Forums Community AxCrypt 2.0 and 1.7 Reply To: AxCrypt 2.0 and 1.7

#6094 Reply

Klaus

I can assist you Dave from a users’ perspective.

Your ‘MFA’ system is a relatively secure one although it is no more secure than a single complex passphrase. It’s definitely not a multi-factor authentication system – allow me to explain:

AxCrypt 1.7 key-files work by storing an encryption key in a text file (which you store on a USB drive). You then throw in an easy to remember password; i.e. the key-file is really only a password!

True multi-factor means exactly that: multiple (>=3) factors. For example a bank safe is a two-factor safe if it has a key and a combination. Having two different keys provides only a single factor of security even if two bank clerks held one key each. This setup is only designed to prevent one of the bank clerks opening the safe on his own.

A thief would take his lock-picks and open both locks. Having one key and a combination makes it two-factor because it increases the factors (i.e. a key and a combination) needed to open it. It’s also much less likely that one thief on his own is going to be an expert at picking locks and breaking combinations. A bank would also throw in a third factor (hence multi-factor) by introducing a time-lock.

Therefore your system, secure as it seems, isn’t providing true security. I’m not suggesting that your files are insecure, they’re not, but the system you operate gives you a false impression of multi-factor operation when it’s not: you’re actually just using one (very long) password albeit broken stored in separate places (your brains and your USB drives). A key-logger could capture the input and render it useless. Whereas a two-factor (e.g. a YubiKey) system would physically need a key stored irrevocably on the device – they’re glorified smartcards but much more robust and easier to carry around.

AxCrypt 2 doesn’t support key-files. It has a new mechanism which is actually better suited to you and your wife.

  • You create an AxCrypt 2 account with your own email address and your own password
  • Your wife creates an AxCrypt 2 account with her email address and her password
  • You (or she) then share the files you both want access to

That setup works perfectly because you both have your own password and the added security that you don’t need to mess around with key-files. Imagine if your USB was lost, stolen or damaged! You’d lose access to all your files (unless you had all of they key-files backed up).

With AxCrypt 2 the security is increased to AES-256 bit which is twice as strong as AES-128 to that used in AxCrypt 1.7.

However if you want the experience of a key-file in AxCrypt 2 you could buy yourself and your wife a YubiKey (other devices are available) and use a static password. Read the link for more. Basically you insert the key into your USB drive, press the button and it will input a password of “any combination of 16 to 64 characters and/or numbers”.

Example:

  • DAVEU9l3#iIOVX1hG1$hY@ted6405
  • U9l3#iIOVX1hG1$hY@ted6405DAVE

So you you’d type in “DAVE” (or whatever your easy to remember password is), press the physical button on the YubiKey and then the whole password would be inserted. Or you could press the physical button, the password would be inserted and then you type “DAVE”.

Your wife could have a similar setup but with her own password. It’d actually be a more secure setup than your current situation because you’d each have your own password. You’d also be able to have files that only you could access and similarly she could have files that only she could access. Anything shared would be accessible to both.

Using a YubiKey in the suggested manner doesn’t utilise its smartcard functionality – i.e. if you lost it, just as if you lost your USB, somebody could trivially extract the password. That’s why it’s so important to substitute “DAVE” with something you’ll remember. My advice would be to store the master password, i.e. both parts, somewhere very safe.

AxCrypt 2 gives you increased security because you choose one very complex passphrase and that’s it. No more multiple key-files, and therefore less chance of you damaging a key-file, you’re less likely to forget one password and you get the benefit of modern encryption.

You can also upload your files into your cloud storage service far more conveniently with AxCrypt 2’s ‘cloud awareness’ feature as it allows you to have a designated folder where only encrypted files will be uploaded to the cloud.

Only one person needs the premium version in order to share the files with the other although if you wanted to support AxCrypt you could always buy two licenses.

If you really like AxCrypt 1.7 you can still use it but the security is greater in AxCrypt 2 and your use of AxCrypt 1.7 doesn’t significantly increase your security whereas upgrading to AxCrypt 2 does.