This topic contains 124 replies, has 2 voices, and was last updated by Jack C. 4 months ago.
September 15, 2017 at 21:14 #7860
I don’t use Gpg4win myself as I find it too bloated (26 MB) although it’s an excellent piece of software for the novice and is the software that I’d recommend for inexperienced users requiring per-file passwords. My advice for most users is to use the stable version (2.3.4) as it contains no serious bugs that could cause permanent loss to encrypted data.
I use the base GnuPG binary as it’s the bare minimum (just under 4.3 MB)needed to do the job but some command line knowledge is necessary. It’s what Gpg4win is based on, is lightweight and does the job.
Unfortunately neither release (Gpg4win or GnuPG) contain ‘secure by default’ settings as they use the lowest security settings to achieve backwards compatibility – they’re easily changed though if you know what you’re doing.
Most of the time I use AxCrypt 2 because I prefer the convenience of one password. Login once per session and then get seamless encryption and decryption.September 16, 2017 at 10:10 #7862
Thank you, Svante, for your prompt and complete reply. (I don’t know how you do it – where do you find the time to develop software AND answer everyone’s questions??? You must have more than 24 hours in a day where you live.)
Thanks for your explanation. As for self-decrypting files, I do respectfully disagree with you about that – for the most part, at least – if they are handled properly. (Yes, I read your blog post about that.) For example, notifying your recipient that a self-decrypting file will be coming his way. If people are careful never to run an .exe attachment unless they are expecting it and they know what it is and who it’s from, there should never be a problem. I do understand, of course, that not everyone is careful and maybe that ruins it for the rest of us. :-( It’s moot now anyway, because no email application or web interface will allow you to send an .exe file. :-( (That’s a shame, though, because it seems like such a simple solution and doesn’t require your recipient to download and install any software to read your encrypted attachment.)
But I do appreciate your thoughtful explanation, especially in regard to the SHA-1 issue. :-)September 16, 2017 at 10:19 #7863
I think I have to respectfully disagree with your first paragraph. With millions of downloads, Version 1 was very popular, and for good reason. There’s no need for sockpuppets – there are undoubtedly countless thousands of people who feel as I do, that Version 1 was an elegant, well-designed, easy-to-use solution, and who are very disappointed that it has been abandoned in favor of a very different application that works very differently and that doesn’t have those popular features and costs money – every year! – to use.
> “The reality is that the overwhelming majority of people are satisfied with version 2, and those who aren’t can use version 1.”
Well, yes, except for the fact that the SHA-1 algorithm has been compromised. Svante explained that this doesn’t appear to be a serious problem in the short run, but it’s certainly not ideal, and in the longer term, who knows?
Other than that, I do agree with everything else you said. (With one very small exception, noted below.) I am not suggesting that the features of Version 1 be incorporated into Version 2. Not at all. They are two very different applications with different approaches to solving the problem of securing one’s data. As good as both applications are, they are not compatible with each other. And as you said, trying to graft Version 1 onto Version 2 would add much unwanted complexity and cause confusion.
No, all I was suggesting is that Version 1 be updated to fix the SHA-1 problem. Svante subsequently explained that doing so is harder than it sounds, unfortunately. (I have to believe that it’s not impossible, however!)
(The one small exception to my general agreement with you is with regard to convenience. I don’t find the idea of having more than one password to be all that inconvenient. I’m certainly not suggesting a different password for every file. Just two, or perhaps three at most, for different classes of files. And as for forgetting your password – well, that’s a potential problem with any encryption system. Just be careful and don’t forget it!)
(The problem of forgetting one’s password can be easily solved by just using an easy-to-remember password like “password” or “123456”.)September 16, 2017 at 10:22 #7864
(Just kidding!!!) :-DSeptember 16, 2017 at 12:27 #7865
With millions of downloads, Version 1 was very popular, and for good reason.
Millions of downloads over nearly 20 years. It was a product of its time, originally developed before encryption became ubiquitous. Today most software includes encryption facilities; Microsoft Office encryption is now unbreakable compared to its predecessors, allows per-file passwords and using it is compatible with all platforms (MacOS, iOS, Android). Even modern PDFs use unbreakable encryption.
