Forums Community AxCrypt 2 makes me sad… Reply To: AxCrypt 2 makes me sad…

#6534 Reply

Brian

So it’s pretty clear you didn’t read my post. Extra steps are taken to ensure safety prior to opening the real secure files i.e. Rebooting with Shadow Defender, using Sandboxed Programs, etc.

I did read your post but you gave a hypothetical strawman, by the name of Jennifer, who was being affected by drive-by downloads. Lots of malware can break out of sandboxes – the research is freely available online. There are numerous other methods of stealing data from secure environments.

The majority of users aren’t rebooting their computers left, right and centre. They don’t care about security and those that do only take minimal steps to secure it. The smaller proportion who encrypt their files manually use AxCrypt or other encryption software and an even smaller proportion still use offline methods.

A keylogger will not steal my VeraCrypt key within an offline VM

Theoretically it could, even within a VM which is not supposed to have access to the host.

Again, this is nonsense. By your logic it’s best to use the same password on every single web-page.

No, it’s a different example. Every website has different security standards. AxCrypt relies upon one hashing algorithm and one encryption algorithm and you can examined the source code.

You can control how you access a password manager, in order to securely use AxCrypt you’d have to use your secure procedures – decrypt the file/use the contents – then return to normal operation.

People don’t use these “secure procedures”. Read the comments out there about encryption software – “I use it because it’s so simple”, “I don’t have to do anything”. That is the mentality of your average user.

So you agree with me, AxCrypt v2 is for basic users with no knowledge of how Encryption works. AxCrypt v1 is far from that, it is for this reason that I will never suggest v2.

It’s for basic users but not necessarily those without any knowledge of how encryption works. As long as the user isn’t paranoid then it’s just fine.

You can still use v1, it’s not being developed any more but it works perfectly well.

If you need remote protection use a program that PROMPTS YOU for your password rather than storing it FOR THE ENTIRE ACTIVE PERIOD OF YOUR PC.

Just sign out of AxCrypt after you’ve finished with your files. Somebody operating your suggested “secure procedures” won’t have any difficulties doing this.

I’m also a software engineer, I also enjoy when software is easy to use, and I use AxCrypt v1 with no issues other than the lack of AES-256. If you added AES-256 to v1 I’d be gone in an instant.

I do not work for AxCrypt. It’s not for me to add AES-256 to version 1. If you want to do it then you’re more than welcome; it’s open source and trivial to implement. Just use a respected cryptographic library.

If you don’t want to hear user complaints maybe you shouldn’t come into a thread about how v2 isn’t meeting some users needs.

See above. I’m a user.

I’m sorry for wanting to continue to be part of AxCrypt I didn’t realize it was a “No Criticism” zone.

You’re entitled to your opinion. It’s just that you’re complaining about AxCrypt v2 when AxCrypt v1 meets your needs and AxCrypt v2 is a new paradigm… which nobody is forcing you to use.