Forums Community AxCrypt 2 makes me sad… Reply To: AxCrypt 2 makes me sad…

#6577 Reply

Hjalmar

That is a remarkable claim requiring remarkable proof! Would you mind demonstrating this, as you apparently did with a BCA file? I don’t ask this to be contentious or as a personal challenge. I’ve read of vulnerabilities with 7Zip but you are describing encryption that is essentially worthless.

It’s not just Steven who can crack these files – anybody with a sufficiently powerful GPU rig can!

Theoretically it should take longer than the life of the universe to crack AES but 99/100 it’s not how strong the algorithm is but how developers implement it which determines whether the encryption can be broken or not.

RaymondLC92 talked about AxCrypt and auditing. Audits are worthless in the long term because they’re only valid on the date of of the audit and when using exactly the same version. TrueCrypt was partially audited but the project closed down for mysterious reasons. Various developers, including VeraCrypt took over, and promised to fix the minor issues discovered in TrueCrypt.

Every time a new feature is added to any software or when a feature is removed or something is changed in the source code it opens a window of opportunity for a bug to inadvertently/intentionally introduced. A cautious person would only use TrueCrypt despite its minor vulnerabilities because of the error potential. VeraCrypt is substantially improved but uses a lot of untested code.

We had a member of staff who had a number of encrypted files on our server. We weren’t in a position to get the password/s from him as he’d sadly died in a car crash. We stopped allowing individual password-based encryption after this and insisted on public key encryption (key sharing).

Many of his files were MS Office documents and spreadsheets and the remainder were 7-Zip archives. Most of his MS Office files weren’t cracked (a handful were) but all his emailed 7-Zip files were returned to us decrypted within 24 hours. They didn’t give us a password but they supplied his files instead.

This points to a serious breach of 7-Zip’s security but that doesn’t equate to it being useless. It’ll stop a casual snoop which is what it’s designed for. Those people who can afford to pay to have the files cracked would similarly be in a position to have their target’s system/s hacked which makes encryption useless as other people have commented. It’s much more beneficial for a target system to be hacked and gain a ‘live stream’ of everything instead of ‘fire-fighting’ by having to decrypt archives afterwards.

I don’t know whether Steven will see your message but cracking archives for the fun of it/to prove a point is time consuming and costly. He has linked to commercial recovery solutions if you disbelieve him and there are many people out there who have used that software with success.