AxCrypt 1 solved a problem which existed in the ’90s/early ’00s – AxCrypt was offering strong encryption long before Microsoft were.
Most people still aren’t using encryption, and, when they do it’s almost always the transparent type (TLS).
There’s no need for sockpuppets…
Every time somebody submits a comment on here, you consent to Google reCAPTCHA storing data-points about you. There are multiple comments, under different names, using the same/very similar data-points. Genuine, new, comments have a unique data-point but we digress.
…there are undoubtedly countless thousands of people who feel as I do
Assuming this were true then AxCrypt 1 would have been forked (it’s open source) and be maintained by another developer. The truth is very few people want the functionality of AxCrypt 1 any more.
Businesses transmit data internally over secured networks, they send clients encrypted links to secure, audited, clouds and they don’t rely on AxCrypt.
Individuals sending over email can use the in-built encryption of their software such as Microsoft Office or just rely on the transparent TLS encryption of email.
…and who are very disappointed that it has been abandoned in favor of a very different application that works very differently and that doesn’t have those popular features and costs money – every year! – to use
AxCrypt 1 is freeware. AxCrypt 2 is freemium.
As you said yourself, Svante is the developer of the software. The guy has to pay his bills. Can you begrudge him for charging? There’s a free option for those that don’t/can’t pay.
AxCrypt 1 has been around for nearly two decades; should it be his lifelong ambition to constantly update legacy software for which he receives no payment for?
To prove that there’s no/little interest, go and start a GoFundMe (or alternative) campaign and see how
manyfew people are prepared to pay.
It’s moot now anyway, because no email application or web interface will allow you to send an .exe file.
They’re blocked because they’re unsafe. Even if a person is expecting a .exe file from you, they have to trust that your computer isn’t infected with viruses. It’s easy enough for a virus/malware to slip past your AV software (unknown to you), infect your programs and then infect your recipient.
Even if you’ve told them to expect a .exe file they still have to blindly trust the integrity of your computer. With .axx files because there’s no executable the user can decrypt it and then it’s immediately scanned by their AV software. With an .exe they must instruct their AV to ignore the file and arbitrarily execute (it’s essential for decryption) and then it’s too late.
If you want to store your own files on a DVD/USB and want to be able to extract them on another computer then just bundle the single, portable AxCrypt 2 executable. It’s digitally signed by AxCrypt, doesn’t cause virus alerts and doesn’t need to be installed.February 23, 2018 at 00:39 #9610
Svante wrote: “…To share encrypted files with others, you should not be using different passwords either!…”
True in the context of a specific way of thinking that involves “top secret” files and a similar level of computer expertise or enthusiasm on both ends. I understand a programmer not wanting any holes in their software, which is where the technical skill for user-friendliness comes in.
Not true for uses where the files aren’t under much scrutiny, or a relative or friend doesn’t want to bother with extra steps to decode a file and even finds it annoying to be asked. A number of impatient people value every second of their time more than security. The elderly who barely get the difference between a file and folder are another example (sorry, mom). The types of files I send this way are usually family-related info or photos that I don’t want their ISP snooping on. They’re never critical to national security, etc.
It’s also just more fun & interesting to be able to make new passwords on the fly, sometimes done for humorous reasons, or one-off passwords you only use once (like sending a resume to a manager, which could be a strong password based on a custom clue). I enjoy making such clues as needed. The best software allows for different styles of use and weaknesses in human nature while retaining its integrity.
I came here from a 2017/2018 thread after seeing the history of this issue. It’s been discussed to death but it’s a good time for action now.February 23, 2018 at 01:18 #9611
Cody wrote: “….The true number of unique people who want per-file passwords is probably fewer than 10. Analysis of publicly available Google re CAPTCHA usage tends to confirm this….”
