March 17, 2016 at 23:44 #2595
In the previous version of AxCrypt I had to enter a password for each file that needed to be encrypted. In version 2.0 when I right click on a file and select Encrypt, it is automatically encrypted without a password prompt. If I double click on the file after it is encrypted, the file is automatically decrypted. What am I missing here?March 18, 2016 at 21:38 #2596
Thank you for asking!
Actually, AxCrypt 1.x also worked like this, but it was optional. There are two checkboxes “Remember this passphrase for decryption” and “Remember this passphrase for encryption” in AxCrypt 1.x that corresponds more or less to the way AxCrypt 2 works.
We’re trying to make it even easier to use, and with less risk of mistyping and thus perhaps not being able to open files. That’s why we’ve developed the “sign in” model, which is also a commonly used metaphor for many softwares and services, and thus easy to understand for most users.
The “sign in” model to AxCrypt also makes it possible for us to really verify that you have typed the correct password, and when you encrypt files, there is thus no risk that you happened to make a mistake this time.
SvanteMay 8, 2016 at 17:19 #2997
Online password managers, such as LastPass, have been hacked in the past, and will be hacked in the future. The key point of why they are hacked is “Online”. Why would you want to use a password stored online to encrypt a files stored locally in the first place? Even some cloud storage vendors use zero-knowledge policy and they don’t have access to its users’ passwords.
I deleted AxCrypt form my computers.
You know, in most cases, security and convenience is mutually exclusive in computer world. I’d rather prefer security rather than convenience.May 8, 2016 at 17:34 #2998
Thank you for your views. You are of course right that there is always a risk of any computer being ‘hacked’ – server or PC.
The idea with AxCrypt is that if a file encrypted with AxCrypt is leaked or stolen, it should not be possible to decrypt it without the password.
What we store on the server are essentially just that – an AxCrypt file that encrypts not your password, but the private key of a key pair. So, a hack of the server is equivalent to a leak of an AxCrypt-encrypted file. And it’s just this scenario that AxCrypt is made for.
This is not to belittle the risk, and of course we realize that our server is more of a specific target than a typical users PC.
So, just to be clear, we do not store your password on the server. We do store an AxCrypt file encrypted with your password. If you’re using the password manager, we also store an XML-encrypted file, encrypted with your password. (We’ll be changing this in the future to use AxCrypt of course, to simplify security analysis, but since we like full disclosure this is how it’s done right now for historical reasons).
You ask why we do this? The answer is to be able to enable sharing of encrypted files in an unparallelled simple but still secure way. It’s also to ensure that your key pair is backed up. The most common cause for data loss in Windows is use of the Encrypted File System, which generates a key pair stored and encrypted locally. When a password reset is made, or Windows is re-installed, that key pair is permanently lost with all the EFS-encrypted data along with it. We’d like to avoid that, which is why we both keep backup copies of the key pair on our server, and also support decryption with only the password. In AxCrypt the key pair which we call an AxCrypt ID is really just for convenience, it’s not the primary vehicle of security. In the end, it’s always the strength and secrecy of the password used that determines the level of actual security.
I think you sum it up in the end when you say that your priority is security ahead of convenience.
We are of the opinion that security solutions must be so easy to use that they actually are used. This will be more secure, than a solution that is more secure but so hard to use, that it’s not used. That’s unfortunately the situation currently – there are many really secure solutions out there. Why are they not used? Because it’s too hard and inconvenient is my belief.May 8, 2016 at 18:41 #3003
Thank you Svante for your detailed response. Well, I respectively disagree with you on the point that a file encryption tool such as the old AxCrypt v1 is difficult to use. It’s no harder than checking one’s email, which everyone could do with ease. After all, all that is needed is just to input a password to encrypt/decrypt a file/files.
The reality is, even a much harder to use tool such as Veracrypt/Truecrypt has many users. Anyway, let’s leave it that we agree to disagree at this point. I do very appreciate the work you guys put together for AxCrypt.May 8, 2016 at 18:50 #3004
Ok, I guess I wasn’t entirely clear. I agree with you that AxCrypt 1.x is easy to use for simple file encryption, we we’re actually on the same page there!
What we’re trying to do with AxCrypt 2 is to retain the simplicity (although not in exactly the same way), while adding some scenarios as equally simple which are quite complex with other tools, including AxCrypt 1.x. Specifically sharing access to encrypted files with others.
Thanks anyway, it’s user input that has formed AxCrypt 1, and version 2 and will continue to do so!May 8, 2016 at 19:31 #3005
OK now I see there could be some value when users want to share AxCrypt encrypted files with others. However for me personally I prefer to do everything locally when it comes to encryption.May 8, 2016 at 21:07 #3006
But do remember that all encryption and decryption *is* done locally in AxCrypt 2 as well. It’s just that we keep a copy of a key pair on the server that we synchronize with the local PC.
SvanteMay 16, 2016 at 18:56 #3078
I used Axcript several years ago with Windows Vista 32-bit. I was very pleased with it. However I was tired of the frequent Windows and associated programs updates and slowliness and I bought an iMac which I like very much but for which there was no Axcript available.
