AxCrypt Premium - Review 2020 - PCMag AU

AxCrypt Premium - Review 2020 - PCMag AU


AxCrypt Premium - Review 2020 - PCMag AU

Posted: 30 May 2020 03:12 PM PDT

In the movies, encryption always seems to involve random characters scrolling down the screen, or hackers pounding on keyboards. The reality isn't quite the same, though some encryption products are complex enough to make you want to pound your keyboard with your head. AxCrypt Premium is a breath of fresh air in this field. It offers seriously advanced encryption features in a superbly simple setting.

Many encryption tools offer a perpetual license. You can buy them once and use them indefinitely. AxCrypt, based in Sweden, charges $35 per year. That ongoing subscription is needed because some of its features are server-based. CertainSafe Digital Safety Deposit Box, which stores all your encrypted data in the cloud, runs $12 per month, which is a good bit more than AxCrypt. Note that if you're willing to settle for weakish 128-bit encryption and forego some advanced features, you can use AxCrypt for free.

What Is Encryption?

When Sir Francis Bacon wanted to keep his writings safe from prying eyes, he encoded them by replacing each letter with a five-character sequence of a's and b's. A page of Baconian ciphertext is really hard to look at! Breaking that kind of cipher is a simple matter of analyzing letter frequencies, though I'm sure it made Sir Francis feel safer.

Modern encryption algorithms are light-years beyond old-fashioned ciphers. Their output bears no visible relationship to the data that went in, and cracking a modern encryption algorithm would take an impossibly long time. The official encryption algorithm of the US Government is Advanced Encryption Standard (AES). Bruce Schneier's Blowfish algorithm is another much-used method.

AES, Blowfish, and many common encryption algorithms are symmetric, meaning the same key is used to encrypt and decrypt data. If you want to share an encrypted file, you must securely (and separately) transmit the key to the recipient. Public Key Infrastructure (PKI) cryptography avoids that problem. In this system, if I want to send you a file, I look up your public key and encrypt the file with it. You use your private key to decrypt the file. Conversely, if I want to prove to you that a document comes from me and hasn't been modified, I encrypt it with my private key. The fact that you can decrypt it with the public key proves that you digitally signed it with your private key.

Getting Started With AxCrypt

As with most encryption tools I've tested, AxCrypt installs in a trice. The very first time you launch it, you must sign in with your email and then enter a confirmation code sent to your email address. I'll get into the reason for that later. You also must create a single master password. Like the master password for your password manager, it needs to be both strong and memorable.

AxCrypt rates the password as you type, and it's a tough critic. A 16-character password containing all character types merely rated "good." Advanced Encryption Package and CryptoForge also rate your passwords. This is the password you use to sign in online, and also the password that unlocks the product on your PC.

AxCrypt Premium Main Window

Advanced Encryption Package lets you choose from 17 different encryption algorithms. CryptoForge offers four, along with the option to layer in more than one of them. But do ordinary users know enough to make a choice? AxCrypt just sticks with AES, the government standard.

After that, AxCrypt is almost invisible. If you drag a file onto its window, that file gets encrypted. You can also encrypt, decrypt, and securely delete files from AxCrypt's right-click context menu. Cypherix SecureIT, Advanced Encryption Package, and CryptoForge also offer access via context menu.

AxCrypt also lets you define one or more Secured Folders. This isn't the same as the encrypted vault protection provided by Cypherix Cryptainer PE and CryptoExpert, though the effect is somewhat similar. When you sign out of AxCrypt (or get signed out automatically after inactivity), the program encrypts everything in the Secured Folders.

But wait, there's more! With almost every file-encryption tool, launching an encrypted file starts the decryption process. If you want to edit the file, you must decrypt, edit, and re-encrypt. With AxCrypt, launching an encrypted file opens it in the appropriate application. When you save, your saved file is encrypted automatically. Clicking the broom icon serves to clean up any temporary files that may have been left behind.

How Is This Safe?

