hi all i found this nifty lil encryption tool AxCrypt and though i would see if anyone has heard of it ? it says its open source so there shouldn't be any hidden surprises but i though i would come here and get it checked out all the same http://axcrypt.sourceforge.net/ here is a small exert from there home page AxCrypt is free and easy to use open source strong file encryption for Windows 95/98/ME/NT/2K/XP, integrated with Windows Explorer. Encrypt, compress, decrypt, wipe, view and edit with a few mouse clicks. Cryptographic primitives are AES-128 and SHA-1. Encrypted files have a ".axx" extension added to their names, and are shown with a new icon. To encrypt a file, right-click it in Windows Explorer and select 'AxCrypt | Encrypt'. To edit or view an encrypted file - just double-click it. To decrypt, right-click and select 'AxCrypt | Decrypt' instead. No configuration is necessary. Run the installer, and AxCrypt is ready to use. English, German, French, Spanish, Italian or Swedish will be used for messages and dialogues depending on the language of the system. Documentation (this document) and installation scripts are in English.
Hi Bethrezen, sorry, but there are better encryption tools out there, which are as easy to use as AxCrypt (but by far safer). By the way did you notice that: How secure is it? Assuming that AES is secure, which most do, and that the AxCrypt implementation is ok... The question breaks down to key lengths. The key length used is 128 bits - exhaustive search is not currently believed to be an option. The problem lies with the passphrases used. This is the weak point. 128 bit encryption? Not that much... Actually a very weak encryption. Shouldn't take you long to crack either the encryption or the password. Why does AxCrypt only ask for a passphrase once - is not that insecure? Security is a chain only as strong as it's weakest link. In your local system, there are so many other ways to get at your data, that to sacrifice the convenience of a secured passphrase cache just to 'feel' safer, was not thought to be a good idea. If you are concernced about physical access to your own computer there are other measures you should take first. For special situations, there is a link installed in the Start-menu called 'Clear Passphrase Cache' that you may invoke manually or programatically. Sorry, but this doesn't convince me at all! Regards, Patrice
Hi guys, I havn't checked out AxCrypt so I can't comment on the actual program. IF its AES implementation is ok, 128bits is a pretty good encryption level, I doubt anyone but serious companies could spend the time bruteforcing this. 256bits is obviously a lot more secure than 128bit keys but its sort of like comparing a wall thats 1KM tall and one thats 1 million KM's tall. It's going to stop most people from jumping over it The one thing I would be wary of is the comment "IF our AES implementation is OK" .... seem's they don't have much confidence in their algorithm . Caching passwords... its one of those things that does make life easier, but if you have DATA you want encrypted and the keys are stored, whats stopping anyone from going the easy route and just stealing your computer . Unlikely to happen sure, but if you are caching passwords you aren't that serious about encryption. I would recommend at least an 8 character password for 128bit and 8-16 character password for 256bit. The password should include ALL of these in any amount, uppercase letters, lowercase letters, numbers, special characters ($,#,@,!,etc). Depending on how the program generates keys, if that process is too intensive then it isn't viable to do a passphrase based bruteforce which is why I suggest people who write encryption programs make the key generating process somewhat intensive. If the key isn't generated any special way then it is highly susceptible to password attacks, its hard to say how a program does it until you reverse engineer it. What you have to realize is what is DONE to your "128bit key" after you've entered your password. A 128bit key is just that, its 16 bytes long, it should not be filled with your password. I have seen programs make a key by doing this, if I say entered "pass123" as my password :- "pass123pass123pa". Special hashing and other techniques SHOULD be used to make "pass123" (which BTW is a weak password) into a 16byte length so it isn't repeated, and isn't just plaintext, etc. -Jason-
Hey Jason, thanks for your comments, they were as always very interesting to read! By the way do you really think that 128 bit is enough? I think it was you who told me that you bruteforced a 256 bit key within 5 hours... https://www.wilderssecurity.com/showthread.php?t=9075;start=15 Let's say, with a tool like LC4 or something similar it shouldn't be a problem to crack the password. Don't you think like that as well? Best regards, Patrice
