[SvanteSpectator]

Hello Jimb,

Thanks for the feedback!

Let me just comment:

#1 – what password is used where. This is a usability issue we’re having only with users of the previous version, and especially those who use several different passwords for whatever reason.

The idea is to make it even simpler – that it’s only one password. For all files. And if you change it, the new password works – even for files encrypted before the change.

The problem you’re having happens when the paradigm of the old and new gets mixed up.

#2 – Speed – it shouldn’t be like you describe. There may be a 1-2 second time after entering the password the first time, thereafter speed should really be comparable. We’ll have to look into that, if you can provide more information.

#3 – Stay signed in – that’s a bit related to #1, it’s mostly existing users why collide with this feature. We made it so, because of various problems with version 1, and to encourage the use of long and strong passwords – which is hard if you have to type them all the time. Nevertheless, we’re backing down on this one and will be adding options to control how this works.

#4 – Different passwords, vs Key Sharing. We really think Key Sharing is the way to go. You do not need to share any passwords, and if you share with someone who does not have AxCrypt we’ll invite him/her automatically as part of the process. Still, we’re considering to add Password-based Key Sharing as a complement.

We’re working on ways to make the transition for existing users more clear.

Thanks again for the feedback!

[SvanteSpectator]

Hello Robert,

Have you rebooted? Have you downloaded the installer version, and not just the portable standalone version?

The AxCrypt menu should be there, just like before.

[SvanteSpectator]

Hello Jym396,

You should be fine with 4.5, no need for 4.6. Does this link work: https://www.microsoft.com/en-us/download/details.aspx?id=30653 ?

[SvanteSpectator]

Hello Pascal,

We don’t really explicitly support it in the sense that we won’t be around to help you out, but the bootstrapper .exe supports quiet installs and the contained .MSI files support silent and automatic installation via Group Policy using Windows Installer.

Run the installer with /help to learn more. I.e.:

AxCrypt-2.1.NNNN.0-Setup.exe /help

 

[SvanteSpectator]

Roque,

Thank you for your input. It’s on the to-do list.

[SvanteSpectator]

Hello gm,

Not sure, but from what it sounds like you’re trying to sign in to AxCrypt using an email adress and your old file password.

Perhaps you can describe in more detail what you’re doing? Please be aware that AxCrypt 2 works a little differently than AxCrypt 1 – but it does allow you to open all AxCrypt 1 files as long as you know the password that was originally used to encrypt them.

[SvanteSpectator]

Hi gm,

Could you perhaps provide a screen shot of the situation? It’s not clear just exactly what your situation is.

[SvanteSpectator]

Hi Neville,

It sounds like a local system DNS attack. The easiest way to do such a thing is via the hosts file. In any case, in addition to getting a sample file (which I still have not received from anyone posting here), if I could get an IP-address for what ‘axantum.com’ seems to point to for one of you who see the strange ‘axantum.com’ site it would be appreciated.

A simple ‘ping’ in a command window usually suffices to find out the IP.

Since it’s really important to find out what, if anything, is going on – I urge anyone who posts here about this issue to please try to provide enough information so we can see what you’re seeing. This includes:

– URL’s you’re visiting.
– IP addresses to http://www.axcrypt.net, account.axcrypt.net, axantum.com and http://www.axantum.com .
– Actual downloaded files that do not match the information provided earlier in this thread for the genuine thing.
– Any SSL certificates that are presented by sites that do not match the genuine sites. They can be inspected, and downloaded via most if not all browsers.

Send files and such to support@axcrypt.net please.

[SvanteSpectator]

Hello Marco,

Please! Send a link to where you downloaded the file, and also send the actual file to support@axcrypt.net . We cannot investigate this unless we can see what you see.

Also, it’s not easy to know exactly what you’ve downloaded since we don’t know where or what, but the correct hashes of ‘AxCrypt-2.1.1489.0-Setup.exe’ is:

MD5: ca117875db4cd0c011132c782957f248
SHA1: 9f8a0688008c0969d1edb639af81e3205458d692
SHA256: 8c6856038c15ff231e66521fc4cef210226083b6b134de64e36b31f149b22b48

The correct hashes for ‘AxCrypt-1.7.3180.0-Setup.exe’ is indeed as you report Marco (but we’re really more interested in getting a sample of a ‘bad’ file than a ‘good’ file):

MD5: 3156d97c3fcce2e2edaa3468755be806
SHA1: a9fac97c1ed306690abfb90b03331482c82c91ae
SHA256: 6a075e415a3c98e835997d0896aab2da5ba0565bd2bf4a6a7a05afdd8c25870a

So, folks, can anyone with a file not matching the above – especially a AxCrypt-2.1.1489-Setup.exe with a digital signature timestamp that is in January 2017, please provide us with a sample and/or a URL where the file was downloaded from?

