This topic contains 134 replies, has 3 voices, and was last updated by Doug 3 months, 1 week ago.
June 6, 2016 at 10:30 #3394
Thank you for your feedback. I might actually consider adding a ‘key share by password’ feature in the free version. I wrote a blog post on the fallacy of having many passwords for personal use, but a ‘key share by password’ is somewhat different, and it would give a migration path for those AxCrypt 1-users who actually do share encrypted files. We believe it’s a minority, but still.
SvanteJune 6, 2016 at 12:14 #3395
Hi Svante !
Thank you very much for your answer. I’ll follow up the changes to AxCrypt from time to time in the future and try the new versions once or twice a year.June 6, 2016 at 13:17 #3402
Sounds good! You can also follow the specific issue about multiple passwords here.
SvanteJune 6, 2016 at 18:26 #3411
I personally like this new model but understand why some people are disappointed.
It’s human nature. From the perspective of these users, AxCrypt 2 is lacking features they were used to and had come to expect. It might be true that self-decrypting executables are not essential from the standpoint of rigorous logic. It might also be true that using only one password is superior to keeping track of multiple passwords. But people are habituated to choosing different passwords and creating self-decrypting files. So it feels like a loss of functionality when those things are removed.
There is loss of functionality in one respect. Under the old model, users could share encrypted files without paying for the software. Under this new model, two “free version” users will be unable to share with one another, if key sharing is a “premium only” feature. I have upgraded to premium for this very reason.
Thanks. I’m just thinking out loud here.June 6, 2016 at 20:13 #3412
@ Robert M
You seem to talk about the “human nature” as if it was a defect and that you don’t suffer of such a thing.
I would like to reassure you about the fact that you are an human, like anybody else…
It’s your right to like the new version of AxCrypt, even to upgrade to its Premium version and it’s your individual human nature that has driven you to this decision. I will not discuss your personal tastes, you have, like anybody else, your own human likings and I will never say that you have opted for such a choice because you don’t follow this rigorous logic : why pay for something that you can get for free ?
The people who have opted to stay with the old AxCrypt’s version are not necessarely people who are illogical or only guided by their habits, i.e. that they have done their choice without the intervention of any intelligence. Much of them probably needs to be able to send crypted files to others and they also have probably always felt that this 1.7 version of AxCrypt was allowing them to do such in an easy and free manner. In my view it is a matter of individual taste which is also very logical from the point of view of those who adopt it.
I think that we should all learn to accept the individual differences without thinking that those who don’t think like us are necessarely stupids, or less intelligent people guided only by their “human nature”.
Regards, Sputnik.June 6, 2016 at 20:21 #3413
I too am disappointed with the change from 1.7 to 2 because of:
- the requirement to (initially) connect to the internet
- removal of secure erasure (paid customers only)
- one password for everything (less secure)
- no ability to create self-extracting files
- inconvenience for non-AxCrypt users
I think v2 is <span style=”text-decoration: underline;”>more</span> complicated for non-technical users who have to set-up the key sharing (GPG does a better job and is tried and tested). It also forces people down the route of paying a fee for what may be a one-off share. Maybe consider having a pay-as-you-use option; e.g. share an encrypted file for €0.50.
I’m also concerned that there’s no ability to set different passwords for different files. By all means encrypt files using the same password by default but offer the capability for an alternative password if the user desires. If somebody wanted to share an time embargoed document this feature would be critical. A press release accessible only at midnight once the person has received the correct password by automated text is one example.
Personally I would like to see v1.7 continue in development or the, now removed, functionality reinstated in v2.
If necessary you could even charge users for continued development or implement the ‘old’ features into the new software and perhaps charge a one-off fee whilst keeping a v2 functionality for SAAS licensing. For example €24/yr for v2 & v1 functionality and €12 (forever) for only v1 functionality but also provide the ability to decrypt v2 files which have been shared by a paying v2 customer.
I’ve read the comments about a lot of mail servers blocking executable files and this is very true. Some software automatically changes the extension from .exe to something random (e.g. .axe) to bypass this restriction and then they insert a line of text into the email instructing the user to change the suffix to .exe.