Hi Patrice, yes bruteforced a 256bit RSA key . Some people say a 2048bit RSA key equates to around 128bit symmetric key (like AES/RijnDael) . Symmetric Ciphers (like AES) are much more difficult to bruteforce at a given keysize then asymmetric ciphers like RSA. I wouldn't be able to bruteforce a 128bit AES key in a million years probably on a 1gigahz machine . Assymetric ciphers like RSA are vulnerable to improvements in factoring, which decreases the amount of time to bruteforce a RSA key. Symmetric ciphers don't really change this way so the only way you can increase bruteforcing speed is to add more CPU power. I can for instance BRUTE FORCE a 32bit symmetric key in 1-3minutes on a 1gigahz machine, you have to multiply THAT time taken by 2^124 to get how long it would take me to do a 128bit symmetric key if all things were equal. -Jason-
Mhh... I see, again the different keys (AES, RAS, Diffie-Hellman,...) come into the game. Quite complex to understand all these keys and their weaknesses. I think I have to check out some books to understand all of them. By the way do you know a good and easy to understand document where I can read about all these keys? I know that PGP has a good documentation about them, but perhaps something else exists as well. Regards, Patrice
Hmmm, I have read the one that is on the DiamondCS webpage from Bruce Schneir I think, thats pretty good in areas, and also a good introduction to cryptography is "The Code Book" by Simon Singh . Read "The Code Book" first and then move onto more complicated books like the Bruce Schneir ones. You'll need a semi-good knowledge of maths for some things though but don't let that stop you -Jason-
Hello, I am the author of AxCrypt, the topic of this thread. It seems necessary to put some things straight. I'll try to put my comments in context below. "128 bit encryption? Not that much... Actually a very weak encryption. Shouldn't take you long to crack either the encryption or the password." -> First point: AES-128 is not brute-forceable today. Period. Please prove otherwise, if you do claim so (you'll be rich and famous!). Do not compare RSA key-lenghts with AES key-lengths. Very different. -> Second point: Yes, the password may be 'crackable', if the user chooses a bad one. If the user chooses a good one, it is also computationally infeasible today. Please also note that the key-wrapping method used in AxCrypt adds a work-factor equivalent to about 13 bits to further protect the passphrase. -> Third point: AxCrypt does not use the passphrase to encrypt data. It uses it to encrypt a 'true' 128 bit data encrypting key, unique for every encryption. "The one thing I would be wary of is the comment "IF our AES implementation is OK" .... seem's they don't have much confidence in their algorithm . " -> Yes, I do have confidence in the AES implementation. It's pretty well verified. But it is a humble caveat to note the fact that I, as all programmers, may make mistakes. They are called bugs. It's happened before. But as AxCrypt is open source, it will be reviewed by many eyes _looking_ for that mistake. So far one that affects security has been discovered, in version 1.1 if I recall correctly. All software contains bugs. That's what my comment is about. It's not about confidence, or lack thereof. "Caching passwords... its one of those things that does make life easier, but if you have DATA you want encrypted and the keys are stored, whats stopping anyone from going the easy route and just stealing your computer . Unlikely to happen sure, but if you are caching passwords you aren't that serious about encryption." -> The passphrases are cached in memory. You'll have to steal the computer with the power cord dangling. Anyway - if someone has physical access to the computer unprotected, all bets are off anyway. Just install a keyboard logger, like the FBI did in New Jersey. If you have a portable and don't use a screen saver, and lose it, then you're also in trouble. All this is documented on the home page. "I would recommend at least an 8 character password for 128bit and 8-16 character password for 256bit." -> This is outright silly. An 8 char password using 96 possible characters is approximately equivalent to 52 bits. Period. You can't recommend different lengths of passwords for 128 and 256-bit keys unless the keys in question actually reach the levels in question. Thus, to get a true 128-bit key, you need 20 very random characters in the password. For 256-bit, well... It's about 40 characters! Not more, not less. More doesn't hurt - but it doesn't help either. "What you have to realize is what is DONE to your "128bit key" after you've entered your password." -> True. In AxCrypt, the passphrase is hashed