March 21, 2017 at 22:04 #5791
Sorry guys and Girls, but your UI is not user friendly. Maybe this is related to the fact that you concentrate on charging instead of giving a user firendly Interface.
On a related note: AES128 while still considered not broken is a little low for security requirements – AES256 would be considered industry Standard.
In total: Level 10 on the suck-o-meter.March 22, 2017 at 07:53 #5792
Thanks for the feedback. However, this is a public forum, and while we appreciate negative as well as positive feedback – we like constructive and polite feedback even more!
If you’d like to tell us just what aspects of the user interface you found least appealing or most hard to understand, it would actually help us improve the product! If you do, can I please ask you to formulate it a little nicer?
Commenting on the one actual concrete criticism concerning AES-128 vs. AES-256, could you perhaps provide some sources for that statement? To our knowledge, there is no indication that AES-128 strength “is a little low for security requirements“. Then again, that depends on just what those requirements are. AES-128 is considered strong enough for US government information classified as secret, it’s apparently good enough for some requirements. It’s also good enough for use in many private and public corporations according to their respective polices. Other requirements require other levels of strength. Just stating that a security measure “is a little low for security requirements” without reference to the actual requirements is both a meaningless and misleading statement.
If you state that AES-128 is a little low for your personal security requirements, that’s fine. We have many users who are correctly judging that AES-128 is good enough for any reasonable personal level of security, and who also realize that they are unlikely to use passwords of sufficient length and complexity to even approach 128 bits in actual strength anyway. Then we have others users who feel more comfortable with AES-256, and for those we offer that too – at a small cost in our Premium software.
Concerning your implied criticism of the fact that we have a for-pay option with advanced features for AxCrypt, that’s just an aspect of the real world, where we simply need revenue in order to develop, maintain, support and improve the software. We still offer a really useful software entirely for free, something most software manufacturers do not.March 22, 2017 at 11:53 #5793
Matze, I’d like to correct you on your assertion that AES-128 is not broken, it is. Cryptographers consider the whole suite of AES implementations to be broken: AES-128, AES-196 and AES-256 to be broken. For most practical purposes it still is the best cipher.March 22, 2017 at 13:22 #5794
Since many readers of these forums are not experts, and cannot be expected to be able to see what is fact and what is fiction, when a statement such as “Cryptographers consider the whole suite of AES implementations to be broken: AES-128, AES-196 and AES-256 to be broken.” – Please provide a reputable source reference! The article from 2011 you refer to while very interesting, does not in any way indicate that AES is broken. In fact, it explicitly states: “However, it doesn’t compromise AES in any practical way.”.
Exactly which cryptographers have this opinion, and where have they published results to support it? To my knowledge, no such cryptographers exist, or such results.
Also, I’m afraid the statement that “AES is considered broken”, followed by a statement that “for practical purposes it still is the best cipher“, is just plain contradictory. Broken is broken. If it’s broken it should not be used. But AES is *not* considered broken by any published cryptographers.
As always there are conspiracy theorists, but is beyond the scope and dignity of these forums I believe.March 22, 2017 at 21:00 #5795
Svante, my remarks aren’t contradictory – I’m using the term “broken” in the correct, academic and cryptographic sense.
If a cipher can be broken with anything less than exhaustive key search, which AES can, then it’s considered broken. That doesn’t mean that it’s no good.
The AES biclique attack, from a very reputable source, proves this.
Also, see this.
Here are Bruce Schneier’s remarks:
“Breaking a cipher simply means finding a weakness in the cipher that can be exploited with a complexity less than brute force. Never mind that brute-force might require 2128 encryptions; an attack requiring 2110 encryptions would be considered a break…simply put, a break can just be a certificational weakness: evidence that the cipher does not perform as advertised.”
If his comments aren’t reputable then I don’t know whose are.March 22, 2017 at 21:24 #5796
Thanks, and yes, you’re right that there has been a break published against AES, as you say, in the academic sense. There are also various breaks against reduced round versions. There is still no practical attack published. The text your refer to starts with:
“Breaking a cipher doesn’t necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext“.
The problem here is that even cryptographers do not have a precise vocabulary to distinguish various levels of breaks. I personally tend to use the term “break” in context to describe the break. I.e. “There’s a break against AES in all versions reducing the complexity by 2-3 bits”. When I use the term “broken”, with this I mean that the algorithm is entirely compromised and considered unsafe.
I find it very unintuitive and misleading to state that since there’s a break against AES reducing the complexity by a few bits, AES is broken. Therefore I protest against such a statement when it’s not carefully qualified to explain just what parts or to what extent it is broken.
Still, I will certainly agree that in the long run there are some indications that AES might indeed become unsafe one day, since there are several published weaknesses found, even if no practical attack has yet been published. As you quote Bruce Schneier, I’ll have to do the same: “Attacks never get worse, they only get better”. (more or less, it’s from memory).
Thanks for good input! But remember, most readers of these posts are not cryptographically knowledgeable – or even interested. They just want to know the simplest answer to the question “Is AxCrypt safe?”. I know, and obviously you do too, that there’s no really simple answer like “yes” or “no” to that question. But we have to try to give as good and as simple answers as possible.March 22, 2017 at 21:41 #5797
Maybe I could have been clearer in my original post although that’s why I did qualify my comments with “For most practical purposes it still is the best cipher.” Even if AES-128 takes billions instead of trillions years to break, I still consider that sufficient for my purposes.
Similarly I consider that the cipher is ‘broken’ because the number of combinations can be reduced (disregarding impractical amounts of time, money, resources etc.). The biclique attack is only one such method, there are others.
An extract from an academic textbook if anyone else is reading this and is interested:March 22, 2017 at 21:43 #5798