Yes, the fix is in and will be released next week. Thanks! If you’d like I’ll be happy to give you 3 months Premium as a small bug bounty token of appreciation.
You should interpret the 50ms / full keywrap as being equivalent to targeting a cracking speed of 20 passwords / seconds in the target system, using our code – which is not speed optimized in the sense for example hashcat is which can use GPUs for much higher throughput.
The target of 20 full keywraps / second is set so that in normal use and even on a much slower system (think mobile), it will still be fast to actually use for a user. We don’t want a multi-second delay to open a file for regular users.
So it’s a compromise between usability and strength. But, at a target of 20 / second, and lets say you can with GPUs, some work and a decent amount of money can reach 500x that speed, you’re at 1000 / second. That’s still pretty slow. If you use a password such as that recommended by us via our password generator ( the most complex ones we suggest are at approximately 75 bits ). At 1000 / second, a crack will average a little under a trillion years. With a national security level budget you could perhaps increase that by a factor a million, in which case a single crack will average a little under a million years. For the type of use AxCrypt is made for (private and commercial information security), we believe it’s reasonable.