Forums Community Unhappy with version 2

This topic contains 124 replies, has 2 voices, and was last updated by  Jack C. 6 years ago.

Viewing 15 posts - 16 through 30 (of 125 total)
  • Author
    Posts
  • #4484 Reply

    Svante
    Spectator

    Hi GTI and Bob,

    Thanks for the feedback – keep it coming. We like the feedback, even when we disagree or when it’s simply incorrect! When we disagree, we get the chance to rethink how we do things, and when it’s incorrect we get a chance to improve how we’re communicating to misunderstandings happens less frequently.

    Most things have already been discussed, so I won’t reiterate those points (free vs. premium, open source, revenue, does not require password every time, one password, recent files view) etc except to encourage all readers to check out the blog at http://www.axcrypt.net/blog/ .

    It’s never too late to change, and as mentioned earlier, we’re considering how we can please as many of our existing and new users as possible while still maintaining our overall goals of promoting good security practices and providing enough value in the Premium edition to actually fund the continued development.

    #4653 Reply

    V!ncent

    Hi there,

    I’m also not happy with ver. 2, so I’m back to ver. 1.7 (Fortunately always downloadable)

    The reason is that when I unlock  one protected file, I want the other protected files stay locked.

    Best Regards

     

     

    #4657 Reply

    Svante
    Spectator

    Hello V!ncent,

    Thanks for the feedback. For your information, we’ll keep the version 1.7 available indefinitely and we’ll also be adding an option to always require the password to open a file for version 2. We don’t think it’s a good idea really, but so many users of the existing software has gotten used to that workflow and feel uncomfortable without it.

    #4660 Reply

    John

    I am also unhappy with version 2 and agree with all the complaints made here so far.

    Since every complaints are made above already and the developer seems to be not wise enough to listen and to learn what has made the success of AxCrypt it’s useless to repeat and repeat the same things.

    Just one last little suggestion. You should not put much afford to extend AxCrypt (not as it is in v. 2) to another platforms. Even personally I was painfully missing a good support with Android for long time already. But with the new concept of v. 2 AxCrypt is not longer interesting for me in any way. I’m not abusing free software by always using it for free. Even though I prefer to use free software. I use to donate if I like and frequently use a free software, because I understand the side of the developer too.

    Bye AxCrypt – and thank you for all the good times we have had in past.

    #4661 Reply

    Svante
    Spectator

    Hi John,

    Thanks for your feedback – even if I am the unwise developer ;-)

    We *are* listening – we’re just having many conflicting requests, and as always we have too little time available to act on everything. We’ve also done quite a lot as a result of feedback here, and more will come in the future.

    So, even if you do migrate to something else, you might want to come back every now and then and check us out again. We’ll be constantly developing and improving the app in the coming years.

    #4662 Reply

    Dave

    Hi Svante,

    There’s a famous quote that goes something like this: “You can please some of the people all of the time, you can please all of the people some of the time, but you can’t please all of the people all of the time”.

    Hang in there.

    Dave

    #4702 Reply

    Anonymous

    Hello Svante,

    Axcrypt was a super tool but now i updated to Windows 10 64 i had to install axcrypt 2 because 1.7 seems not compatible…

    I was very disapointed to see that we can’t use multiples password anymore (I understood than you will modify program to change this behavour). I often use the “File Wipe” to delete a file but now this needs a payed version.

    I understand that you wish to get money for all your (good ) work but i find that 20 euros/year is to expensive for axcrypt.

    I would be OK to pay to get axcrypt but not every year and not for 20 euros.

    Now I had to find another tool to do this job… :-(

    #4703 Reply

    PM

    Hello Svante,

    Axcrypt was a super tool but now i updated to Windows 10 64 i had to install axcrypt 2 because 1.7 seems not compatible…

    I was very disapointed to see that we can’t use multiples password anymore (I understood than you will modify program to change this behavour). I often use the “File Wipe” to delete a file but now this needs a payed version.

    I understand that you wish to get money for all your (good ) work but i find that 20 euros/year is to expensive for axcrypt.

    I would be OK to pay to get axcrypt but not every year and not for 20 euros.

    Now I had to find another tool to do this job… :-(

    #5471 Reply

    Roger

    I was very unhappy with version 2 at first and almost reverted to version 1 but luckily persevered and came to realize that  I misunderstood some of the changes and how it worked.

    Now there’s no way I would go back. I think it’s a big improvement. So much easier to use. Being able to encrypt a file by right clicking and choosing Encrypt beats having to type in the password twice every time! I have set it to be “Always Offline”

    (I have no need for multiple passwords)

    Thanks for a great program!

    #5472 Reply

    KurtW

    I’m not happy with the process in v2 and can also get the arguments that a good password is better than many different, nothing positive.

    You write that the password is not saved during the initial installation. This may be true, because you are storing a hash value of the password. Otherwise it would not be possible for them to check the login data on the account.

    And with the hash data of a password I can, if I am not very deceived, decrypt any encrypted document. It may be that I with a good hash (Sha512 etc.) the password does not get out. I do not need that in this case, because I have the hashed password.

