Forum Replies Created
-
AuthorPosts
-
Hello Luiz!
Yes, it’s still very much open source. In many ways more so, since the build environment is much easier to create (you just need Visual Studio, no need to download and configure dependencies).
Please visit https://www.bitbucket.org/axantum/axcrypt-net/ do download the full source code as a zip or why not create a fork of the repository?
Regards,
Svante
Hello Oliver!
Thank you for your views. You are of course right that there is always a risk of any computer being ‘hacked’ – server or PC.
The idea with AxCrypt is that if a file encrypted with AxCrypt is leaked or stolen, it should not be possible to decrypt it without the password.
What we store on the server are essentially just that – an AxCrypt file that encrypts not your password, but the private key of a key pair. So, a hack of the server is equivalent to a leak of an AxCrypt-encrypted file. And it’s just this scenario that AxCrypt is made for.
This is not to belittle the risk, and of course we realize that our server is more of a specific target than a typical users PC.
So, just to be clear, we do not store your password on the server. We do store an AxCrypt file encrypted with your password. If you’re using the password manager, we also store an XML-encrypted file, encrypted with your password. (We’ll be changing this in the future to use AxCrypt of course, to simplify security analysis, but since we like full disclosure this is how it’s done right now for historical reasons).
You ask why we do this? The answer is to be able to enable sharing of encrypted files in an unparallelled simple but still secure way. It’s also to ensure that your key pair is backed up. The most common cause for data loss in Windows is use of the Encrypted File System, which generates a key pair stored and encrypted locally. When a password reset is made, or Windows is re-installed, that key pair is permanently lost with all the EFS-encrypted data along with it. We’d like to avoid that, which is why we both keep backup copies of the key pair on our server, and also support decryption with only the password. In AxCrypt the key pair which we call an AxCrypt ID is really just for convenience, it’s not the primary vehicle of security. In the end, it’s always the strength and secrecy of the password used that determines the level of actual security.
I think you sum it up in the end when you say that your priority is security ahead of convenience.
We are of the opinion that security solutions must be so easy to use that they actually are used. This will be more secure, than a solution that is more secure but so hard to use, that it’s not used. That’s unfortunately the situation currently – there are many really secure solutions out there. Why are they not used? Because it’s too hard and inconvenient is my belief.
Hello,
What happens if you exit AxCrypt (via Task Manager if need be) and then restart it. Does it not show the sign in dialog?
You can also try to delete all .txt-files in %localappdata%\AxCrypt\ (navigate to the folder with Windows Explorer and delete the files ending with .txt there). Do this after you have exited AxCrypt, not with AxCrypt running.
Regards,
Svante
Hello,
This is Svante from AxCrypt!
Not sure I understand the situation. Have you seen and followed the instructions on how to get started in the video here: http://www.axcrypt.net/documentation/get-started/ ?
You need to register your e-mail, verify your e-mail with the 6 digit verification sent to that address, then set a password for your AxCrypt ID and use that to sign in to AxCrypt 2 with. During this processs you need Internet access, but after that AxCrypt 2 does not need Internet, so all operations can be done offfline.
AxCrypt 2 will minimize if you ask it to, but it will open up if you request it or if it needs your input for a password for example.
Although this might seem like annoying for an old 1.7 users, once you get it set up it’s really much more convenient than the old way. You have one password for all files, and you can change that password without the need to re-encrypt all the files etc. If you are sharing encrypted files, each one uses their own private password.
We’re working on a guide and possibly some added features to make migration from version 1.x even easier.
Regards,
Svante
Hello,
This is Svante from AxCrypt! What version of AxCrypt are you running? The following applies to version 2.1.1388 or later. If you have an earlier version, please upgrade first.
Please do the following (which resets your user settings and your recent files list, but will not affect your encrypted files or anything else):
Stop AxCrypt (kill it from Task Manager if need be).
Use Windows Explorer and navigate to %localappdata%\axcrypt\ .
Create a folder there named for example ‘Broken’.
Move all *.txt files to the newly created folder ‘Broken’, drag and drop works fine.
Start AxCrypt againYou should now have to enter your e-mail again, but then go directly to the password dialog. There is no need to verify again. AxCrypt will resynchronize settings and your AxCrypt ID with the server (that’s why we have the Internet-connection requirement for the first installation on a new PC), and you should be ok again.
If this works, I’d appreciate if you could e-mail the files you moved to the Broken folder to me for analysis. There’s nothing really sensitive in them, but they may contain the encrypted file names of recent files, as well as your e-mail address. If this is problem, you can redact that manually before sending them, since they are just text files you can edit and view them with Notepad or any text editor.
Please send them to Svante dot Seleborg at axcrypt dot net .
Best regards,
Svante
Hello!
Cloud Storage Awareness is really just about detecting installed cloud services, creating a “My AxCrypt” folder and then designating the created folder as ‘Secured’. Since all users have a 30-day trial Premium, this does not have that much impact. However, the feature is really useful only when the folder is Secured, i.e. monitored for new files to encrypt. The Secured Folder feature is also a Premium feature.
Best regards,
Svante
Sorry, no they cannot co-exist since at most one application can be associated with an extension (.axx).
However, you can download and run a standalone ‘portable’ version of AxCrypt 2. If you use it to encrypt new files, the old version cannot decrypt them though.
Best regards,
Svante
Hello,
Thank you for your input! This is actually an interesting idea. We’ll need to think a little bit about how this would work in detail, and what security issues it raises.
It won’t make into the first release, but we’re not stopping development then! We’ll be continuing to push continuous releases just like we’re doing with the beta phase. It will not be a case of a release-a-year or something like that.
Once again, thank you, we can do something with this.
Best regards,
Svante
Hello,
Thank you for asking!
Actually, AxCrypt 1.x also worked like this, but it was optional. There are two checkboxes “Remember this passphrase for decryption” and “Remember this passphrase for encryption” in AxCrypt 1.x that corresponds more or less to the way AxCrypt 2 works.
We’re trying to make it even easier to use, and with less risk of mistyping and thus perhaps not being able to open files. That’s why we’ve developed the “sign in” model, which is also a commonly used metaphor for many softwares and services, and thus easy to understand for most users.
The “sign in” model to AxCrypt also makes it possible for us to really verify that you have typed the correct password, and when you encrypt files, there is thus no risk that you happened to make a mistake this time.
Best regards,
Svante
Hello!
There is no default password with AxCrypt. Each user sets his or her own passwords, we have no defaults, no control and no knowledge of what passwords are used.
Best regards,
Svante
Thank you, quite right. We actually noted that at a meeting yesterday, so it’ll be updated to correctly reflect the situation.
Regards,
Yes, there. Its very confusing as this http://www.axcrypt.net/documentation/requirements/
(at the bottom part) says that there are previews available for iOS and OSXHello,
The iOS version is not available right now, but we’re actively looking for contractors to do the UI for an AxCrypt 2 app based on the AxCrypt 2 code base.
When you say the home page, do you mean http://www.axcxrypt.net/ which is the new site for AxCrypt ?
Best regards,
The AxCrypt Team
Hello,
Just like with an application that works with a specific kind of file, you need a program installed to work with those files. Sometimes this kind of program is preinstalled by the manufacturer, like PDF-viewers usually are for example.
So, yes, you will always need to install some version of AxCrypt on the device in question. This is fundamental to how things work. If we can get Apple, Google and Microsoft to preinstall AxCrypt that will be great, but I fear this is will take some time ;-)
Best regards,
Svante
Hello,
Can you explain a little more just what part of the premium functionality you’d like to have optional?
Best Regards,
Svante
-
AuthorPosts