Discussion in 'privacy technology' started by CloneRanger, Mar 23, 2013.
Does anybody know how this file is wiped by Axcrypt (1 pass, 3 passes, etc.)?
I've never seen Axcrypt wipe any original file it encrypts.
I meant wiping the temp file.
you can see here http://www.axantum.com/AxCrypt/security.html
however about .tmp file and what method Axcrypt uses to delete/wipe it,
personaly i would prefer encryption on the fly.
here is a link about how Axcrypt deals with the .tmp file
see what sami lamti replied about it
In the above links the developer never does quite explain the usage or status of AxCrypt's temp files, although to his credit he does recommend encrypting the temp folder in order to prevent leaks.
In the second link he states that the temp file is encrypted, but it's definitely not. Perhaps his definition of 'temp file' is different than mine, or perhaps he is being deliberately vague, but the bottom line is that when an AxCrypt file is opened, AxCrypt creates a plaintext copy of the encrypted file on the hard drive. (Or at least, it did the last time I checked.)
I think the only way to get a proper answer will be to ask the developer for a full explanation of temp file usage and the wiping of plaintext.
i agree 100%
to me:encryption "on the fly"
I am the developer of AxCrypt.
AxCrypt works by decrypting the file to a plaintext version in the user temporary directory, actually a subdirectory to the folder %TEMP% refers to.
It then launches the application associated with the file extension, and monitors that application in various ways in order to determine when the application is done with the file.
Once it detects that the file is no longer used, it re-encrypts it back to the original location (if it was changed), and then wipes the plain text temporary. It also checks the temporary folder when started, in case there are files left there from an earlier session that did not end in a controlled manner.
The wiping is by default a single pass of random data overwrite. It can be changed with a registry setting to up to 7 passes with alternating zeroes, fixed and random patterns.
On-the-fly file encryption and decryption has some advantages in that there is never a full plain text copy of the file made by the encryption software. However, there is still the temporary files made by the application itself to consider. This leads to 'folder encryption', which also has some advantages.
The main reason for not doing either of this with AxCrypt is that it requires a level of integration with the operating system that at least at the time it was originally developed required kernel mode drivers, which poses some interesting issues by itself. I wanted AxCrypt to be a 100% user mode software.
AxCrypt is best suited for data that is moved between systems, perhaps between two communicating parties. It is also well suited to handle a small number of specific files that needs protection. For day-to-day encryption of all your files at rest on a single system, encrypting file system, encrypted virtual disks or full-disk encryption with for example TrueCrypt is a better match.
Personally I think EFS, TrueCrypt and AxCrypt complement each other and I regularly use all three.
I am the developer of AxCrypt.
Or follow any of the instructions at the bottom of http://www.axantum.com/AxCrypt/Freeware.html . This page is linked to from the downloads page, and also in the first paragraph of text when the standard installer opens. Much easier ;-) No need to get tricky.
thanks much for replying with all these info.
Do you think 1 pass is enough to make the file unrecoverable?
I believe this is a key point, since it would not make any sense to have Axcrypted files (@AES12 if than they can retrieved from the Temp folder.
Thanks again for your time.
Yes I do think so. Or, rather, either it's sufficient or it doesn't really matter how many passes.
Overwriting from the 'outside' to a modern device may not do quite the expected thing for various reasons. The most obvious being the way SSD-device controllers try to avoid writing too many times in the same location. An overwrite may thus not actually overwrite, but instead write in a new physical location.
But, my point is that a one pass overwrite will suffice to render recovery impractical without special hardware, software and skills. If you want to sanitize media with classified information you need to physically destroy the media in an approved manner.
For people and organizations who do not expect full-scale attacks against the media and encryption by military intelligence organizations, single pass is enough. For those who do, the only way to be sure is to really destroy the media.
Nevertheless, if it makes you feel better, you can change the registry setting. See http://www.axantum.com/AxCrypt/Registry.html .
I cannot find any WipePasses in my Registry. The last item I see is "TryBrokenFile".
WipePasses was missing in my Registry too ? XP/SP2
Anyway i added it, & set it to 3 passes.
I hope that's correct ?
I am not a registry expert, I did not know that it was possible to add it.
Clone, did you check if that worked?
Me neither, So i wouldn't alter anything if i thought it would screw things up.
I Ax'd a .TXT file & tried to examine the axx.tmp file it created. It was locked so i couldn't, or even copy it to rename it to examine. But that's OK, it's supposed to do that. After rebooting there is NO trace of the .tmp file.
So i can't tell whether it was wiped 3 times as i set it to ?
I was hoping that xecrets would have popped in to comment ! Be nice if he could
I created the registry myself, as you did.
Let's wait for Svante to shed some light...
He posted here after I emailed him and invited him to participate in our discussion, but it's possible that at this point he's stopped following the thread.
If anyone wants to pursue things further, his email address is listed on the Axantum software site in the contact information.
Actually I think the temp file should be wiped without the need of a reboot...
I am going to send an email to Svante...
OK, Thanks Looks like DB is on the case
Correct, i just posted what i did so people would know
According to the developer, the temp file is wiped when you are done with (i.e. close) the file:
Guys, it seems Svante is not responding either here or by email...
Maybe he's on holiday, something ?
dantz provided a good explanation though
Maybe. Let's wait a couple of weeks, then I am gonna send a friendly reminder..
How does AxCrypt compare to TrueCrypt?
Separate names with a comma.