with SHA-1. This is then used as a key-encrypting key for the actual data-encrypting key, which is generated from a source very close to a true random number (check the code for details). The data-encrypting key is then stored in the file, wrapped with the NIST AES key wrapping method, with iterations adding a work-effort of approximately 13-bits to a brute-force attack against the passphrase. "Read "The Code Book" first and then move onto more complicated books like the Bruce Schneier ones." -> This is good advice. Read some books, understand them, then make comments about encryption program and algorithm strength. -- I get the question very frequently about 128-bit versus 256-bit encryption, and the reason I use 128-bit encryption in AxCrypt is simply because as long as the data (indirectly through a key) is protected with a passphrase, it's ridiculous to believe any extra security is gained with 256-bit encryption. That's just misleading advertising - for the simple reason that no sane, normal, person will be able to commit a string of characters corresponding to 256 bits to memory! You should also remember that 128-bit encryption is still computationally infeasible to brute force today, but this will probably change in about 25+ years due to Moores Law. For storage longer than that, yes I would recommend 256-bit encryption, but also use something else than passphrases to store the key-bits. The next version of AxCrypt will use 256-bit encryption anyway, just so I don't have to answer these tiresome questions all the time. It won't add any real security, but it won't hurt it either - just slow it down by perhaps 10%. But remember - it's your passphrase that protects your data - not the key-length used in the encryption. You have to provide a strong enough passphrase. If you say "A" and then use that to encrypt data with AES-256, that'll be no safer than saying "B" and then use that to encrypt data with AES-128. Both are just as unsafe. The encryption in AxCrypt is as strong as you can get with passphrase based encryption, unless you're very good at remembering 20+ character random strings... As for the security of the overall application, well, it depends on what you use it for. In certain contexts other apps may be better, in others AxCrypt is better. --- I hope that the above will clear out some issues. Best regards, Svante
hi all thank you for your replys I'm going to need a lil help here because there seams to be to conflicting view points here one that basically says that the app is no good and one that says that it is it just depends on what ya using it for well to answer that question what I'm using it for is general day to day use for instance if I'm writing a personal letter to my girl friend and i don't want anyone else that has access to the comp to be looking at what I'm writing now this would be a typical example of the sort of use that i use AxCrypt for now ok i know that this probable wouldn't stand up to an examination from say an agency like the NSA for instance but then again even some of the best apps out there probably wouldn't we just don't know what i really wanna know is as a tool for general day to day use just to keep my personal effects personal would you consider this app to be suitable or would you suggest something better if so what and why ? also could you recommend a sort of check list of things i should look for in an encryption app and could you also list some decent reliable encryption apps i know i have asked this before but well it got pulled so ill ask again also what are your thoughts on full drive encryption i hear this is a good way to keep unauthorised people off your computer also a nice way to foil any would be computer thieves
Hi Svante, Could you provide proof that AES-128 has not been bruteforced? It's moot trying to argue this point so I don't know why you try and make AES-128 look any more secure then any other key length which cannot be bruteforced in a reasonable amount of time on a few computers. The whole point of encryption is to use the best that you can at any given time. In regards to passphrase length, please note I said "at least". Depending on how the passphrase is handled it adds a further amount of time to bruteforce it, I am taking that whats you mean by "work factor" with your key. If the time taken to "test" a passphrase is ~4 billion times more computational then testing a bruteforced key, how much more security does that add to the passphrase? I recommend these values for certain reasons (which I won't divulge into here) but as you said the passphrases should ideally be much longer. I am sure you have seen certain other encryption programs out there recommend at least "5 character" passwords and other low, similar values (even with 256bit AES). I could go into a lot more detail about how you could improve your program but I am sure, given time, you will add more features and security. Just out of curiousity, how long has AxCrypt been around? -Jason-
