[SvanteSpectator]

Hello Roque,

We’ve recently attempted to fix a High CPU issue, but that was more related to system power events. If possible, I’d like you to send a memory dump, but that is more suited to discuss via email. Please contact ‘support@axcrypt.net’ with this issue.

[SvanteSpectator]

Gary,

Can you include a screen shot? It’s hard to tell without getting some more context.

[SvanteSpectator]

Hello Jim,

Can you tell us a bit more about the problem? What kind of file is it (pdf, doc, jpg, … etc)? Can you open unencrypted files of the same type?

Where is the file stored on your phone?

[SvanteSpectator]

Hello Anonymous!

Thanks for the feedback, but unfortunately it doesn’t help us make it better. Please, if you will, give some examples of what issues you’ve experienced.

[SvanteSpectator]

Greg,

Thanks for that tip. I’ll add an issue to update our brute force software to accept password lists like that.

[SvanteSpectator]

Hello Liv,

1) Yes, in order to monitor them to keep them secured, Premium is required.

2) Yes, we’ll be implementing recursive subfolder encryption as an option. There’s a long separate thread on why we have not done so yet (briefly: it’s dangerous, and we’ve had some users not understanding the consequences).

3) Yes, it’s part of the same thing. Recursive subfolder encryption/decryption.

[SvanteSpectator]

Hello Richard!

AxCrypt will in no way cease to function if you stop using Premium. The best way to find out is to try! You can try Premium for free for one month, after that it reverts to Free. Some extra features are unavailable with AxCrypt Free, but all the basic functions are there – and we’ll never lock you out of your files or passwords when you go from Premium to Free of course.

[SvanteSpectator]

Hi All,

It’s back in working order again!

[SvanteSpectator]

Yes, minimum 10 characters (no simple formula for letters / digits / etc). You must assume that every character in every position can by essentially anything…

[SvanteSpectator]

Hello Andrew,

Well, it depends on when you set the password – but the rules are no help in guessing your password. At the very least, it has to be 10 characters. When you set it from the app a certain computed complexity must also be achieved.

You yourself is the only source of information for reducing the search space, i.e. do you have some kind of format that your passwords usually follow (a bad idea, but it might help you out here).

[SvanteSpectator]

Hello Anonymous,

Thanks for reporting this. We have been aware of this problem for a short while. We’ll try to fix at asap. Sorry for the inconvenience!

[SvanteSpectator]

Hello Raphael,

No, to share encrypted files with others, you do not share passwords anymore.

Instead, you use the key sharing feature, which allows you to share encrypted files with others, and they will be able to open the files with their own password.

See the section on Key Sharing here: https://forum.axcrypt.net/documentation/how-to-use/ .

[SvanteSpectator]

Hello Jimb and Robin,

Point of clarification – AxCrypt 1 is a pure symmetrical crypto system. AxCrypt 2 is extended with some asymmetrical functionality.

We store the private asymmetrical key on our servers, and on your local PC. It’s encrypted with your current passhrase. If your current passphrase is compromised *and* the attacker has access to the private encrypted key, then *changing* the passphrase on our servers won’t stop that attacker. You’ll have to re-encrypt the files with a new public key. This, however, is no worse than before, in fact it’s the same. If your passphrase was compromised, you’d have to re-encrypt files with a new passphrase before the attacker could get at the files.

[SvanteSpectator]

Hi Jimb,

c) is the closest to the actual situation, but there’s more to it.

First, when you sign up for AxCrypt, you get what we call your AxCrypt ID. Technically, this is a RSA-4096 key pair. A key pair consist of two encryption keys – a public key and a private key. The public key is non-secret, and can only be used to encrypt data. The private key is secret, and can only be used to decrypt data.

On our server, we store your AxCrypt ID – the public key in plain text and is available for anyone with an account to get, and the private key encrypted with your password as an AxCrypt-file.

To encrypt a file, the following (simplified) happens:

1 – A random 128 or 256-bit key is generated. We call this the master file encryption key, or session key.

2 – The file is encrypted using AES-128 or AES-256 with the master key.

3 – The master key is encrypted with your password and added to the encrypted file.

4 – The master key is encrypted with the public key of your AxCrypt ID.

5 – Optionally, the master key is encrypted with  the public key of any other recipients that are configured using the key sharing feature.

So, to decrypt a file, you need access to either the original password used *or* the private key corresponding to any public key used to encrypt the master key – i.e. the private key part of your AxCrypt ID.

When you change the password of your AxCrypt sign in, what really happens is that the private key is decrypted with the old password, and then re-encrypted with the new password.

Therefore, as long as you have access to your AxCrypt ID, you can open any file encrypted with it, using the new password. So, yes, there is a way for us to change how you open files on computer A, even if you changed the password on computer B (as long as computer A is allowed to sign in to our server at least once).

As a safety measure, we also as mentioned always also encrypt the master key with the password itself, this protects you from the scenario that you for whatever reason lose access to your AxCrypt ID.

All of the above is a simplified version, the details are more complex, but it’s all done using well-known standard cryptographic techniques and methods. For full details, please check out https://forum.axcrypt.net/documentation/technical/ .

[SvanteSpectator]

Hello Ralph,

Thanks for the heads up. It does indeed to appear to be a false positive. Googling for ‘TrojanDropper.Daws.gpp’ finds other instances where ‘Jiangmin’ is the only only engine to report that threat for other files.

Fortunately virustotal also shows a SHA256 hash of the submitted sample, so I can confirm that your download was not tampered with – it’s the original from us. We publish current checksums here: https://forum.axcrypt.net/cryptographic-hashes-files/ .

I cannot stress how important it is that anyone who finds something suspicious, such as virus engine alerts or incorrect or suspicious digital signatures include:

– A sample of the file in question.
– A correct and full URL of where it was downloaded. (‘The AxCrypt site’ is not precise enough, the full URL as shown in the browser address bar, please!). I.e.: https://forum.axcrypt.net/download/ which is the official download page, or even  https://account.axcrypt.net/download/axcrypt-2-setup.exe which is the actual download itself.

[Author]

Posts