Forum Replies Created
-
AuthorPosts
-
Ok!
But do remember that all encryption and decryption *is* done locally in AxCrypt 2 as well. It’s just that we keep a copy of a key pair on the server that we synchronize with the local PC.
Svante
Ok, I guess I wasn’t entirely clear. I agree with you that AxCrypt 1.x is easy to use for simple file encryption, we we’re actually on the same page there!
What we’re trying to do with AxCrypt 2 is to retain the simplicity (although not in exactly the same way), while adding some scenarios as equally simple which are quite complex with other tools, including AxCrypt 1.x. Specifically sharing access to encrypted files with others.
Thanks anyway, it’s user input that has formed AxCrypt 1, and version 2 and will continue to do so!
Ok, thanks. If you have the possibility to find the deleted .txt files in the wastebasket and e-mail them to me I would appreciate it since I’d really like to analyze them to see what has gone wrong.
You can contact me via e-mail for more details:
svante dot seleborg at axcrypt dot net .
Hello again,
Sorry, forgot to mention about the road map.
No, I do not have the resources to continue to develop version 1.x. So it will become obsolete in a few years.
We are planning to develop AxCrypt 2 and make it available on as many platforms as possible, starting with iOS and Android.
Hello,
No you cannot have both *installed* at the same time, primarily because they both register as the default application for “.axx”-files.
However, you can run the portable/stand-alone version of 2.1 alongside an installed version 1.7.
And to be very clear:
AxCrypt 1.x AND 2.x are both *offline* file encryption tools.
AxCrypt 2.x does NOT require to be online to encrypt or decrypt or do anything, *except* for the very first time you run AxCrypt 2.x on a PC. Thereafter you never need to be online again.
Hello Luiz!
Yes, it’s still very much open source. In many ways more so, since the build environment is much easier to create (you just need Visual Studio, no need to download and configure dependencies).
Please visit https://www.bitbucket.org/axantum/axcrypt-net/ do download the full source code as a zip or why not create a fork of the repository?
Regards,
Svante
Hello Oliver!
Thank you for your views. You are of course right that there is always a risk of any computer being ‘hacked’ – server or PC.
The idea with AxCrypt is that if a file encrypted with AxCrypt is leaked or stolen, it should not be possible to decrypt it without the password.
What we store on the server are essentially just that – an AxCrypt file that encrypts not your password, but the private key of a key pair. So, a hack of the server is equivalent to a leak of an AxCrypt-encrypted file. And it’s just this scenario that AxCrypt is made for.
This is not to belittle the risk, and of course we realize that our server is more of a specific target than a typical users PC.
So, just to be clear, we do not store your password on the server. We do store an AxCrypt file encrypted with your password. If you’re using the password manager, we also store an XML-encrypted file, encrypted with your password. (We’ll be changing this in the future to use AxCrypt of course, to simplify security analysis, but since we like full disclosure this is how it’s done right now for historical reasons).
You ask why we do this? The answer is to be able to enable sharing of encrypted files in an unparallelled simple but still secure way. It’s also to ensure that your key pair is backed up. The most common cause for data loss in Windows is use of the Encrypted File System, which generates a key pair stored and encrypted locally. When a password reset is made, or Windows is re-installed, that key pair is permanently lost with all the EFS-encrypted data along with it. We’d like to avoid that, which is why we both keep backup copies of the key pair on our server, and also support decryption with only the password. In AxCrypt the key pair which we call an AxCrypt ID is really just for convenience, it’s not the primary vehicle of security. In the end, it’s always the strength and secrecy of the password used that determines the level of actual security.
I think you sum it up in the end when you say that your priority is security ahead of convenience.
We are of the opinion that security solutions must be so easy to use that they actually are used. This will be more secure, than a solution that is more secure but so hard to use, that it’s not used. That’s unfortunately the situation currently – there are many really secure solutions out there. Why are they not used? Because it’s too hard and inconvenient is my belief.
Hello,
What happens if you exit AxCrypt (via Task Manager if need be) and then restart it. Does it not show the sign in dialog?