However the largest use-case scenario I can think of where self-extracting files were the perfect solution was when sharing files over a non-encrypted cloud service. For example an AxCrypt user uploads his file to his Google Drive (as an .exe) and then emails his friend a sharing link. The friend clicks the Google Drive link, the .exe downloads and the recipient enter his password. He doesn’t need any special software; just the password. The friend may not have install rights but might be able to open the .exe.
There’s other great and easy to use software out there including VeraCrypt, (7-Zip, PeaZip, SecureZIP, WinZip), GPG, encrypted PDF or Microsoft Office documents etc. As more and more zero-knowledge encrypted services come online like Tresorit, SpiderOak and (soon to be) iCloud the era of sending conventionally encrypted documents will come to an end.
Giving the user the ability to easily decrypt a document without having to install special software <span style=”text-decoration: underline;”>is key.</span>June 6, 2016 at 20:35 #3414
You bring here some very interesting ideas.
Your comment is also a proof that what I was saying in my last comment is true : those who prefer v 1.7 are not necessarely people devoid of any kind of logical intelligence…June 6, 2016 at 21:53 #3415
Thanks for interesting input everyone!
A few quick comments:
– Self-decrypting archives. They may or may not come back. In the meantime, it’s so simple to just send the full standalone install-free version along with the encrypted files, or include a link to it. No installation requried, just the ability to run a .exe .
– Blocking of .exe and extension renaming. I do that sometimes, and it works about 50% of the cases. Lots of mail software today will actually look inside the file, and do a risk analysis from that.
– Decryption of documents without installing special software: That’s not going to happen unless some cross platform encryption software (on all major platforms: Android, iOS, Windows, OS X etc) takes a similar position as PDF for document facsimilies. Remember – it’s *all* about special software. The only thing that is different between *special* software, and software you don’t need to install is that it’s already installed. All software is installed. Some as part of the OS. Some as part of the distribution of the OS. Some packaged by the device manufacturer. Some installed by the user.
– Key sharing – i.e. the ability to have multiple recipients of an encrypted file à la PGP. We do think that AxCrypt does this pretty well, and that it’s really easy to use compared to specifically PGP. Nothing wrong with PGP technically – except it’s not easy to use. The original impulse to write AxCrypt came from PGP and it’s not-so-easy to use aspects.
– AxCrypt 1 development: AxCrypt 2 will hopefully remain in active development for many years now, so there’s plenty of opportunity to tweak, fine-tune, add, remove and revise features and requirements. AxCrypt 1 will not be actively developed, it’s simply not practical. It’s based on 15 year old C++ code specifically made for the Windows Win32 API. It just can’t be made for anything else without a complete rewrite. Which is what AxCrypt 2. It’s a new freshly built C# platform, that we can continue to develop and run on different platforms.
There’s more to be said (and done), but another time.June 6, 2016 at 22:56 #3416
I was not implying that anyone is illogical. I was, in fact, empathizing with people who don’t like version 2. You read things in my post that are not there, nor intended.June 7, 2016 at 02:19 #3417
@ Robert M
Sorry about that Robert.
My mother tongue is french and even if I relatively get by with the english language, I may sometimes miss some subtleties of the thought of english speaking people. This is already something not that easy in our own language, it is a little bit more difficult in another language…
One more time, sorry about that.
SputnikJune 7, 2016 at 16:39 #3420
I apologize, as well. In rereading my post, I see how it might sound like I’m beinging condescending. That was not my intention. There certainly are good and valid reasons why a person might choose to stay with version 1.7.June 7, 2016 at 18:07 #3421
@ Robert M
There are also good reasons for which someone would choose to go with the Premium version of AxCrypt, but you have to pay for this and many users are not ready for that. For those who are ready to pay, the key sharing, the 256 bits encryption and the protected folders are all valids reasons for which someone would like to afford the Premium version.
But concerning the free version, from my point of view and from the point of view of many it seems, v 1.7 has still more to offer compared to v2, as things are now.June 7, 2016 at 18:18 #3422
In your last answer to Rob I was surprised by the fact that you didn’t showed any reaction to this particular idea that Rob brought : “Maybe consider having a pay-as-you-use option; e.g. share an encrypted file for €0.50.”
