Forums Help & support Cloudflare and passwords leaking Reply To: Cloudflare and passwords leaking

#5632 Reply

Svante
Spectator

Hello Gulliver,

You pose some relevant and interesting questions.

Let me first state that AxCrypt does not use Cloudflare, or any similar service. We try to keep the number of components and services used to a minimum, partly to minimize the attack surface.

We try to be very open, in fact all of the core encryption code and the entire Windows Client is published as open source. We also physically separate our content server (www.axcrypt.net) and our account server (account.axcrypt.net) also so we can keep the server with user data as “clean” as possible.

Although we could manage most functionality technically without requiring password authentication over the Internet, some services we could not. What we have done is to actually take a decision – we *do* trust SSL. Although like any protocol it can have bugs, and there are known cases of various vulnerabilities being exploited, it still in protects much of the web. Also, most of the exploits require code injection (typically by way of physical hardware appliances) into major ISP communication centers. That’s beyond the scope of essentially all attackers except governments.

To me, it sounds a little strange that you would prefer to establish routines which involves recipients of encrypted data to click executables sent to them (self-decrypting files), while being worried about SSL security. To me, using self-decrypting files, and especially asking others to routinely expect to receive such files, with the added complication of communicating the password to the file over a *more* secure channel than SSL, does not make “security sense”.

Advocating users to click attachments to run executables is a perfect way to create a huge attack vector to your users.

How do you communicate the password to the files between users? If you are in the same office, I guess verbally in a secure room with all phones and other equipment with microphones physically turned off would work. But remotely? More securely than SSL?

Anyway, we are certainly considering a mode of operation where passwords would never leave the users computer, but it will limit and complicate things in many scenarios.

For now, we actually do trust SSL.