This topic contains 8 replies, has 2 voices, and was last updated by Fran 1 year, 9 months ago.
July 9, 2016 at 19:04 #3724
I downloaded the desktop 2.x version and created an account as requested.
I have been encrypting some files and realized that it does not ask for any other password or “passphrase”.
After researching old posts, I have some questions please :
1) Does the account password act as the “old” passphrase then ?
Although the new way makes things smoother for continuouos use of the files, I probably prefer the old way.
2) If I download the standalone version of AxCrypt 2.x, will it work the same as 1.x version ? What happens to the files that I encrypted with 2.x ? Will I need the account password to decrypt / view ?
FranJuly 9, 2016 at 21:24 #3728
Not sure I understand fully.
1) Yes, the account password is essentially the same as the “old” passphrase.
2) The standalone version 2 works the same as the installed version 2, except for explorer integration. The files encrypted with version 2 are encrypted with the account password, and you need version 2 and that password to open them.July 12, 2016 at 00:38 #3743
For 1.7 users there is a lot of confusion about file/account passwords management with version 2 by lack of clear explanations in the description of the features and the FAQ.
It is only when reading here I understood the password for files and for the account are the same, meaning:
If the access to your account is not that sensitive especially for a free account, you still need a very strong password at start to protect your very sensitive files.
If it is easy to reset your forgotten password account by the “I forgot” feature via e-mail, warning is needed about the fact you will not be able to open file with the old account password.
I personnally feel it is better to separate the both.
To open 1.7 files I then need two passwords, first the account then the 1.7 file password.
I regret not to be able anymore to use short-easy-to-type password for some files and up-to-13 digits with mixture of signs for very sensitive datas.July 12, 2016 at 09:21 #3747
You are so right, lot’s of confusion. Even you still have some confusion. We were to be honest taken by surprise by how hard this obviously is. We’re continuously working with improving the software as points of pain become clearer, both how we write tips and texts, and how the program actually works.
AxCrypt was and is still a password based encryption software. In AxCrypt 2 we use the password for a little more things, but it’s still in the end, just that. A file encrypted with a password.
One part of the confusion is that we now require that password to be associated with a verified email address. This is for several reasons. This in turn causes more confusion, because that password is often not the same as the password used for old AxCrypt files, especially not if you have more than one password used for old files, then it can’t be the same as all of them of course.
Some points in your post that needs clarification:
You write: “If it is easy to reset your forgotten password account by the “I forgot” feature via e-mail, warning is needed about the fact you will not be able to open file with the old account password.”
There is a big red warning, but the warning is not about “not be able to open a file with the old password“. Depending on what you mean, that’s not the case either. A file that was encrypted using a given password is always encrypted with that password, and you can always open the file with that password. It can also be opened with the account password, *unless* you do a password *reset* on the account. Then it can’t be opened with the new account password (*unless* of course that new account password just happens to be the same that the file was originally encrypted with ;-).
You write: “To open 1.7 files I then need two passwords, first the account then the 1.7 file password.” No, you do not. Only the first time. AxCrypt will by default convert opened old 1.7 files into version 2 files, using the account password. There’s also a function to batch convert many files at once. Thereafter you’ll only need the account password, and only once per session.
You write: “I regret not to be able anymore to use short-easy-to-type password for some files and up-to-13 digits with mixture of signs for very sensitive datas.”
Please read http://www.axcrypt.net/blog/use-of-different-passwords/ for a longer explanation of why we do not support this scenario, and why we don’t think it’s a good idea to start with.July 15, 2016 at 11:43 #3763
thanks for your reply.
1) Yes, the account password is essentially the same as the “old” passphrase.
I understand about updates etc. with having an account, but the fact that the password is stored somewhere (rather than in our own memory), no matter how secure it is, weaken the security. Am I wrong ?
Why not leaving the passphrase and just asking people to create an account, leaving the two things separated ? That was what I was expecting in fact
So is there a way we can just use the passphrase rather than using the 1.x version ?
FranJuly 15, 2016 at 12:31 #3764
The security model is not affected by what we store on the server. We always assume that encrypted files are public anyway, and what we store on the server is just that – encrypted files.
The security model *is* affected by the fact that we transmit passwords, even if over a strongly encrypted connection, but we have judged this to be acceptable for the gains. It is not really controversial to transmit data over such a channel.
Currently the software does require you to register your e-mail, but once done, you do not need any Internet access. It’s still just a password that in the end protects your document, and you still just have to type the password since the email is prefilled. Same keystrokes, different look in other words.July 16, 2016 at 12:31 #3770
Thank you Sventa.
Last 2 questions I promise. :)
1-Occasionally I may have to place some encrypted files on a USB stick. In the past I used to carry the axcrypt 1.7 .exe file to decrypt the files “on the go”. Only lately I discovered there was option of encrypting to an executable file…. This is not available anymore I understand. What do you suggest in these cases ? to place the standalone 2.x ? Will it recognize the password if I do not have any internet connection ?
2-I looked for this in the FAQ, but no luck. What happens if I change the account password to the files already encrypted ? Which password do I need to use ?
FranJuly 16, 2016 at 13:47 #3771
I had the same concern about carrying exe files on an USB key.
See the information I got in the section: community / “some suggestions for AxCrypt ”
I have tried the Axcrypt2.exe on an USB key and:
On my main computer where Axcrypt 2 is installed I had no problem to run this exe file even without internet connexion.
But this is not really where I expect to use it.
On another computer, with no previous Axcrypt installed, I am asked to register with my e-mail and be sure I’m connected at the internet. What I certainly wouldn’t do on any host computer travelling. I expect this exe file to be filled with registering information at home.
This is not really what can be called a standalone version until this issue is fixed.July 16, 2016 at 21:19 #3773
Hello Fran and Barkeley,
You have it right. The solution for USB sticks indeed to use the standalone version of AxCrypt instead of the ‘encrypt to exe’ feature of the old version.
You’re also right that we’re not quite there yet – the standalone version needs to work really standalone without ever requiring internet access or our servers. This is now a high priority improvement, so we’ll work and implement this relatively soon.
As for what password to use it’s a little complicated due to the sharing features, but the easy way to explain it is that what will always work is the password used the most recent time the file was encrypted. This will always work.