I really think that this is a very good idea : that would certainly bring to you some more revenue and it would also constitutes a kind of free publicity for AxCrypt.June 16, 2016 at 04:01 #3479
First of all, I want to thank you for having provided one of the best (free) programs available for encrypting files. When I first found it and looked at alternatives to compare, I found nothing that comes close to doing what I wanted and so simply and that includes paid software. I have been a long-time user of AxCrypt and rave about it to anyone who expresses any interest in encrypting files. I felt that the program worked exactly as I would want and had all the features I wanted and was very easy to use too. In fact, I would go so far as to say it was the best thought out program for it’s purpose that I’ve come across. Having said this though, I have to admit that I was quite disappointed when I recently downloaded and installed version 2 after upgrading to Windows 10. I completely understand the logic behind using just one password for all encrypted files and was already doing this with version 1 (even though I had the option to use different passwords), but I really didn’t like that the password I used to sign up with became the password for encrypting files. I read your explanation where you say that the password “is never stored on the server, and the connection to the server is always encrypted, so while the password in fact does travel over the Internet it does so safely.”, but this still seems to me to be completely unnecessary. What I mean by this, is that I don’t understand why I can’t just sign up for an account using one password, but then choose another password to encrypt all the files on my PC. I also understand your explanation about the premium functions and sharing files with people without passwords, but if these are functions I do not need, then why can I not have the option I stated – to use a password just on my PC. I have no problem whatsoever having to create an account or to even pay to have the option I described, so this is my only issue. From what some others have said on this forum, it seems I am not alone in my dislike of having the same password for signing up and encrypting, so I really do hope that in the future you incorporate at least this one suggestion for users like myself who were completely satisfied with version 1. Until then however, I have uninstalled version 2 and have gone back to my beloved version 1!
All the best
P.S. I tried to donate years ago when I first used and got to really like AxCrypt, but if I remember correctly, you only accepted PayPal then and I didn’t have a PayPal account, so thought I’d donate if I ever open an account or you also accept credit/debit card payments – whichever came first. When I checked your site again recently, I saw that you now also accept cards, but when I clicked on the PayPal/Payson button , it said “Page could not be found”! I went to your new site, but could not find any option to donate on there, so couldn’t donate on there either. You don’t make it easy to give you money my friend – please help me!June 16, 2016 at 09:43 #3488
Thanks for the feedback, it’s really appreciated.
First things first – I’m not accepting donations for AxCrypt via the new site, since we’re actually trying to run this as a Freemium software, i.e. a free software with a Premium mode for pay. So, sad to say perhaps, I’ve gone commercial. But, the intention is that the free functionality shall be fairly equivalent with the original free ‘donationware’.
That the donation button does not work on the old site is news to me, thanks for that. You’re right, the Payson link is dead. Will fix asap.
By the way, you do not need a PayPal account to use a credit card via PayPal, they’ll work as general payment provider also.
Now, as for the sign in & password issue. Technically there’s not really a problem having a separation of the password used to sign in to the web-part and do the things that the web is needed for. In fact, the software does support this partially, just try to open a file encrypted with version 1 and a different password and you’ll be prompted for it. But you can’t encrypt with a different password in AxCrypt 2 in any convenient way.
The reason we decided, so far anyway, to use a single password for it all is because we think that for most users the convenience outweighs the security concerns. I’m really not that keen on having users having to keep track of, and keep separate in their minds, two passwords. We have enough passwords to keep track of as it is!
Another reason to use a single password is that we’ve seen many cases with AxCrypt 1 where users encrypt a new file, and then either forget what password was used that time, or mistype it twice. Both cases lead to data loss. That’s another reason why we validate the password first, and only allow encryption after ‘signing in’. This decreases the risk of encrypting with the wrong password.
What we are considering for the future is a mode of operation where the password as such actually never reaches the server, instead we’d use a challenge-response protocol for the authentication part of the process, and to all encryption and decryption locally.
This should address your real concerns. The problem is that it might not be enough, because there’s an intuitive feeling that if a password is used for anything online, it’s a problem. Even when it’s really not.
What’s your take on this?