Forum Replies Created
-
AuthorPosts
-
Hello Rudi,
The harm in using different strong passwords is that it makes it harder to use. This increases the threshold. However, that’s not what you stated initially. You wrote: “I use different paswords for banking-private-word-excel files and super private files“. The superlative ‘super’ I took to mean that you had assigned different ‘security levels’ to these files. ‘Private’ and ‘super private’ so to speak. I don’t see any harm in making all the files benefit from the ‘super private’ level. With AxCrypt 2 that’s really easy to do – in fact it’s pretty much the only way to do it!
The other scenario, sharing with other persons, is implemented in AxCrypt 2 using public key cryptography made really easy to use. You share the key to the file with another AxCrypt user by adding his or her email to the list of recipients, and he or she can open it with their own password. No need to share passwords.
Hello Rudi,
We do listen, trust me, we do. However, we do not have unlimited resources, and must prioritize. We may not agree on the priorities, but that’s up to us. Or to you – AxCrypt is open source, add the feature you want, or pay someone to do it for you if you don’t have the skills personally. Then ask us to add it to the product which we may do if it’s a good change or for example something on our own to-do list that you just can’t wait for us to fix.
About different passwords. Unfortunately, this is just plain not a good idea. Please consider – what is really the benefit of using a weak password for anything? What is the harm in using a strong password for everything?
About reverting from 2.1.x to 1.7.x. You should decrypt all files opened with AxCrypt 2, as the file format is automatically upgraded and this file format is not recognized by AxCrypt 1.7.x. Then, re-encrypt with the old version afterwards.
Hi Simone,
Thanks for your analysis. Your raise some interesting points. I think you’re right in that the changes are so great, that old users lack continuity, and thus risk feeling uncomfortable with it.
We’re working on this, but one fact is that new users are at least as happy with the new version, as old users are with the old – at least from comments and support questions we get. Almost all issues relate to old users upgrading. So, we really see signs that the new version is a good product, and that it in fact meets the same basic need. But old users have gotten so used to it, and habits are hard to change. If we had received any significant revenue earlier, it would have been a more gradual process of course but now the fact is that it was essentially unchanged for 15 years, now finally we’re actually doing something with the product, moving it forward. But the first step to upgrade, is perhaps a little more of a leap ;-)
Hello all,
Lots of good things said, and unfortunately some strong misconceptions about what we do, have and store.
Let’s start, briefly, with the hash issue. Yes, we use SHA-512. No, we don’t hash your password as such with it and store it anywhere. We use SHA-512 for two things – a HMAC, that’s a cryptographically strong checksum that ensures that we can be sure that nothing in the encrypted file has been changed. We also use it for password derivation – this is a process whereby we take a variable length typed password, and produce a fixed length (128 or 256-bit as the need be) value to use for the actual encryption algorithm. It’s essentially just another representation of the typed password, and we never store this anywhere.
What we *do* have on the server, is a private key encrypted with your password using… AxCrypt. Now, what’s the scenario AxCrypt is specifically made for, and actually deemed secure (provided the password is good enough) by all who have examined AxCrypt? It’s the case of an AxCrypt-encrypted file being accessed by an unauthorized individual. So, what can an attacker gain from the server? An AxCrypt-encrypted file, encrypted with your password. That’s exactly what you’re trying to protect in the first place. So either AxCrypt is strong enough to withstand the attack, in which case it doesn’t matter which file the attacker gets hold of – no go. Or, your password is weak, or AxCrypt is, in which case it doesn’t matter which file the attacker gets hold of – your data is not secure. The point being, what we keep on the server is no more sensitive than any other AxCrypt-encrypted file. And they are presumably not sensitive at all.
Hello Luc,
I don’t think you “changed” your password to access your account, I think you “reset” your password.
A password *reset* (where you do not know the old one, and instead get a new verification email, and then set a new one without ever knowing the old one) of the account will gain you access to the account as such, but not to encrypted files.
A password *change* (where you first enter the old one, and then set a new one), will enable you to open your old encrypted files with the new password.
To open any encrypted file you need to know the original password, or the password that it has been *changed* to.
There is no way to reset it to open the files, or to send it to you.
Hello Marcus,
https://forum.axcrypt.net/download/
Standalone downloads
The standalone version of AxCrypt is directly executable – no installation required.
Windows 32 and 64 bit AxCrypt-2.exe AxCrypt 2 standalone / portable version for Windows
Hello,
Nothing is of course impossible in the world of software, but no – I don’t think it’s possible that this is the cause here.
You’re not going to like this, but I’m fairly sure that you in fact are not entering the right password.