Hold on, you may be thinking, what's to stop someone from walking up to my computer before the passphrase times out, decrypting my files, and stealing them? The answer, according to AxCrypt's FAQ, is that if your local security is lax enough to let that happen, you have a huge problem that no encryption can solve.

You absolutely need to protect your Windows login with a strong password. If you have Windows 10 and a webcam, you can add Windows Hello biometric authentication. McAfee's True Key lets you add biometric login to other Windows versions.

Set up Windows so it automatically locks your account after inactivity. You do this by going to screen saver settings, defining the time for inactivity, and checking the box that says to display the logon screen upon resuming. This works even if you don't select a screen saver. For that matter, it's simple enough to lock your system by pressing Windows+L before leaving your desk.

The AxCrypt documentation goes into detail about other ways to protect your local security. It also points out that because it keeps the program's passphrase in memory, the user doesn't have to enter it over and over. And that should encourage the use of truly strong passphrases, which is important.

Password Management

AxCrypt includes a feature called password management, but it's not what you might expect. Launching it takes you to the AxCrypt website Password Management page. Click New to add a description and password. Click Search to search your saved passwords. That's the extent of it. It's not a password management utility like LastPass or Dashlane.

AxCrypt Premium Password Generator

There is one interesting feature here, however. Clicking the Suggest Password button generates a 17-character password that contains all character types but is also somewhat pronounceable. I learned more about this feature on the Password Generator webpage.

According to that page, it uses "statistical analysis of actual text," and "produces strong passwords that are not nonsensical and actually possible to remember and type." Oddly, with each click of the button it generates three passwords, strong, medium, and weak. Running it just now, I got "sabBleed'weTurld15," "va4poSeSher," and "asInatic." Even the weak password is better than what you get by default from Advanced Encryption Package's funky password manager. It defaults to generating five-character all-caps passwords like NOWAY. In testing, it also crashed when asked to do much more than that.

Secure Sharing

AxCrypt makes everything about encryption simple, so you shouldn't be surprised to learn that it even makes PKI exchange of secure data simple. Here's how it works. Click the sharing button on the toolbar. Select or enter the desired contact email address. Then send an encrypted file to the recipient.

A recipient who doesn't already have AxCrypt must install the free edition, as the sharing email explains. The message comes with the necessary six-digit confirmation code already embedded, making it easy for the recipient to get started. And that's it; sharing managed.

AxCrypt Premium Public Key

More advanced PKI features are found under the Key Management menu. Here you can export your public key for sharing, or import a public key that's been shared with you. You can also export and import your entire account.

Advanced Encryption Package also supports PKI, but it's aimed at a vastly different audience, specifically those with technical expertise in encryption. By contrast, anybody can use AxCrypt.

Make It Easy

If an encryption package is difficult or confusing to use, it won't get used. The same is true for many other kinds of security software. Firewall spewing popups? Chances are you'll just turn it off. Fortunately, AxCrypt Premium is extraordinarily easy to use. True, the fact that it keeps your passphrase in memory means that you absolutely must take care of your computer's physical security, but that's just good practice. And of course, you're free to sign out of AxCrypt any time you're not using it.

This product doesn't have the biggest collection of bells and whistles. That honor surely goes to Advanced Encryption Package. But average users don't want those bells and whistles, they just want simple protection for their files. And, simple or not, AxCrypt manages to offer PKI encryption, something few competitors do. For these reasons, AxCrypt joins CertainSafe and Folder Lock as an Editors' Choice for encryption.

AxCrypt Premium Specs

Public Key Cryptography Yes
Rate Password Strength Yes
Two-Factor Authentication No
Create Encrypted Storage No
Encrypt Files/Folders Yes
Encrypt Text No
Create Self-Decrypting EXE No
Secure Deletion of Originals Yes

Best Security Picks

Further Reading

Exclusive: Zoom plans to roll out strong encryption for paying customers only - KFGO News

Posted: 29 May 2020 05:50 PM PDT

By Joseph Menn

SAN FRANCISCO (Reuters) - Zoom , the video conferencing provider whose business has boomed with the COVID-19 pandemic, plans to strengthen encryption on video calls made by paying clients and institutions like schools, but not for users of its popular free accounts, a company official said Friday.

