the software can be tricked or bypassed in many different ways, because it’s only a piece of software that block or allows you access. If you’re a super-user, or can access the data without going through the software (think backup storage, remove hard drive from computer etc), you can read the data.
Encryption is not access control. Encryption is a “mathematical” transformation, requiring the knowledge of a secret to reverse. Here “2 factor authentication” or any kind of authentication, does not make sense. Because it’s not about authentication. It’s about applying an algorithm to reverse the transformation under the influence of a secret.
If we did implement an indirect scheme, were authentication (2 factor or otherwise) was used to gain access to the encryption keys (i.e. secrets), then we’d effectively be building an encryption system with a back door. That’s not what we want to do.