What might confuse you a little bit is that when you upgrade, you’ll first be asked to set a new password for your account. Then, when you open an AxCrypt 1.x file the first time, it’ll ask you for the original password you used with AxCrypt 1 for the file. If you enter it correctly, the file will automatically be re-encrypted with version 2, and use the new sign in password for AxCrypt 2.
Dale, I did not see this before now, but it looks a little dangerous… Looks like it’ll kill AxCrypt. Since you refer to ‘autohotkey’ of which I know nothing, but from the name it seems it could send keystrokes. Can’t you write a similar script that just signs the user out instead of killing the process?
Hi William,
You write: “Nobody can then blame AxCrypt if they lose their data“.
The unfortunate fact is that this happens on a daily basis in various similar situations, most commonly forgotten passwords.
Therefore, we’ll be requiring a user to enter the password again when changing options. We’ll still be getting some angry users blaming AxCrypt when they encrypted C:\Windows…
Thanks for your input!
Hello Adam T,
It’s one of these features that are required by some users, and cause significant problems for other users. It’s on our to-do list, you can follow it here: https://bitbucket.org/axantum/axcrypt-net/issues/191/add-option-for-recursive-operation .
I can’t promise any delivery date for this, but it should not be too far off. It’s much requested and it’s not really that technically difficult – although there’s more to it than it may seem…
Hi Gary,
Yes, it’s been asked before ;-)
There’s an issue for it, so it’s on the to-do list. See https://bitbucket.org/axantum/axcrypt-net/issues/186/add-option-for-requiring-password-every .
Hello Barkeley,
First off – you don’t need to recreate your account just to install on a new computer. Just install and type your email and then your password and you’re good to go.
However, scouring our logs, I find that you’ve misspelled your own email. Look very carefully at what you’ve typed, and you’ll see that you have mistyped the fifth letter. You typed an ‘h’ instead of an ‘s’.
That’s why you’re not getting any verification emails most likely. Apart from the fact that if you type the right email, there’s no need!
Hi Paul,
Thanks for the feedback. Also Lucas, thanks for your comments.
About the interface – you don’t need to see it. Just minimize it and then use AxCrypt from Windows Explorer like you always did. It’ll stay minimized the next time you start it too. The “Enter Password” dialog looks a little different, but is actually cleaner than version 1 – which includes 2 checkbox options ;-) For regular encrypt/decrypt/open use, there is virtually *no* difference in the number of clicks and keypresses. It *is* the same! (In other words, the “Simple Interface” mode is one minimize click away).
Also about the interface – through the years, a common feature request has been an install-free portable version. I.e. a version which does *not* use Windows Explorer context menus and double-click as the main way to use. In order to do this, a user interface of some kind is required! Now, we can discuss the user interface chosen. But for a portable version to be possible, an interface is needed. AxCrypt 2 can be run in portable mode. Feature request: Check.
About the online/offline – yes, part of it has to do with commercial reasons, we need to keep track of who is who and who has paid. That’s fairly standard. But, more importantly, it allows us to move into a more modern world of public key-based cryptography for sharing – with unparalleled ease use. We feel that it’s worth it. When we have the resources we’ll probably try to develop pure offline version.
About happily paying for the 1.x – there’s always been an option to donate. If only 1% had happily donated, development of that would probably have continued. If I had made the mistake of moving from voluntary donations, to required licensing – it would have completely killed AxCrypt. Plenty of precedents. There is nothing that will stir up annoyance like when a FOSS simply goes and becomes commercial and you can’t have it for free any more. So, the only option was to redevelop a new AxCrypt, keep the basic same features free – and *add* Premium functionality. Now, you can still have AxCrypt for free, and it’s still open source. But, many will now find an incentive to pay for the premium stuff – which allows us to develop it and this benefits the free users as well. So, it simply isn’t as simple as it may look.
A Windows Phone version is actually not that impossible, but it does depend on funding. The technology we use make it if not trivial, at least, feasible to do.
Finally, AxCrypt 1.x has not changed in any essential way in 15 years. It’s time to mess with ;-)
Hello,
As the message you quote say – we do not delete accounts on request. You must delete it yourself. This is for your security.
Sign in to your account and delete it at https://account.axcrypt.net/Home/Login .
If you do not know the password, issue a password reset at https://account.axcrypt.net/Home/PasswordReset and then sign in and delete it.
If this does not work, please send a screen shot of the error message describing your problem.
February 6, 2017 at 22:20 in reply to: Simply Password Protect (encrypt) of a file to be shared? #5429In this case, I’d suggest using a functional non-personal account as the ‘master’. Anyone with access to that account, would have access to the file.
We will be introducing key recovery for business accounts in the future but in the meantime, the above is a simple and effective work-around.
-
AuthorPosts