January 8, 2020 at 19:05 #15006
(Please forgive me if this has been covered already in another thread – I have scrolled through them, but could not see it, specifically.)
I will start by saying I am not a security expert – but I am a very happy, long-term user of AXCrypt V1.7. I have recently been assessing an upgrade to V2, mostly because I would like to be able to use the app to decrypt files stored in my cloud storage, on my phone, and this functionality only seems to be supported by files using V2’s format.
I have ready many of the posts on here about people’s dissatisfaction with V2, and I echo some of their concerns, but I can (probably) live with them. My question however is a little more fundamental than usability concerns, etc..
Put simply, it is that V2 ‘feels’ less secure than V1. This might sound like a naive comment, given that the encryption algorithms in V2 are better and more secure than V1, but hear my out please. As far as the strength of the encryption goes in V2, notwithstanding my earlier disclosure that I am not a security expert, I take will take it on trust that the files, once encrypted, are harder to maliciously decrypt – so that’s great. Tick!
However, in order to decrypt a file in V1, one not only needs a passphrase (as opposed to a password – which in itself suggests less security) but also, and critically in my opinion, one also has the option of needing a key-file. So, you need two things.
In V2, however, as far as I can ascertain, one only needs to know a password. Given that, someone that maliciously gains access to your PC could unlock anything. In some ways V2 might be more user-friendly than V1, but the decryption process ‘feels’ inherently less complex – and that is my issue.
I would be delighted to be told that I am wrong – as long as you can also tell me why. I have really liked using AxCrypt and don’t really want to have to change. But security must trump ease-of-use in my opinion.
Thank you to any of you that care to respond.
NJanuary 25, 2020 at 10:57 #15264
I’ve never used a key file (still using v1.7) but I see this old thread about why v2 dropped it.January 27, 2020 at 12:41 #15271
Hello Jack C,
Already Svante answered the same forums link(https://www.axcrypt.net/forums/topic/keyfile/). Please read the same.
We’ve decided not to implemented this feature, because it has caused some problems with very small benefits. You can choose to use a very good password instead – why not use a string similar to what’s in the keyfile for example? Exactly the same level of security.
The problem with keyfiles are that they need to be stored somewhere, and it’s very hard to ensure this is done properly.