Forums Help & support Encryption Security With Version 1.7.3201.0 vs Version 2.x Reply To: Encryption Security With Version 1.7.3201.0 vs Version 2.x

#13314 Reply

Svante
Spectator

Hello Steve,

The use of SHA-1 in AxCrypt is actually still ok, and it does not affect the security in the sense that it’s easier to decrypt because of the limitations of SHA-1. It is used for two things – to produce a 128-bit key from your password, and to make a so-called HMAC – a keyed message authentication code, or a checksum. In extreme theory, although as mentioned in this use case it’s not practical, a low-security HMAC would enable an attacker to make a change to the encrypted data, and the HMAC would not flag this change. The decrypted data would still be wrong, and it will not help the attacker decrypt the data. The use of SHA-1 to produce the actual 128-bit key used for encryption is also a safe use. It will not help an attacker to decrypt the file.