128-bit AES is strong. very strong. why do you think Rijndael was *selected* as the AES? there were many good candidates. the officially adopted AES was *in fact* the 128-bit Rijndael. the US government would not have selected the algorithm as the standard for all government encryption if it was weak!! it was judged the best there is! i also have to agree with svante that the password should be *at least* 12-15 characters to make good use of even the 128-bit key. if you were to use a 256-bit key it is overkill to the max. you would need a very long password to make use of that. you break 128-bit AES and we will all see your name on the front page of the new york times. patrice whoever he or she is needs much more education before tossing out comments like 128-bit AES is weak encryption. that's pretty funny. only later does he or she ask for a book to read. i believe that one should not talk like an expert if they are not one. i have now read two posts by the same person written from what sounds like good authority that is pure hogwash. that is a disservice to people who come here for advice. i have read many good posts going back a long time on this board and some wise people have gone missing and need to return. a few of these posts that sound like expert advice is just plain horrible advice. sorry to go on and on but i was surprised by the lack of understanding by some who talk like they know. this board is too good for voices of inexperience speaking like experts. a long two cents.
"well to answer that question what I'm using it for is general day to day use for instance if I'm writing a personal letter to my girl friend and i don't want anyone else that has access to the comp to be looking at what I'm writing now this would be a typical example of the sort of use that i use AxCrypt for" -> For protection of data on your local hard disk only, virtual hard disk encryption à la PGP-disk is probably the best type of application. The data is kept inside a container file, and will look like a removable unit or hard disk, i.e. a new drive letter. The problem is that these container files are usually not suitable to transport, i.e. to e-mail and such. You may still experience data and key leaks due to temporary files and the swap file though. -> AxCrypt and similar types of file-level encryption are best for transporting data and storing data on remote locations, such as network servers and internet services. AxCrypt also endeavours to keep the local hard disk clean from key or data leakage, but the problem is that your application will likely leak data by way of temporary files and the swap file. This is hard to handle in a file encryption app. If you follow the recommendations on the AxCrypt home page, you'll be reasonable safe, i.e. it will take a good computer forensic lab some effort and they will likely only get snippets of data - possibly enough to to piece together it all if they are lucky. These limitations are shared by _all_ file encryption apps - it's not a weakness of AxCrypt as such. There are various other variants too, including shell namespace extensions that gives you encrypted folders, pretty much like EFS in Win 2K/XP. They still share the same weakness with application temp files and the swap file. "what i really wanna know is as a tool for general day to day use just to keep my personal effects personal would you consider this app to be suitable or would you suggest something better if so what and why ?" -> If you're only concerned with local PC storage, and do not store the data in other places, nor send it to some one where you want to keep it encrypted in transit, I would probably recommend a virtual encrypted hard drive for the really paranoid. Personally I use AxCrypt ;-) If you have Windows 2K/XP, you might want to consider EFS - the problem with it is that it's so transparent it's hard to fully understand how it works. But used properly (and in 128-bit mode, not 40-bit mode...) it's likely safe. If you subscribe to conspiracy theories this is probably not the solution of choice though... ;-) "also could you recommend a sort of check list of things i should look for in an encryption app and could you also list some decent reliable encryption apps i know i have asked this before but well it got pulled so ill ask again" -> Yes, read the Snake Oil FAQ. http://tinyurl.com/d13n . This does not list apps, but gives you some good indications of warning signs of bad crypto. "also what are your thoughts on full drive encryption i hear this is a good way to keep unauthorised people off your computer also a nice way to foil any would be computer thieves" -> This is good practice for portable computures, but only if used together with Windows 2K/XP and with a screen saver that locks the computer on resume, and which has a strong passphrase. Best regards, Svante
