This topic contains 22 replies, has 3 voices, and was last updated by Dave 2 years ago.
October 20, 2019 at 19:41 #14598
If you are not willing to use google or microsoft authenticator app why not lead the industry with your own authenticator application which requires use of the encryption key to set up? Improve security by requiring the axcrypt app on the PC or Mac has access to location services and the axcrypt authenticator app has access to location services on the phone. If both devices are not in the same location, authentication via authenticator app would be blocked.
I can understand users desire to have an authenticator app option because the users are still exposed to other security risks if they are storing their encryption key in third party password managers or some form of cold storage. A authenticator app created by axcrypt would allow users to store encryption keys in more secure cold storage solutions. The location services managed by axcrypt could allow axcrpyt to better understand the location and device tendencies of it’s users so that over time, it would be able to increase the security of access via authenticator app.
Granted, this would block use of the authenticator app when location services aren’t available but users would still have the encryption key for those situations.October 21, 2019 at 15:48 #14601
It’s not about not wanting or being able to use various authenticator apps. It’s about fundamental aspects of encryption vs. authentication.
Encryption is not *access control*. When you store files in a server or a computer with access controls implemented, the software, i.e. operating system, app etc, will let you access the data if you prove that you are you. That’s authentication.
Encryption is about transforming data into another form, effectively making the content inaccessible by virtue of not being possible to interpret, under the influence of a key. A secret.
Without that secret, it’s computationally infeasible to decrypt.
That’s very different from access control, where access is controlled by software, either allowing or disallowing access. That’s where authentication comes into play – you prove to the software that you are you. But, the software can be tricked or bypassed in many different ways, because it’s only a piece of software that block or allows you access. If you’re a super-user, or can access the data without going through the software (think backup storage, remove hard drive from computer etc), you can read the data.
Encryption is not access control. Encryption is a “mathematical” transformation, requiring the knowledge of a secret to reverse. Here “2 factor authentication” or any kind of authentication, does not make sense. Because it’s not about authentication. It’s about applying an algorithm to reverse the transformation under the influence of a secret.
If we did implement an indirect scheme, were authentication (2 factor or otherwise) was used to gain access to the encryption keys (i.e. secrets), then we’d effectively be building an encryption system with a back door. That’s not what we want to do.November 6, 2019 at 11:46 #14694
Svante – I appreciate the distinction between authentication and encryption. The use-case we’re trying to protect against in asking for 2FA is a user’s password being compromised. No matter how good the encryption is once an attacker obtains the users password they’re in. Think of an average medium sized business with remote access. A user’s password is compromised; the attacker uses that to gain remote access to company’s network or some cloud resource. They encounter an AxCrypt encrypted file (must be good stuff, its encrypted). The user (of course) uses the same password for AxCrypt. Easy peasy, decrypt the file using the same compromised password. With 2FA in place, when the attacker attempts to get access to AxCrypt they would effectively be blocked from gaining access to the sensitive data (not to mention the user getting a message on their cell phone alerting them that something’s up). Authentication in this case ensures the file is only decrypted by the owner.
Listen to your users.November 6, 2019 at 13:09 #14696
AxCrypt is about strong encryption and real protection – not obfuscation. Your scenario with the compromised password is not possible to really mitigate by 2FA. As you say: “Easy peasy, decrypt the file using the same compromised password“.
That’s the thing – AxCrypt is about encryption. If the password to the encrypted data is compromised, the data is compromised as well. That’s the flip side of “If the password to the encrypted data is lost, the data is lost as well”. (There is no password reset with encryption, because the data itself is modified, it’s not about software “letting you in”).
AxCrypt is open source, and the algorithms are public and documented.
If we add 2FA, it just means the attacker will use a different implementation (or more likely, a trivially hacked version of our code) that just uses the compromised password to quietly decrypt the data.
You might feel safer with 2FA, but with AxCrypt it’s not about the feeling, it’s about the fact. The fact is:
If you lose your password, your data is lost.
If your password is compromised, your data is compromised (provided the attacker has access to the data of course).
Adding 2FA to our code doesn’t change that. It is trivial to bypass.
This is the difference between encryption and access control.
If you have data protected using access control under for example Windows, an attacker can mount the disk in a Linux computer and read the data at leisure – because Linux does not implement the access control in question.
If you have data protected with strong and properly implemented encryption, it does not matter where the data is attempted to be read, or using what software. The data is encrypted, access is not determined by software – regardless of how many factors are used to allow access, in the end it’s just software saying yes or no, and this can always be bypassed by having software that always says yes.March 9, 2020 at 19:09 #15493
I understand your argument against 2FA when it comes to encrypted files, which is the primary function of AxCrypt. Even if someone figures out or finds out my password, unless they also have my files, my files are safe.
I wonder, however, what your opinion is regarding the password manager included in AxCrypt premium. If I understand correctly, passwords are stored in encrypted form on your servers. Wouldn’t this mean that if a user’s password is compromised, someone other than the user could log in with their credentials and access their stored passwords? Isn’t that where you would want access control in place? Why would someone want to use AxCrypt’s password manager if they can’t control access to it, as they do with any other online password manager?
I’d love to hear your thoughts on this.March 10, 2020 at 08:06 #15496
AxCrypt Password manager to store your all kinds of personal passwords and secrets which will be encrypted by your AxCrypt account password and stored in our servers.
AxCrypt will not store the users password anywhere in our servers. All the stored users’ keys(public and private) and stored passwords in the password manager will get encrypted with their account password. So without knowing the file password, Sorry to say, no one can decrypt the files and view their stored passwords. This is the way AxCrypt was designed.
Please note: Unfortunately, If you forgot your AxCrypt account password, then you can’t decrypt/view your stored passwords.
Still, you are facing any issues, please provide more information about the issue and write a mail to firstname.lastname@example.org.March 10, 2020 at 16:38 #15498
Prabhukumar R, thank you for taking the time to reply. However, this doesn’t address my post at all (or possibly misunderstands it). I was responding to the discussion going on above my post, not posting about an issue I have.
AxCrypt’s password manager stores user passwords on your servers. It may not store the master password, but the discussion above me had been about encryption vs access control as the basis for AxCrypt not supporting 2FA. I would expect that an online password manager would also check whether I am who I say am, because I’m accessing remote online data, not my local files. All major online password managers support this. The offline ones don’t, and that makes sense, but AxCrypt’s password manager is not an offline one, is it?May 1, 2020 at 00:00 #15929
In regards to what Svante’s posted in Nov, are you stating that since “Axcrypt is open source and the algorithms are public” that in the event a 2FA gets implemented you would have disclose this via source code? Meaning that Axcrypt aversion to wanting to implement a 2FA and or use one that is already available, is that you would have to let other ‘coders’ see this in the source code?
You also mentioned that “It is trivial to bypass” referring to cracking 2FA. This means to me that you agree its adds a 2nd level but that its ‘trivial’ for some people to bypass. If adding a 2FA makes even the light hearted hacker try harder to get in, then i dont see how this is an issue. Yes is would be work on your end to implement a 2FA but its better than stating, “Well since they have access to my house, i’ll give them access to my car too.” If a few more “locks” in my “house” makes it more difficult for them to steal what i have, i would want as many locks as i can put on my doors regardless if it’ll only delay them from getting to my stuff. in the delay in getting in or access, i could be alerted to their presence.
Perhaps if a 2FA was implemented, and someone was trying to get in, an email could be sent to said user alerting us of an ‘attempt to access’ and it would be a fighting chance for me to pull the data before someone steals it from me.