[SvanteSpectator]

Hello Alejandro,

Yes, some mail softwares (gmail notably) will not be fooled by the extension trick.

Please use AxCrypt to encrypt it, and then key share it with ‘support@axcrypt.net’ and then send the encrypted file.

Or, upload it to dropbox, Google Drive or similar and then share it with ‘support@axcrypt.net’.

Also, that website… That does *not* look like http://www.axantum.com/ .  This is what it looks like:

[SvanteSpectator]

Hi Cyril,

Thanks for the links.

The first paper, https://software.imdea.org/~juanca/papers/malsign_ccs15.pdf does not actually say anything about Authenticode signatures being weak or possible to manipulate. It says that computer system implementers (i.e. Microsoft), are not using it properly, not detecting situations that Authenticode indicates – in this case revoked certificates.

I should of course also point out that Authenticode as such, does not say  *anything* about the code, if it’s good, if it’s bad or if it’s ugly. It only strongly identifies the publisher, and make a strong statement that what you’re getting is what the publisher intended. If the publisher intends to publish malware, that can of course be signed. If this does happen, the idea with Authenticode is that you should then at least know who to sue or report to the police.

The second paper is interesting, and actually does to a certain extent demonstrate a weakness in the Authenticode implementation – they show they can *add* (not modify) arbitrary content while maintaining a valid signature. However, I’m actually at a loss to understand what they could *do* with this data, which the paper points out. Then it goes on to demonstrate an in-memory PE loader, which is also interesting – but to be honest, I don’t see how the one connects to the other. You still need to get that PE loader running. I guess you could write a software, include the PE loader, sign it – and then after that add the ‘payload’ as described but I don’t see the threat yet here. Then again – attacks never get worse, they only get better.

Thanks for two interesting reads! I don’t think it reduces trust in Authenticode as a signing mechanism from a known publisher (AxCrypt AB in this case) though.

We could certainly publish hashes of our executables, it doesn’t harm anything. I’m making a note of it, but since we don’t want any manual processes for stuff like that, we’ll need to add a few things to our platform so we can publish them automatically.

I still really, really want to get my hands on a sample of the file that seems to be signed January 5 and sort out what that is about. Probably its nothing, but we want to investigate.

[SvanteSpectator]

Hello Marianne (and anyone else seeing a download signed on January 5),

I can’t find AxCrypt 2 on Tucows at all. I only find a completely outdated version 1.5.

Can anyone who has the installer dated January 5, please either send a copy to support@axcrypt.net, or post a download link here so we can examine the file?

[SvanteSpectator]

Hello,

Can you please send the actual setup file with the January 5 timestamp to me at support@axcrypt.net ? You may need to copy it to a new name, and change the .exe-extension (I usually add “.removeme” for example), as email software often blocks .exe files.

[SvanteSpectator]

Hello Jacques,

Yes – that is currently correct. To share keys you need to have Premium. To receive and open files that a Premium user has shared keys for with you will work fine with the Free version.

[SvanteSpectator]

Hello,

First, yes – my bad. Microsoft has chosen NOT to respect the signature.

Secondly – I’m confused. Adam – what was the name of the executable that triggered the first “Windows protected your PC” message. You wrote that it popped up when you tried to open an old file, so I was under the assumption that this happened when you tried to use the new version 2.1 AxCrypt. If, in fact, this was a self-decrypting file i.e. something like “My File-ext.exe” – then it’s entirely possible that the warning comes up. But I still don’t see why you don’t get an option to run anyway.

Now, you write “I don’t trust Authenticode because it’s too easily tampered with“. Really? This is not true at all. Authenticode is a strong digital signature, with quite adequate cryptographic strength. Can you provide a reference to indicate that Authenticode is vulnerable?

Finally, you refer to “a version on the internet” and send a screen shot with what appears to be a digitally signed “AxCrypt-2.1.1489-Setup.exe” but with a timestamp of January 5, 2017 – and that is indeed wrong.

Can you check the validity of this signature using the ‘Details’ button please and send a screen shot. Also, I’d very much like a copy of that file as well a link to the source of it.

The correct current setup shows the following under ‘Details’:

[Author]

Posts