The company previewed its intentions on a call with civil liberties groups and child-sex abuse fighters Thursday, and Zoom security consultant Alex Stamos confirmed the plans in an interview Friday.

Stamos said the plans were subject to change and it was not yet clear which if any nonprofits or other users, such as political dissidents, might qualify for accounts allowing for more secure video meetings. He said a combination of technological, safety and business factors went into the plan, which drew mixed reactions from privacy advocates.

Zoom has attracted millions of free and paying customers amid the pandemic in part because users could join a meeting - something that now happens 300 million times a day - without registering. But that has left more opportunities for troublemakers to slip into meetings, sometimes after pretending to be an invitee.

Electronic Frontier Foundation researcher Gennie Gebhart, who was on Thursday's call, said she hoped Zoom would change course and offer protected video more widely. But American Civil Liberties Union technology fellow Jon Callas said the strategy seemed a reasonable compromise.

Safety experts and law enforcement have warned that sexual predators and other criminals are increasingly using encrypted communications to avoid detection.

"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," Callas said. "Charging money for end-to-end encryption is a way to get rid of the riff-raff."

Zoom hired Stamos and other prominent experts after a series of security failures that led some institutions to ban its use. Last week Zoom released a technical paper on its encryption plans, without saying how widely they would reach.

"At the same time that Zoom is trying to improve security, they are also significantly upgrading their trust and safety," said Stamos, a former chief security officer at Facebook.

"The CEO is looking at different arguments. The current plan is paid customers plus enterprise accounts where the company knows who they are," he said.

Giving full encryption to every meeting would mean that Zoom's trust and safety team would not be able to monitor what is happening or respond effectively to abuse in real time, Stamos said.

An end-to-end model, which means no one but the participants and their devices can see and hear what is happening, would also have to exclude people who call in from a phone line.

From a business perspective, it is hard to earn money when offering a sophisticated and expensive encryption service for free. Facebook is planning to fully encrypt Messenger, but it earns enormous sums from its other services.

Other encrypted communication providers either charge business users or act as nonprofits, like the makers of Signal.

Zoom is also dealing with a variety of regulators, including the U.S. Federal Trade Commission, which is looking into its previous claims about encryption that have been criticized as exaggerated or false, Stamos acknowledged. With the Justice Department and some members of Congress condemning strong encryption, a major expansion there by Zoom could draw unwanted new attention, privacy experts said.

(Reporting by Joseph Menn; Editing by Greg Mitchell and Leslie Adler)

Zoom to add end-to-end encryption with Keybase acquisition - Computerworld

Posted: 08 May 2020 12:00 AM PDT

Zoom has acquired secure messaging and identity management firm Keybase as its looks to shore up security capabilities on its platform with end-to-end encryption.

The acquisition will give Zoom access to Keybase's encryption technology, used to secure online identities, as well as its team of engineers. Launched in 2014, Keybase lets users encrypt social media messages and shared files with public key encryption to ensure that communications stay private. 

Keybase's cofounder Max Krohn will now head up Zoom's security team, Zoom said. Krohn's new role was first detailed by CNBC.

The purchase marks a key step for Zoom as it aims to create a "truly private" video communications platform "that can scale to hundreds of millions of participants," Zoom CEO Eric Yuan said in a blog post. 

"Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform," Yuan wrote. "Keybase's experienced team will be a critical part of this mission."

Zoom has come under fire in recent months, as use surged in the wake of the Covid-19 crisis, highlighting a number of security and privacy weaknesses. It has also faced criticism for overstating its end-to-end encryption features, and subsequently apologized for "confusion" around its definition of the technology.

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Harry Dunn's parents to meet Anne Sacoolas as immunity row continues - The Guardian

VPN browser extensions: Why you shouldn't use then - Tech Advisor