    If I assume now that someone to the password hashes with Axcrypt comes, all encrypted files are accessible.

    Have I misunderstood something? If so, please clarify me.

    Best regards
    Kurt W.

    #5473 Reply

    Ronald

    Hi KurtW, I’m a user of AxCrypt and, whilst I preferred 1.7 because of the multiple passwords and simplicity, I know that you’re mistaken in your belief about password hashes.

    Your password is sent to the AxCrypt server, so you’ve got to trust AxCrypt, but the hash on its own is useless.

    AxCrypt 2 uses SHA512. Even if a hacker were to obtain the hash of the password he has three problems:

    1 – The hacker would need access to your files

    2 – The hacker would need the key pair used to encrypt the files

    3 – A hash on its own is useless unless you know the actual password

    I don’t know where you get the idea from that a hash on its own can be used to decrypt the files: that’s a fundamental misunderstanding of modern cryptographic systems. A good hashing technique (like SHA512) should be non-reversible* without the correct password.

    *Within a reasonable period of time. SHA512 can resist a brute force attack for trillions of years if your password is strong enough.

    There used to be a technique known as pass the hash but this was only on specific types of systems which used old-school cryptography. This is no way applicable to AxCrypt 1 or 2 as you will realise if you read/understand the technical details.

    The password used for login is to retrieve the public/private keys from the server. The private key (used to decrypt) is useless without the correct password. AxCrypt have said they do not keep a copy of the password.

    So whilst in theory a hacker could obtain the public/private keys and password hash from the server he’d still not be able to access your files even if he had access to them. One possible attack in the scenario you posit would be if he were to somehow intercept the website traffic: however it’s encrypted over TLS/SSL. The other possible attack would be if he were to install keystroke interception software on your computer. But if you allow such software to be installed on your computer (either through ignorance or by not using anti-virus) then there’s no point in him wasting time trying to break the encryption because he can just steal the files from your system when they’re next in an unencrypted state.

    #5474 Reply

    Rudi

    After reading lots of negative feedback on your changes, I’m sorry but I do support these comments, I myself use different paswords for different files, and I’m sure the more paswords you use the saver it is, myself I’m going to uninstall version 2.0 and go back to 1.0.

     

    I think if you wont to change you have to keep what is good and not 100% reverse the usefull things.

    #5476 Reply

    KurtW

    @Ronald

    Thanks for the information. It is true that I am not a cryptologist, but I still worry about the security of my data. I am aware that make a hash is a one-way process and the hash does not allow the password to be closed or returned.

    “Your password is sent to the AxCrypt server, so you’ve got to trust AxCrypt, but the hash on its own is useless.”

    I personally see this as a problem. I have a password (good or bad) and give it out of hand. To whomever. In this case the Fa Axcrypt. Whoever is the owner of this company, has the HASH of my password. Even if it is a public-key procedure, the hash would be known for my private key. Why not use two different passwords. One for dne account and one for encryption.

    KurtW

    #5480 Reply

    Ronald

    @KurtW

    I see it as a problem too because I’d prefer it if AxCrypt used a separate password for encryption and account login. From what I’ve read on this forum they’re using one password for ‘simplicity’. It is technically possible to not send the password to the server but this requires quite a bit of programming. I’d also like the ability to use different passwords per file.

    The hash on its own though is useless – here’s a good explanation of how secure it is:

    “Even calling this millions of years is ridiculous. And it doesn’t get much better with the fastest hardware on the planet computing thousands of hashes in parallel. No human technology will be able to crunch this number into something acceptable.”

    It’s easier for Microsoft to steal your data or for a hacker to break into your system than it is to attack a SHA512 hash.

    I’ve seen the free BCArchive recommended lots of times on here and elsewhere. In fact the company Jetico who make that software is recommended by eminent cryptographer Bruce Schneier.

    #5482 Reply

    Simone

    Having followed the discussion of version 1 VS version 2 for some time, I think I finally understand the disconnect between the developers and everyone (including myself) who is so upset with version 2.  The reason being that version 2 is actually a DIFFERENT product from version 1, not an improvement or change.  AxCrypt V2 is more like a product called Boxcryptor, which facilitates seamless zero-knowledge encryption in cloud services.  AxCrypt V2 essentially provides this service on a local machine while also facilitating file sharing. For the purposes of securing all data on a local machine, yes AxCrypt V2 is a tremendous improvement.

    However, this is a VERY different use case from what I think most people used version 1.7 for (individual file encryption, compartmentalization of secure files, adding a 2nd level of security).  Given that this use case appeals more to individuals and not organizations, I can understand why AxCrypt wishes to focus on the new V2 model.  (Although it is sad they will no longer update the previous V1 model, as there doesn’t seem to be anything else like it).  However, AxCrypt should have really come out with a different product, and not just called this version 2.

     

Viewing 15 posts - 16 through 30 (of 125 total)
Reply To: Unhappy with version 2
Your information: