[SvanteSpectator]

Hello Joe,

I’ve looked at the logs, and although it’s a little hard to be sure, it looks like you’re going through the old Axantum site to request the password reset.

Try using https://account.axcrypt.net/Home/PasswordReset (the same one Eddie suggests). If your problem persists, please email us at support att axcrypt dott net .

[SvanteSpectator]

Thanks Eddie! Couldn’t have responded better myself.

[SvanteSpectator]

Thanks Giles!

[SvanteSpectator]

Thanks Giles!

[SvanteSpectator]

Hello Giles,

Thanks, and yes, you’re right that there has been a break published against AES, as you say, in the academic sense. There are also various breaks against reduced round versions. There is still no practical attack published. The text your refer to starts with:

“Breaking a cipher doesn’t necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext“.

The problem here is that even cryptographers do not have a precise vocabulary to distinguish various levels of breaks. I personally tend to use the term “break” in context to describe the break. I.e. “There’s a break against AES in all versions reducing the complexity by 2-3 bits”. When I use the term “broken”, with this I mean that the algorithm is entirely compromised and considered unsafe.

I find it very unintuitive and misleading to state that since there’s a break against AES reducing the complexity by a few bits, AES is broken. Therefore I protest against such a statement when it’s not carefully qualified to explain just what parts or to what extent it is broken.

Still, I will certainly agree that in the long run there are some indications that AES might indeed become unsafe one day, since there are several published weaknesses found, even if no practical attack has yet been published. As you quote Bruce Schneier, I’ll have to do the same: “Attacks never get worse, they only get better”. (more or less, it’s from memory).

Thanks for good input! But remember, most readers of these posts are not cryptographically knowledgeable – or even interested. They just want to know the simplest answer to the question “Is AxCrypt safe?”. I know, and obviously you do too, that there’s no really simple answer like “yes” or “no” to that question. But we have to try to give as good and as simple answers as possible.

[SvanteSpectator]

Hello Giles,

Since many readers of these forums are not experts, and cannot be expected to be able to see what is fact and what is fiction, when a statement such as “Cryptographers consider the whole suite of AES implementations to be broken: AES-128, AES-196 and AES-256 to be broken.” – Please provide a reputable source reference! The article from 2011 you refer to while very interesting, does not in any way indicate that AES is broken. In fact, it explicitly states: “However, it doesn’t compromise AES in any practical way.”.

Exactly which cryptographers have this opinion, and where have they published results to support it? To my knowledge, no such cryptographers exist, or such results.

Also, I’m afraid the statement that “AES is considered broken”, followed by a statement that “for practical purposes it still is the best cipher“, is just plain contradictory. Broken is broken. If it’s broken it should not be used. But AES is *not* considered broken by any published cryptographers.

As always there are conspiracy theorists, but is beyond the scope and dignity of these forums I believe.

[SvanteSpectator]

Hello Matze,

Thanks for the feedback. However, this is a public forum, and while we appreciate negative as well as positive feedback – we like constructive and polite feedback even more!

If you’d like to tell us just what aspects of the user interface you found least appealing or most hard to understand, it would actually help us improve the product! If you do, can I please ask you to formulate it a little nicer?

Commenting on the one actual concrete criticism concerning AES-128 vs. AES-256, could you perhaps provide some sources for that statement? To our knowledge, there is no indication that AES-128 strength “is a little low for security requirements“.  Then again, that depends on just what those requirements are. AES-128 is considered strong enough for US government information classified as secret, it’s apparently good enough for some requirements. It’s also good enough for use in many private and public corporations according to their respective polices. Other requirements require other levels of strength. Just stating that a security measure “is a little low for security requirements” without reference to the actual requirements is both a meaningless and misleading statement.

If you state that AES-128 is a little low for your personal security requirements, that’s fine. We have many users who are correctly judging that AES-128 is good enough for any reasonable personal level of security, and who also realize that they are unlikely to use passwords of sufficient length and complexity to even approach 128 bits in actual strength anyway. Then we have others users who feel more comfortable with AES-256, and for those we offer that too – at a small cost in our Premium software.

Concerning your implied criticism of the fact that we have a for-pay option with advanced features for AxCrypt, that’s just an aspect of the real world, where we simply need revenue in order to develop, maintain, support and improve the software. We still offer a really useful software entirely for free, something most software manufacturers do not.

[SvanteSpectator]

Hello Jerome,

There are several separate situations fitting your description. Could you please post a screen shot of the error message?

It’s also not clear what you mean with “files is at same update than axcrypt” – can you please clarify that?

[SvanteSpectator]

Al & Anonymous,

This issue is better suited for support, so email screen shots etc to support att axcrypt dott net please.

[SvanteSpectator]

Thanks Simon!

[SvanteSpectator]

Hi Rob,

Sorry, we’re not currently planning a Windows Phone app. If demand increases we are well prepared for it, because of the technology we use to implement AxCrypt, but there are no plans at this time.

[SvanteSpectator]

Hello Rob,

Criteria, yes, I believe.

Validated, no.

We could with reasonable effort use for example a FIPS 140-2 validated version of Crypto++ for cryptographic primitives, but we don’t support it currently.

[SvanteSpectator]

Hello MickyD,

Sorry, no I don’t know of any encryption product that would support your streaming decrypted data from the cloud scenario – except of course cloud storage provider provided encryption, but it kind of defeats the purpose.

[SvanteSpectator]

Hello Kirk,

This is indeed so. AxCrypt 2 can open AxCrypt 1 files (and will upgrade them to AxCrypt 2), but AxCrypt 1 cannot open AxCrypt 2 files. This is clearly stated on the download page:

I suggest you download the *standalone* AxCrypt 2, decrypt the files, and then re-encrypt them with AxCrypt 1.

[SvanteSpectator]

Hello John,

Examining our logs, we find that you appear a little confused about your email-address ;-) Sometimes it’s …list…, sometimes it’s …misc… (the rest redacted for your integrity). You may have both of these for email, but not in our system.

Please check so you’re using the right one (appears to be …list…), and then check if you may not also be mixing up passwords.

[Author]

Posts