Encrypting with Axcrypt

Discussion in 'privacy technology' started by CloneRanger, Mar 23, 2013.

Thread Status:
Not open for further replies.
  1. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Does anybody know how this file is wiped by Axcrypt (1 pass, 3 passes, etc.)?
     
  2. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,909
    Location:
    USA
    I've never seen Axcrypt wipe any original file it encrypts.
     
  3. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    I meant wiping the temp file.
     
  4. stvs

    stvs Registered Member

    Joined:
    Mar 17, 2013
    Posts:
    34
    Location:
    greece
    Last edited: Jun 5, 2013
  5. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,027
    Location:
    Hawaii
    In the above links the developer never does quite explain the usage or status of AxCrypt's temp files, although to his credit he does recommend encrypting the temp folder in order to prevent leaks.

    In the second link he states that the temp file is encrypted, but it's definitely not. Perhaps his definition of 'temp file' is different than mine, or perhaps he is being deliberately vague, but the bottom line is that when an AxCrypt file is opened, AxCrypt creates a plaintext copy of the encrypted file on the hard drive. (Or at least, it did the last time I checked.)

    I think the only way to get a proper answer will be to ask the developer for a full explanation of temp file usage and the wiping of plaintext.
     
  6. stvs

    stvs Registered Member

    Joined:
    Mar 17, 2013
    Posts:
    34
    Location:
    greece
    i agree 100%
    to me:encryption "on the fly"
     
  7. xecrets

    xecrets Registered Member

    Joined:
    Aug 19, 2011
    Posts:
    4
    Location:
    Stockholm, Sweden
    Hello,

    I am the developer of AxCrypt.

    AxCrypt works by decrypting the file to a plaintext version in the user temporary directory, actually a subdirectory to the folder %TEMP% refers to.

    It then launches the application associated with the file extension, and monitors that application in various ways in order to determine when the application is done with the file.

    Once it detects that the file is no longer used, it re-encrypts it back to the original location (if it was changed), and then wipes the plain text temporary. It also checks the temporary folder when started, in case there are files left there from an earlier session that did not end in a controlled manner.

    The wiping is by default a single pass of random data overwrite. It can be changed with a registry setting to up to 7 passes with alternating zeroes, fixed and random patterns.

    On-the-fly file encryption and decryption has some advantages in that there is never a full plain text copy of the file made by the encryption software. However, there is still the temporary files made by the application itself to consider. This leads to 'folder encryption', which also has some advantages.

    The main reason for not doing either of this with AxCrypt is that it requires a level of integration with the operating system that at least at the time it was originally developed required kernel mode drivers, which poses some interesting issues by itself. I wanted AxCrypt to be a 100% user mode software.

    AxCrypt is best suited for data that is moved between systems, perhaps between two communicating parties. It is also well suited to handle a small number of specific files that needs protection. For day-to-day encryption of all your files at rest on a single system, encrypting file system, encrypted virtual disks or full-disk encryption with for example TrueCrypt is a better match.

    Personally I think EFS, TrueCrypt and AxCrypt complement each other and I regularly use all three.

    Svante
     
  8. xecrets

    xecrets Registered Member

    Joined:
    Aug 19, 2011
    Posts:
    4
    Location:
    Stockholm, Sweden
    Hello,

    I am the developer of AxCrypt.

    Or follow any of the instructions at the bottom of http://www.axantum.com/AxCrypt/Freeware.html . This page is linked to from the downloads page, and also in the first paragraph of text when the standard installer opens. Much easier ;-) No need to get tricky.

    Svante
     
  9. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Hi Svante,

    thanks much for replying with all these info.

    Do you think 1 pass is enough to make the file unrecoverable?
    I believe this is a key point, since it would not make any sense to have Axcrypted files (@AES12:cool: if than they can retrieved from the Temp folder.

    Thanks again for your time.
     
  10. xecrets

    xecrets Registered Member

    Joined:
    Aug 19, 2011
    Posts:
    4
    Location:
    Stockholm, Sweden
    Yes I do think so. Or, rather, either it's sufficient or it doesn't really matter how many passes.

    Overwriting from the 'outside' to a modern device may not do quite the expected thing for various reasons. The most obvious being the way SSD-device controllers try to avoid writing too many times in the same location. An overwrite may thus not actually overwrite, but instead write in a new physical location.

    But, my point is that a one pass overwrite will suffice to render recovery impractical without special hardware, software and skills. If you want to sanitize media with classified information you need to physically destroy the media in an approved manner.

    For people and organizations who do not expect full-scale attacks against the media and encryption by military intelligence organizations, single pass is enough. For those who do, the only way to be sure is to really destroy the media.

    Nevertheless, if it makes you feel better, you can change the registry setting. See http://www.axantum.com/AxCrypt/Registry.html .

    Svante
     
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Svante,

    I cannot find any WipePasses in my Registry. The last item I see is "TryBrokenFile".

    Thanks.
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    WipePasses was missing in my Registry too ? XP/SP2

    Anyway i added it, & set it to 3 passes.

    wp.png

    I hope that's correct ?
     
  13. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    I am not a registry expert, I did not know that it was possible to add it.
    Clone, did you check if that worked?
     
  14. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    Me neither, ;) So i wouldn't alter anything if i thought it would screw things up.

    I Ax'd a .TXT file & tried to examine the axx.tmp file it created. It was locked so i couldn't, or even copy it to rename it to examine. But that's OK, it's supposed to do that. After rebooting there is NO trace of the .tmp file.

    So i can't tell whether it was wiped 3 times as i set it to ?

    I was hoping that xecrets would have popped in to comment ! Be nice if he could :thumb:
     
  15. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    I created the registry myself, as you did.
    Let's wait for Svante to shed some light...:D
     
  16. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,027
    Location:
    Hawaii
    He posted here after I emailed him and invited him to participate in our discussion, but it's possible that at this point he's stopped following the thread.

    If anyone wants to pursue things further, his email address is listed on the Axantum software site in the contact information.
    http://www.axantum.com/Contact.html
     
  17. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Actually I think the temp file should be wiped without the need of a reboot...

    I am going to send an email to Svante...
     
  18. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ dantz

    OK, Thanks :thumb: Looks like DB is on the case :)

    Correct, i just posted what i did so people would know ;)

    Good man :thumb:
     
  19. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,027
    Location:
    Hawaii
    According to the developer, the temp file is wiped when you are done with (i.e. close) the file:
     
  20. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Guys, it seems Svante is not responding either here or by email...:(
     
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ dogbite

    Maybe he's on holiday, something ?

    dantz provided a good explanation though :thumb:
     
  22. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Maybe. Let's wait a couple of weeks, then I am gonna send a friendly reminder..
     
  23. mlauzon

    mlauzon Registered Member

    Joined:
    Aug 9, 2011
    Posts:
    113
    Location:
    Canada
    How does AxCrypt compare to TrueCrypt?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.