Thank you for your views. You are of course right that there is always a risk of any computer being ‘hacked’ – server or PC.
The idea with AxCrypt is that if a file encrypted with AxCrypt is leaked or stolen, it should not be possible to decrypt it without the password.
What we store on the server are essentially just that – an AxCrypt file that encrypts not your password, but the private key of a key pair. So, a hack of the server is equivalent to a leak of an AxCrypt-encrypted file. And it’s just this scenario that AxCrypt is made for.
This is not to belittle the risk, and of course we realize that our server is more of a specific target than a typical users PC.
So, just to be clear, we do not store your password on the server. We do store an AxCrypt file encrypted with your password. If you’re using the password manager, we also store an XML-encrypted file, encrypted with your password. (We’ll be changing this in the future to use AxCrypt of course, to simplify security analysis, but since we like full disclosure this is how it’s done right now for historical reasons).
You ask why we do this? The answer is to be able to enable sharing of encrypted files in an unparallelled simple but still secure way. It’s also to ensure that your key pair is backed up. The most common cause for data loss in Windows is use of the Encrypted File System, which generates a key pair stored and encrypted locally. When a password reset is made, or Windows is re-installed, that key pair is permanently lost with all the EFS-encrypted data along with it. We’d like to avoid that, which is why we both keep backup copies of the key pair on our server, and also support decryption with only the password. In AxCrypt the key pair which we call an AxCrypt ID is really just for convenience, it’s not the primary vehicle of security. In the end, it’s always the strength and secrecy of the password used that determines the level of actual security.
I think you sum it up in the end when you say that your priority is security ahead of convenience.
We are of the opinion that security solutions must be so easy to use that they actually are used. This will be more secure, than a solution that is more secure but so hard to use, that it’s not used. That’s unfortunately the situation currently – there are many really secure solutions out there. Why are they not used? Because it’s too hard and inconvenient is my belief.