September 14, 2018 at 17:00 #11350
I understand that the session key is encrypted with my public key and added to every encrypted file. I understand that this session key can be decrypted if I supply my password and used to decrypt the data.
If the above is correct, why is it useful to also add a copy of the session key encrypted with my password to the file?
ThankdsSeptember 14, 2018 at 19:41 #11351
The session key is encrypted with your public key. To decrypt it, the password itself is not sufficient – you need the private key (which in turn is encrypted with your current AxCrypt ID password). But you still need that private key. The password alone is not enough.
The reason for adding the encryption of the session key with your password is to ensure that even if you lose your private key for whatever reason, the file will still be decryptable as long as you know the original password thus keeping the original paradigm. If you know the password and have the software you can decrypt.
If we did not, you’ll need the third piece, the private key which is *not* stored in the file.
We try to keep so that the public-key based part of AxCrypt is for sharing and for convenience – but in the end the password is all that’s required.October 10, 2018 at 07:13 #11520
I understand that the 256 bit AES session key is more secure than the 4096 bit RSA public key used to encrypt the session key.
Since my password is also used to encrypt the session key, about how long would my password need to be for it to be more secure than the 4096 public key? That is, it seems that password length is most likely the weak link for brute force or factoring attacks. Is this true?
JimNovember 14, 2018 at 07:20 #12026
AxCrypt has a sophisticated password strength evaluator based on measuring the actual strength of the password. It must also be at least 8 effective characters long. You can use more than that length also.
We evaluate the password by estimating the strength, which is based on how long and complex the password is.
The evaluation entirely disregards parts of the password that is recognized as being among the 1,000 most common passwords, as well as white space.
For example the password ‘secretX password Y 123456’ is evaluated as just ‘XY’, since spaces, ‘secret’, ‘password’ and ‘123456’ are ignored!
We classify the password in 4 categories of increasing strength, were we do not accept any password in the lowest category. The above example is not accepted for that reason.
If you want suggest strong password with minimum length, please check here: https://www.axcrypt.net/password-generator/. The generated passwords are more stronger and will take some million/trillion years to break the passwords.
Please check out our blog to know more about the AxCrypt Keys, https://www.axcrypt.net/blog/what-is-an-axcrypt-id/.