Hi Svante & Novirusguy, thank you very much for your clarifications. Yes, I made a mistake, I was confusing the 128 bit key AES with RSA. I'm sorry for that. Jason already corrected me about this issue. I'm not a developer or something similar like that as Jason or Svante, so it can happen that I'm wrong when it comes to the mathematical side of the keys. I hope you understand this. But I'm using encryption software since 1997, it all started with PGP for me. So, Novirusguy, I hope you see that I'm not a newbie about encryption. I'm using it daily and I read a lot about it already (Phil Zimmermann). Nevertheless, I need more knowledge about the mathematical side of it, that's why I was asking for a good book. I hope this makes things more clear! Best regards, Patrice
"Could you provide proof that AES-128 has not been bruteforced?" -> Well, since you ask the question in that way, yes, I pretty much believe I can. You specifically say "bruteforced", not "broken". Bruteforce means just that - i.e. try all possible key combinations until you hit the right one. With AES-128 you have 2^128 tries to go before you are sure to find the right key. Let's theorize a bruteforce cracker, chugging along at 1THz, and that it is capable of trying one key every cycle (this is a pretty neat machine by the way, if you find one, let me know... ;-). Now, one 1THz (that's a thousand GHz) means that it can try 10^12 keys every second. This is about 2^40 keys every second. Ok, this means that we have 2^(128-40) = 2^88 seconds to go, to try search the entire key space. In one year, there are just under 2^22 seconds. This means we need 2^(88-22) = 2^66 years to search the full key space. Now, 2^66 is a pretty long time... All right, let's be massively parallell here. Let's build 1 billion of these cracker suckers. 1 billion is 10^9 which is approximately equal to 2^30. So, now we only have to wait 2^(66-30) = 2^36 years to search the full space! Ok, let's settle for just 1% chance, or let's say 1/128 chance of finding the right key, then we only have to wait 2^(36-7) = 2^29 years! Don't hold your breath (that's about 500 million years). -> Conclusion: Yes, I think I can say fairly positively, that there is no hardware capable of brute-forcing AES-128. -> Final note: Does this mean that no encryption with AES-128 has been bruteforced? Not the same thing. If the key is directly derived from let's say a passphrase of 8 characters, then I don't have to seach the entire key space of 2^128 bits. Because the _effective_ key space is then equal to the number of possible passphrases, and if I know this is just 8 printable characters, this is only about 52 bits - which the above theorized (but non-existing) cracker will bruteforce in under an hour. This is one reason why real-world attacks are more successful than theory states - the weakness is in the password. Dictionary attacks are often successful, and variants thereof. That's (partially) why such programs as l0phtcrack and john are successful. "It's moot trying to argue this point so I don't know why you try and make AES-128 look any more secure then any other key length which cannot be bruteforced in a reasonable amount of time on a few computers." -> I'm sorry, but I can't make sense of this sentence. If you clarify your meaning, I'll try to comment. "The whole point of encryption is to use the best that you can at any given time." -> That is your opinion, not something so by definition or as objective fact. I happen to disagree - I would rather state my opinion as 'the whole point of encryption is to make it too expensive for a would be attacker to retrieve the protected information in the time frame that the information is relevant'. Please note, that it's probably cheaper and easier to resort to rubber-hose cryptography in most cases. (In clear text this means threaten or beat the owner of the key until (s)he divulges it). The point being that there are many other ways to get at the information than cracking the encryption. "If the time taken to "test" a passphrase is ~4 billion times more computational then testing a bruteforced key, how much more security does that add to the passphrase?" -> About 32 bits. (Under the assumption that you cannot short-circuit the process, and bypass the 4 billion times more computaional step). "I recommend these values for certain reasons (which I won't divulge into here) but as you said the passphrases should ideally be much longer." -> Well, if you won't divulge them here, I can not comment them. "I could go into a lot more detail about how you could improve your program but I am sure, given time, you will add more features and security." -> I apprciate all feedback! Please use the feature request function on sourceforge. Just out of curiousity, how long has AxCrypt been around? -> As can be seen on Sourceforge, release 1.1 which I would say is the first stable release, was released on April 25, 2002. Best regards, Svante
