Forums Community AxCrypt 2 makes me sad… Reply To: AxCrypt 2 makes me sad…

#6532 Reply

Brian

You decide to do some online surveys (Jennifer is hugely into Swag Bucks) and then update your Daily Journal, unfortunately you contract a drive-by keylogger *GASP* and it records your login to AxCrypt. Congratulations, all of your files are now vulnerable. Not only can the attacker steal your Daily Journal but they can steal your Sexy Photos as well.

If an attacker can insert a drive-by key-logger then she’s got serious issues because the same attacker can see all the unencrypted data on the system including any temporary caches of the really sensitive data.

Or the attacker could wait until Jennifer next types in her other password (assuming multiple passwords) and then use that to decrypt the really sensitive files. Both rely upon the attacker getting their hands on the data itself… so a key-logger and a trojan.

Jennifer has serious security issues (a trojan and a key-logger) which encryption cannot solve. Jennifer should also educate herself on how to use a computer, avoid malware sites and she should install up-to-date antivirus, firewall and anti-spyware protection.

Axantum has now created a situation where you are AFRAID of using AxCrypt’s encryption (this is the very situation they were trying to avoid) because if you use it on non-critical files you’ll have to do extra work to keep them as safe as you keep your most critical files.

AxCrypt haven’t created this situation and people aren’t afraid of using AxCrypt because it only uses one password.

What would happen if you forget the ONE PASSWORD which encompasses all of your files? Congratulations you’ve introduced a single point of absolute failure.

The opposite is also true. Having one very secure password means the data is much more safe because the user is less likely to forget it. With multiple passwords the chances of forgetting the various passwords are far greater.

If Jennifer is really sensible she’d use a password manager to store her really secure AxCrypt password – or is Jennifer afraid of that “single point of absolute failure” too – despite all the evidence to the contrary [on the efficacy of password managers]?

Don’t get me wrong, Axantum isn’t being intentionally malicious or insulting they’re just treating all users – even the most advanced and cautious users – as though they’re as forgetful, misinformed, and lazy as the lowest user.

AxCrypt isn’t designed for advanced users – it’s designed for everyday computer users who want a simple, modern interface with mobile apps. Advanced users will use pre-scripted shell commands piped into GPG which allows them to choose their own encryption algorithm, hashing algorithm, number of iterations, file output format etc.

AxCrypt is intended for people who want the simplicity of something like an iPhone. Design it simply and more people will use it. Design it so that only tech savvy (advanced) users can understand it and the everyday user won’t use it.

Advanced users are unlikely to ever use AxCrypt because the alternatives GPG and OpenSSL have been out there for years and integrate tightly into their existing workflow like SSH. So what’s the point in implementing lots of bells and whistles if that’s not their target audience?

AxCrypt 2 is not for highly security conscious users, it’s serves the lowest common denominator.

The lowest common denominator AKA 99% of users. Please try breaking the encryption though – the cryptographic community and world powers would be extremely interested and you could become a multi-billionaire overnight.

This isn’t my only complaint with AxCrypt 2 but it is by far my biggest.

Don’t use it then; there’s lots of other software out there.

I’m a user as well. I’m also a competent mathematician, programmer and engineer and I appreciate being able to use something quick and easy without all the complications and hideously archaic GPG commands that can destroy an encrypted file in an instant because of a small typographical error.

You’re criticising a developer who chooses to make his software available for free and who contributes to the open source world. If you can do any better why don’t you fork AxCrypt and we’ll all take a look at your input.