Surely you can’t assume it’s just < 10 people?! The context of CAPTCHA is much different (often fueled by impatience) than sending files to people with a a favorite shared password on a random basis. The very fact that people are “complaining” about v2, and they don’t seem to be random rubes, should tell you something’s up. Denial isn’t a good reaction to anything.
The reasons I like making passwords on the fly are that it’s the only way I can get certain computer-resistant family members to decode files (hard to explain offhand) and it can be interesting and fun to make up different passwords for files that aren’t critical. There are various ways to use software that can’t be rigidly assumed from one’s personal experience or taste. If a file gets cracked and it’s just for casual use, the burden is on the user with a disclaimer stating such.
I’d rather have all that functionality in one program vs. alternate methods, like 7-Zip or PDF-based encryption that’s limited to certain files. The best software will find a way to cater to as many users as possible within pragmatic constraints.February 24, 2018 at 21:41 #9619
Just downloaded the latest version of AxCrypt yesterday. Tried it on several computers. I used a old version every now and then and it worked as expected. This current version is awful. Not intuitive. Repetitive prompts are annoying. And finally, it just doesn’t work. I couldn’t decrypt anything I encrypted. I’ve been a software developer myself for 30 years. This thing is useless. I googled my problems. It’s happening to other people too. I can’t waste my time with this crap so I’m warning everybody to go somewhere else.February 24, 2018 at 23:09 #9620
Hello Joe Donobome,
Thank you for your input, but…
Nope, you’re quite wrong in stating that it just doesn’t work. AxCrypt 2 in general works fine. Of course, it’s software, so it may have some bugs but for normal usage it’s quite stable and reliable – as evidenced by literally hundreds of thousands of users being successful in using it. Please contact support for help if you are having trouble using it.
It’s hard to help you since you just say that you can’t “decrypt anything I encrypted”. If you provide more information, it may help us understand what the problem is for you.
I can understand that you have opinions about the “repetitive prompts”, when starting AxCrypt for the first time there are some prompts and some steps to go through. We’re trying to keep them to a minimum, but every step and every prompt is there for a reason – because we’ve had users having trouble with the software, and these steps and prompts have minimized that. With the old version, we’d have much more users losing data for example due to forgotten passwords.February 25, 2018 at 00:56 #9621
I seriously doubt you’re a (competent) programmer, claiming it “doesn’t work” and generally writing like an Amazon product reviewer who gives up on something out of technical ineptness and gives it an undeserved one-star review.
The author has a strong viewpoint about single-password security, but that’s really the only issue in v2 when you get used to the windowed option of the interface.February 25, 2018 at 09:36 #9622
Jack C. and others
You’re wasting your breath pointlessly arguing the same point ad nauseam.
AxCrypt have decided to pursue a particular goal with their encryption and that’s a decision which they’re entitled to make.
If you’re not happy, stop bleating and go elsewhere. Your points have been made and don’t have any more value just because you dislike the product architects response.February 25, 2018 at 10:41 #9623
Actually, Jack C. was responding to the comment by Joe Donobomo – with essentially the same message as you. ( I think… ;-) )February 25, 2018 at 11:13 #9624
“Whoa, take ‘er easy there, Pilgrim!” Svante indicates he’s warming up to the idea of allowing secondary passwords, which would be great news for many of us complainers (see https://www.axcrypt.net/forums/topic/axcrypt-2-makes-me-sad/). The man seems good-natured about the whole thing so it’s just tech banter to me.
I don’t like to complain in the form of whining or berating, and I respect someone who created something that I couldn’t, but one can be logical and point stuff out. It’s ultimately his business but most of us like the software and don’t want to dump it just for this issue.March 12, 2018 at 19:28 #9905
AxCrypt2 is awful! You took a really good simple product and fucked it up (monetized it)!March 12, 2018 at 23:09 #9908
AxCrypt2 is awful! You took a really good simple product and fucked it up (monetized it)!
Go elsewhere with comments like that.
Money makes the world go round.
Either develop the software yourself (or pay a developer yourself to make an encryption tool) or stop moaning.
It was a decision to continue developing or cease development through lack of funds.