[SvanteSpectator]

Thanks for the feedback, RngFarAway!

If you wish to reconsider, do keep an eye on our blog, where I’ll be addressing some common questions about the design decisions around Version 2.

[SvanteSpectator]

Hello Edgar,

Not quite!

Here’s how it works, briefly, to encrypt a file.

1. A 128- or 256-bit key is generated with a strong cryptographic pseudorandom number generator.
2. The file is encrypted with this key.
3. The key is encrypted using an iterative algorithm called NIST AES Key Wrap, with the number of rounds determined by the speed of your device. I.e. the faster the computer, the stronger the key encryption is.
4. The key is also encrypted using your public RSA-4096 key we generated for you.
5. The key is also encrypted using the public RSA-4096 keys of people you have enabled key sharing with.
6. All of these versions of the encrypted key are included in the file, both at the start and at the end for redundancy.

Your private RSA-4096 key, which we store on the server for backup and device synchronization/initialization purposes, is encrypted with AxCrypt, using your password with the above procedure but with steps 4 & 5 skipped for obvious reasons.

Once you have signed in for the first time on a device, your private key is cached locally and Internet access is no longer required.

Hope this clears things up!

Svante

[SvanteSpectator]

Hello!

Thank you again for your feedback and interest!

You are right that we do have an issue with the intuitive feeling that it’s bad to have the password sent to a server.

We are considering this, but what we’re trying to achieve is decent security that is really simple to use. So, the ‘offline’ feature would have to be as simple. We’re not quite sure just yet how this would work, but we are certainly thinking about it.

Once again, thanks!

Svante

[SvanteSpectator]

Oh, and and about the “I’m not a Robot” thing. It’s called a captcha, and the purpose is to stop automatic scripts from posting garbage to our forums.

[SvanteSpectator]

Hello!

There’s no need. PayPal will convert as appropriately. We *are* looking at alternatives, but for other reasons. If you have any trouble, let us know!

Also, you don’t need a PayPal account (although they dearly like you to sign up) to pay. An accepted credit card is sufficient.

Regards

Svante

[SvanteSpectator]

You are most welcome. Good luck!

[SvanteSpectator]

Hello Wayne,

I’m afraid we don’t really support your scenario at this time. You can do quite a lot with the installation process, using standard Windows Installer commands and switches. It’s just a standard installer package, so all such tricks works, including forcing parameters etc.

However, right now we don’t have the ability to do what you’re asking with per-system registration. I’m not sure what your scenario is though – is the intention that the users are not to use personal passwords, but rather all have access?

If you explain a little more I might be able to answer in more detail about now, and future plans.

As for command line switches, not at this time, though we’re planning to add one for off-line installation. You’ll still need to add an AxCrypt ID though (an e-mail plus a key-pair – this is what’s done when it connects to our server), so it’s not going to be more convenient.

[SvanteSpectator]

Hello Sputnik,

The short answer to your question, is yes, 128-bits suffices.

The medium answer is that it’s really about your password. If you have a weak password you’re not using the full strength of the algorithm, and then it does not matter if it’s 128 or 256 or whatever. So, you need a really strong password. The problem here is that it’s actually quite hard to type and remember a password that is equivalent to 128 bits, not to say 256.

If you use our password generator the strong password is approximately equivalent to 95 bits, and the short about 30 bits, so you can take a long and add a short, and you’ll get full strength.

In my personal opinion the long password is sufficient for all reasonable and most unreasonable attacks. A government might possibly crack such a password with time and some luck (there’s some strengthening added to, so it’s really about 105 – 110 bits), but only at great expense if at all. Personally I doubt it. A real 128-bit equivalent is currently out of the reach for anyone, including governments.

Regards,

Svante

[SvanteSpectator]

Hello Edgar!

You need to be “Signed In” to AxCrypt. This is essentially the same function as the checkboxes “Remember for decryption” and “Remember for encryption” in the previous version, just that we made it a requirement to make it easier to use with fewer options.

As for the two password situation, that’s probably because you have an older version of AxCrypt 2. The current version will offer to automatically convert to version 2, thereafter you’ll just have to enter the one password for the entire session regardless of how many and how many times you open a file.

Get the most recent version of AxCrypt, and if you’ve already declined the option to turn it on automatically, turn on the auto convert feature here:

[SvanteSpectator]

Stay with us, and keep in touch. We’ll get there!

[SvanteSpectator]

Charles,

I think you misunderstand. AxCrypt 2 does all that AxCrypt 1 does (and some more). You can still use it exactly like oyu describe for exactly that purpose, even more conveniently than before.

You do not *have* to share documents! If all you need is straight-forward password protection via 128-bit encryption of files (like AxCrypt 1.7), then the Free version of AxCrypt 2 fits the bill perfectly.

Best regards,

Svante

[SvanteSpectator]

Robert,

Yes, that’s the gist of it. We’ll be publishing detailed specifications about exactly what we do, both in laymen terms as well as with technical details. We’ll also be publishing documentation about the file format we use, and how we apply the cryptographic primitives, as well as how to call our public REST API (which is what AxCrypt does for it’s online extensions).

For now, though, I’ll try to answer questions such as yours well as I can (and then I’ll re-use some of the text when I publish it more formally).

I feel that we have a reasonable compromise between theoretical security and practical usability. Of course, not all will agree, but we’ll be very upfront with exactly what we do and why.

Good luck!

Svante

[SvanteSpectator]

Hello Parham,

AxCrypt 2 can operate as Freeware, or as Premium with extended functionality. So it’s both. Often called Freemium. You can always download the old verson 1.7.x, which is entirely free and does not have the extend functions of AxCrypt 2.

The Free mode of AxCrypt 2 is roughly equivalent to AxCrypt 1.

[SvanteSpectator]

Thanks Sputnik! Be sure to stay tuned, we’re working very hard on all fronts to make AxCrypt better and more accessible and to please as many users as possible, both with usability but also with licensing of course!

[SvanteSpectator]

Thanks Davide! Please post again if you have further suggestions, questions or ideas.

Svante

[Author]

Posts