October 9, 2016 at 08:00 #4400
In version 2, you have to first sign-in to the interface to encrypt files.
I have multiple files and want to encrypt using different passwords.
How to handle this using version 2?
With the good old version 1.x, this was not a problem. Each time it used to ask the password.October 9, 2016 at 10:58 #4403
The use of different passwords is often an unfortunate misuse of the old software. The only legitimate use-case for different passwords in AxCrypt 1 was if you wanted to share encrypted files with different teams.
Please read a longer disussion about this here: http://www.axcrypt.net/blog/use-of-different-passwords/ .October 9, 2016 at 17:50 #4407
I read that post and I agree partly with that. My scenario is I want easy to remember password for basic confidentiality of documents on local PC. Another crytographically strong password (16-32 characters in length), I keep for documents stored on cloud storage. Easy to remember passwords are not strong. Therefore I created a cryptographically strong password and only this password resides in my password manager. I have noted it down in NotePad and kept one copy in a TrueCrypt volume as well.
Coming back to one password policy implemented in AxCrypt version 2. Suppose my password gets stolen and I have to immediately change it, I will have to login to AxCrypt site and change it. But what about old files which were previously encrypted with compromised password.
Now I will have to keep track of all files which were encrypted with compromised password. Later if I find even a single file located somewhere on my system and want to decrypt it, this will not work. I suppose I will have to again change the password on AxCrypt site to get this file decrypted.
This might be a mess. Even if I agree with one password policy of AxCrypt, I want to change it once in a year.
There is no doubt password manager comes handy here.October 9, 2016 at 18:10 #4409
Here’s the thing – suppose indeed your password gets stolen! If one password gets “stolen”, you’ll have to assume all are in most cases. But with one strong password, you’ll at least be protected from the password being cracked, or guessed if it relates to your other passwords in any way.
If a password for AxCrypt-encrypted files is revealed for whatever reason, all files who were originally encrypted with that password will be possible to open. That’s just how it works, since AxCrypt is essentially still password based file encryption, although we do have some other features added on top of it.
But, what this means, is that if you do change your password for your AxCrypt ID you can still open all “old” files with their original password, as well as with the new one. For a longer discussion and explanation you might want to read http://www.axcrypt.net/blog/axcrypt-online-vs-offline/ . It’s about online vs. offline, but it ties into this very much.
You’re welcome to change your password every year, but it’s not something I recommend. Use a really good password, and keep keeping it secret. There’s not much additional security added by changing passwords unless you also at the same time re-encrypt *all* files encrypted with the old password.
Finally, always consider just what scenarios you’re really protecting against and take appropriate (not too large, not too small) measures based on that.October 10, 2016 at 08:06 #4413
Just in case I changed AxCrypt sign-in password. Now how to decrypt the files which were encrypted using any old password? Will AxCrypt automatically take care of this? If the hash is embedded in the encrypted code itself for authentication.October 10, 2016 at 08:46 #4416
Since this is about encryption, not access control, we don’t store hashes for authentication. What *is* stored in the files is an encrypted key. The actual key used to encrypt the file is a 128 or 256-bit random key you never see. Your password is used to encrypt that key.
If the existing files were encrypted with AxCrypt 2, and you *changed*, not *reset* your password they will seamlessly open with the new password. The article here: http://www.axcrypt.net/blog/axcrypt-online-vs-offline/ explains how this works.
Otherwise, AxCrypt will prompt you for the password.