Forums Community iOS Mobile Open Beta Reply To: iOS Mobile Open Beta

#4981 Reply

Svante
Keymaster

Hi Robin (& Lucas),

As Lucas says, no there’s no connection with AxCrypt. Lucas is just an engaged member of the community, for which we’re grateful. He’s in his full right to point out alternatives, and I am very much for an open, honest and objective climate in these forums so I’m perfectly fine with suggestions for alternative softwares or solutions. AxCrypt is not perfect, not in version 1, not in version 2. Nor is any other product.

We’ll be continuing to develop AxCrypt ¬†and for this to go in the right direction, we need input – be it positive or negative.

As mentioned elsewhere, we will be providing the option to request the password every time as a result of feedback. We may indeed also implement some model of use which is closer to the version 1.x, but that remains to be seen. Lucas is of course right that the AxCrypt 2 model does open up a few more attack vectors, but in each case we judge the benefit to be worth it. We are trying to make a product that is really useful for a large number of users, and this means we have to make tradeoffs from a theoretical zero knowledge model, in order to make the product useful in practice.

Finally, AxCrypt is indeed mostly suited for data transmitted over the Internet (i.e. email attachments), or stored remotely (i.e. cloud services, backups). For local device security I do indeed generally recommend full disk encryption or possibly file system level encryption such as Windows EFS, which is often well complemented by file encryption such as AxCrypt. Using file encryption software (be it AxCrypt, 7-zip or MS Office built-in) leaves quite a few holes on a local computer, that are more or less impossible to plug in the softwares themselves (temporary files, swap files, wear levelling in SSD etc). These holes are plugged very efficiently by full disk encryption. Similar arguments, but even more so, apply to mobile devices.

So, our recommendation is to use some kind of device or full disk encryption for local device security + some form of file level encryption for remote storage and transmission (we think AxCrypt is a good choice).