Only as separate files. The shell extension interface will let you select a folder and it will encrypt all the files in the folder. It will not archive them à la winzip, nor will it put the folder in 'encrypted mode' like EFS or some folder encrypting programs. Best regards, Svante
hi thanks for your replies and thanks for the link for the info on what to look for in a good crypto tool ill make sure to read through it ok now my next question ok so for storage of files that are staying on my computer and not going anywhere else i should look for a tool that can create a virtual encrypted drive ok this is clear how ever i cant use pgp disk because I'm not in the us do you know of an alternative ? and to deter any nosey people from logging on to my comp while I'm not there and also to deter computer and data thieves full drive encryption along with a good screen saver password to lock the comp if i need to leave it for some reason ok good now I'm starting to get an idea of what i should be looking for so what about if i want to encrypt the file for transit to another person say for arguments sake an email or if i want to send my friend some files also what about the windows password because the windows password on 98 se which is what I'm using is useless is there a way to secure this ?? because it can be bypassed in about 30 seconds is just hit cancel find the .PWL file and delete it and restart now the comp thinks that no password has been entered and will now ask you to enter a new password and now I'm logged in as admin is there a way i can stop this ?? for instance a way to remove the cancel button and stop the .pwl file being tampered with ?? so even if they get my password to decrypt my hard drive they still cant log in to windows ok now with that out of the way my next question is what about encrypting my net connection so that i can deter tracking and eavesdropping from nosey parties like your isp for instance so that when I'm surfing the net or on chat apps like msn messenger for instance i can keep my activities privet
Thanks for the answer Svante. I have a folder to encrypt and I was looking for a fast and easy program to encrypt it. It's has to be a light program.
Hi Bethrezen, I don't get it why you can't use PGP. I don't live in the US neither but I'm able to use it. This time is over, the US doesn't regard encryption anymore as ammunition as they did earlier. One of those links should work for you: http://www.pgp.com/index.php http://www.pgp.com/international.html (PGP all over the world) http://www.pgpi.org/ If you want to use another encryption software you can have a look at DriveCrypt: http://www.drivecrypt.com/ There are some others as well, but I won't list them here because I never tested them thoroughly myself. Hope that helps you out so far! Best regards, Patrice P.S. By the way I just realized a few days ago, that you can encrypt the communication of ICQ with PGP. But I never tested it, because I don't use Messengers anymore.
Not quite sure if that means you can use AxCrypt or not - but a suggestion is to use WinZip or equivalent to archive the directory first, and then encrypt it with AxCrypt. If it's not huge, it works fine to work with the encrypted archive, i.e. first double-click the encrypted file, which will decrypt it and open it in WinZip. In WinZip you can then view or edit the files in the archive. When you're done, and close WinZip, the file is re-encrypted automatically by AxCrypt.
I have been using AxCrypt for about 4 months now and I'm very pleased with it. I wouldn't necessarily use it to transport a file, but I do use it to remotely store files. I also use a program to hide the file in another file, which gives a little added security. The fact that you can leave the pass-phase in cache is good feature if you happen to be working with a lot of files. You can always wipe it before leaving. Yes there is a problem left with trace things that might be left in cache files somewhere on the system. But probably a good disc cleaner will wipe most of that. I am exploring other applications for things that might require more security and I recently came across a program that supposedly wipes those temp files after encryption. I haven't tested it yet. In conclusion, I am happy with AxCrypt, it's ease of use and have recommended it others, including clients who use our web hosting.
