Forums Community AxCrypt 2 makes me sad… Reply To: AxCrypt 2 makes me sad…

#6573 Reply


 You spoke about being an “advanced user” but from your posts you come across as an novice user who knows how to use basic out-of-the-box encryption.

It’s all about what you’re trying to protect and how important it is. Your shot at me aside, I’ve never had an encrypted file stolen. All of my most important data is within VeraCrypt VHDs. I can prep one for you to break open but I think you’ll be busy for quite some time.

This is not the same as calling you stupid (or the “lowest common denominator” as you suggested AxCrypt’s user-base must be); it’s recognising that you don’t have the cryptographic, mathematic and engineering skills to make an informed choice.

Again, to assume this of everyone using your product is foolish, provide good defaults but don’t just hide away options. Kaspersky did this when it removed it’s “Advanced options” and caused a great number of configuration issues.

Subsequent implementations have improved but recovery can still be effectuated by those in the know.

It’s sufficient to keep your average nobody from reading them, if you’re going to share files you’re probably going to use some form of public key cryptography anyways (as you’ll still need to be able to securely share the key). When I use the cloud I’m usually transferring files for myself (usually to a machine that isn’t mine).

You seem desperate to be the maximum amount of secure at all times, yet you use software that hasn’t even been audited. You should realize that you’re never safe it’s all a matter of how unsafe are you comfortable with. AxCrypt is open-source but that doesn’t make it secure, go ask OpenSSL.

I don’t operate on the assumption that something is secure, I only expect that it’s secure enough to make it not worth the hassle. Perhaps someone out there really does desperately want the reports I wrote for my University courses. Then again, given that they’ve long become useless to me I suspect that 7zip was probably just fine for that information. Sure seems to have been effective at keeping the average person from cheating off of me, though I imagine there are many people who could break it on the ready.

Could I use 7zip to archive it, and then use GPG to encrypt it? Probably, but why complicate a simple transfer the information isn’t that particularly important (especially when I know I can download portable 7zip should the machine not have it). I think AxCrypt (particularly v1) is fantastically convenient, but I don’t think it’s “secure” though I admit it’s probably “Secure enough” for what I used it for.

My backdoor is a pane of glass with a tiny latch on it, is it “Secure”? No, but it’s enough to keep your average person from just waltzing in.