You can also try to delete all .txt-files in %localappdata%\AxCrypt\ (navigate to the folder with Windows Explorer and delete the files ending with .txt there). Do this after you have exited AxCrypt, not with AxCrypt running.
Regards,
Svante
Hello,
This is Svante from AxCrypt!
Not sure I understand the situation. Have you seen and followed the instructions on how to get started in the video here: http://www.axcrypt.net/documentation/get-started/ ?
You need to register your e-mail, verify your e-mail with the 6 digit verification sent to that address, then set a password for your AxCrypt ID and use that to sign in to AxCrypt 2 with. During this processs you need Internet access, but after that AxCrypt 2 does not need Internet, so all operations can be done offfline.
AxCrypt 2 will minimize if you ask it to, but it will open up if you request it or if it needs your input for a password for example.
Although this might seem like annoying for an old 1.7 users, once you get it set up it’s really much more convenient than the old way. You have one password for all files, and you can change that password without the need to re-encrypt all the files etc. If you are sharing encrypted files, each one uses their own private password.
We’re working on a guide and possibly some added features to make migration from version 1.x even easier.
Regards,
Svante
Hello,
This is Svante from AxCrypt! What version of AxCrypt are you running? The following applies to version 2.1.1388 or later. If you have an earlier version, please upgrade first.
Please do the following (which resets your user settings and your recent files list, but will not affect your encrypted files or anything else):
Stop AxCrypt (kill it from Task Manager if need be).
Use Windows Explorer and navigate to %localappdata%\axcrypt\ .
Create a folder there named for example ‘Broken’.
Move all *.txt files to the newly created folder ‘Broken’, drag and drop works fine.
Start AxCrypt againYou should now have to enter your e-mail again, but then go directly to the password dialog. There is no need to verify again. AxCrypt will resynchronize settings and your AxCrypt ID with the server (that’s why we have the Internet-connection requirement for the first installation on a new PC), and you should be ok again.
If this works, I’d appreciate if you could e-mail the files you moved to the Broken folder to me for analysis. There’s nothing really sensitive in them, but they may contain the encrypted file names of recent files, as well as your e-mail address. If this is problem, you can redact that manually before sending them, since they are just text files you can edit and view them with Notepad or any text editor.
Please send them to Svante dot Seleborg at axcrypt dot net .
Best regards,
Svante
Hello!
Cloud Storage Awareness is really just about detecting installed cloud services, creating a “My AxCrypt” folder and then designating the created folder as ‘Secured’. Since all users have a 30-day trial Premium, this does not have that much impact. However, the feature is really useful only when the folder is Secured, i.e. monitored for new files to encrypt. The Secured Folder feature is also a Premium feature.
Best regards,
Svante
Sorry, no they cannot co-exist since at most one application can be associated with an extension (.axx).
However, you can download and run a standalone ‘portable’ version of AxCrypt 2. If you use it to encrypt new files, the old version cannot decrypt them though.
Best regards,
Svante
Hello,
Thank you for your input! This is actually an interesting idea. We’ll need to think a little bit about how this would work in detail, and what security issues it raises.
It won’t make into the first release, but we’re not stopping development then! We’ll be continuing to push continuous releases just like we’re doing with the beta phase. It will not be a case of a release-a-year or something like that.
Once again, thank you, we can do something with this.
Best regards,
Svante
Hello,
Thank you for asking!
Actually, AxCrypt 1.x also worked like this, but it was optional. There are two checkboxes “Remember this passphrase for decryption” and “Remember this passphrase for encryption” in AxCrypt 1.x that corresponds more or less to the way AxCrypt 2 works.
We’re trying to make it even easier to use, and with less risk of mistyping and thus perhaps not being able to open files. That’s why we’ve developed the “sign in” model, which is also a commonly used metaphor for many softwares and services, and thus easy to understand for most users.
The “sign in” model to AxCrypt also makes it possible for us to really verify that you have typed the correct password, and when you encrypt files, there is thus no risk that you happened to make a mistake this time.
Best regards,
Svante
Hello!
There is no default password with AxCrypt. Each user sets his or her own passwords, we have no defaults, no control and no knowledge of what passwords are used.
Best regards,
Svante
-
AuthorPosts