I use the encryption at home and I was looking your website with thumbprints and this made me want to check my connection was okay. In the new Google Chrome it is a bit more difficult to check thumbprints and I had not done previously.
I see that my connection was being intercepted by my antivirus software and I made an exception for it.
My antivirus company may know my password and I keep my axcrypt files in my Dropbox. I read your technical document and even if I change my password it will not stop somebody who has got my old password from decrypting the files. Am I correct? What can I do to perfect this?
These are pictures before and after. It is lucky I found your hashes website because I had no clue this was happening.
Yes, it is very unfortunate that the anti-virus companies do this. As a typical user, it’s very hard to see the difference and understand the consequence of allowing what is essentially a man-in-the-middle attack.
The way AxCrypt (and encryption in general) works, if a password has been compromised all data encrypted under the compromised password should be treated as potentially compromised. With AxCrypt you can indeed change the password, but the original password used when the file was encrypted remains also valid.
So, what you need to do is to re-encrypt (decrypt + encrypt) the files that you really would like to re-assert security for.
I will have to decrypt + encrypt everything again.
Even my internet bank site had its certificate changed by my antivirus software. I have added axcrypt, Dropbox, internet bank as exceptions to the hard to find SSL settings page in my antivirus. Other pages are still having the certificates changed but I am not caring so much about those.