I recently partitioned the hard disk of my iMac (El Capitan 64-bit) and installed Windows 10 on it using boot camp in order to use applications that are only available with Windows. I tried to install Axcript 2.0 64-bit on my Windows 10 partition but after having inputted my email address the Axcript 2.0 did not accept the password I inputted even though it is the password I used to encrypt and decrypt my files with Axcript 1.0 on my Windows Vista 32-bit. All my encryptions were done locally on Windows Vista 32-bit PC and I did not have to sign on to Axcript to encrypt or decrypt my files.
What should I do to install Axcript again and be able to decode my old files end encrypt new ones.
Thank youMay 16, 2016 at 21:21 #3084
Svante, I get what you’re saying about products needing to be simple in order to be adopted. However, I see no reason why you couldn’t also support the features that axcript users have come to know and love. You seem to think you must make a total break with the past in order to provide simplicity. I am vexed that I can’t protect individual files with individual passphrases as I always have, and never had a problem with. I really want that level of control.May 16, 2016 at 21:31 #3090
Thanks for the feedback. I really do appreciate it!
One of the guiding principles for AxCrypt since day one has been that it’s about real security, not perceived security. Another one is that I am in the absolute majority of the cases better equipped to make choices concerning the security.
This has for example led to AxCrypt being on of the few such softwares where you as the user cannot pick and chose what algorithm to use, or how to use it etc.
Now, I’m always open to dicuss the various choices, and I do change my mind when someone gets me to see the light in a different way.
Let me now just give you the “why” in why I’m not supporting the protection of individual files with individual passwords.
It’s because there is no good reason, from a security point of view. In fact, at best it doesn’t make it worse, but in most cases it will. It’s much better security to use one, strong password for all files. There’s no reason to assume that it would run any larger risk of being compromised than any other, and there’s no reason to assume that having many would in any way reduce the risk of all being compromised.
The one reason to use different passwords, is to group files for different uses by different groups of people. For this, we’ve introduced the “Key Sharing” feature, which is so much better and more secure.
That’s anyway why I’ve taken the draconian decision to simply not support it.
It makes AxCrypt much easier to use (fewer things to type and click), and this in turn makes it much more likely to be used.
That’s the why from my point of view. Now I’m honestly interested to hear what you think. I’m not promising to do as you may suggest, but I am promising to listen with an open mind.
SvanteMay 16, 2016 at 21:32 #3091
Here’s the thing – we’re changing a lot of things in AxCrypt 2, and there’s a little inconvenience when converting to the new.
We’ve released a new build today, that takes away most of the pain in converting from AxCrypt 1.x .
But, the first thing to understand:
There is no relation as such between the password used to encrypt files in AxCrypt 1.x and the password used to sign in to your AxCrypt ID (account) in AxCrypt 2. So you have to sign in with the password you have for your AxCrypt ID account, but this is not what you may have used to encrypt your old 1.x files. If you have an old account and have forgotten the password, head over to http://www.axcrypt.net/ and isuse a password reset.
So, for old AxCrypt 1.x users, here’s a suggested workflow:
1 – Download and start the app, enter your e-mail.
2a – If you’re asked for a verification code, check your e-mail, and set a good strong password. Do NOT forget it! It’s crucial.
2b – If you’re asked for a password, and you don’t know it (this is not the same as the password you encrypted your old files with), ensure you can sign in to http://www.axcrypt.net/ . Reset password if it’s an old account and you don’t know it anymore. Do NOT forget it this time! This is crucial.
3 – Sign in with your (new) AxCrypt ID password (not the same as for your old 1.x files).
4 – Select and open your old files. You’ll be prompted for the OLD password, this first time. Follow the instructions, and let AxCrypt convert your old 1.x files into the new format as you go along (from AxCrypt 2.1.1391 and later).
This sounds more complicated than it is ;-) The only confusing part is the fact that you may temporarily have two different passwords to keep track of – the old, and the new. As your old files are converted, the old password is no longer needed.
PS – If you really like your old password, and it’s a good, strong one, there’s nothing stopping you from using it for the AxCrypt ID sign in too. In fact, it’s a good idea. It’ll make conversion even easier.August 19, 2016 at 10:20 #3882
Dear Svante, I installed AxCrypt 2.1.1434.0, 30 days ago and encrypted my important files after coping is a folder. With an easy password and noted down some hints to remind me the password. I have been accessing them during very next week after encryption. Now I am trying to open any encrypted file or even when I try to encrypt a new file, it ask me the password but I have tried different combination but Password is not working.
I also have read that Changing the Password through Forgot password may not enable access to any encrypted files with other older password, so I did not complete the process of changing password.
I found three files namely: UserAccounts, FileSystemState, UserPublicKey. my question is that may I use something available in these files to decrypt? or any other method that can enable me to decrypt my files.
IASAugust 19, 2016 at 16:30 #3895
Can you send a screen shot please? It’s not clear just where you are stumped.
Can you sign in to your account at https://account.axcrypt.net/ ?
SvanteAugust 29, 2016 at 14:03 #3979
I installed AxCrypt 2 , 30 days ago. Now I would like continue with the free one, but I notice, if I understand well, that we do not need password.
Can you indicate more details for use the free version, particularly:
1. How to encrypt a document for send to someone;
And if we do not added password this mean that anyone cam open the document encrypt, jut need install the software.