We have a newer web site! Visit axcrypt.net instead!

Security

In order to achieve good security, it's beneficial to understand a little bit about how to best use AxCrypt with pass phrases and local PC security. There are also some details on the algorithms and methods used in AxCrypt below.

Pass phrase considerations

AxCrypt uses 128-bit keys internally - but if you want to achieve that level of security you must give it 128 bits of truly 'random' data.

The easiest and safest way to do this is to let AxCrypt generate a key-file for you. Right-click the folder where you want it, and select 'AxCrypt | Make Key-File'. This will create a small text file with a strong key. Store the file on a diskette or USB thumb drive for example, and keep it secret and separate from your files.

Always print your key-file or pass phrase and deposit in a safe place! If you lose it, all documents encrypted with it are permanently lost. There are no back-doors and no way to decrypt without it.

Using typical English language in a pass phrase, this is approximately equivalent to 10 'random' words. Do not use meaningful sentences and absolutely not famous or even obscure quotations!

By introducing variations on the case, as well as non-alphabetic characters you can reduce the number of words necessary. It's not recommended to use less than 5 words.

If you use a completely random selection of upper and lower-case letters and digits, you need 22 characters to achieve 128 bits security.

(The above is a slight simplification of the issue, but it should serve.)

The shredding, or wiping, feature of AxCrypt allows you to erase files in a way that makes it impossible to recover the contents with undeletion software. However, there are some caveats:

  • The name of the file, as well as the size, may be recovered.
  • If the file has been viewed or edited with an application that creates temporary copies of the content (such as Microsoft Office may), those temporary copies may still be available for undeletion on your harddisk.

See the section below on local PC security for tips on how to increase your security margin for these matters.


Local PC Security

AxCrypt by itself will not protect your local PC from, for example:

Data exposure due to:

  • Your applications maintaining clear text in memory, which subsequently is placed in the paging file.
  • Your applications creating temporary files, which are not properly wiped.
  • Deep reading of overwritten hard-disk data with custom software and laboratory equipment.

Key exposure due to:

  • Untimely power cycling of your computer and subsequent crypt-analysis.
  • Keyboard-sniffers, either in hardware or software.

Neglect to use:

  • Strong pass phrases, either with AxCrypt or your logon.
  • Pass phrase-protected screen savers.

AxCrypt combined with Microsoft Encrypting File System (EFS) included in Windows 2000/XP and later, applied to the user temporary directory, together with setting the Clear virtual memory pagefile when system shuts down local security policy, will achieve decent local PC security.

Enable EFS by selecting Properties -> Advanced and choosing "Encrypt contents to secure data". The user temporary directory is usually located in "C:\Documents and Settings\Your User Name\Local Settings\Temp".

Additional options for strengthening local security include add-on products such as PGPdisk, BestCrypt, DriveCrypt and others. I am not sure which, if any or all, will protect the system paging file.

For more sophisticated, but conceptually more complex e-mail security, PGP is by many considered to be excellent.


Algorithms

The algorithms used are deemed secure as such, to the best of my knowledge, by the US Government and the Internet community. Please see the property page of an encrypted file, the documents package and the source code for details.

Key wrapping of the pass phrase is done using the NIST specification for AES Key Wrap. The key derived from the pass phrase with SHA1 is only used as a key encrypting key.

As a brute force counter measure, key wrapping is done with at least 10 000 iterations, increasing the work effort with approximately 13 bits. The actual iteration count is determined dynamically, a typical value is 100 000 to 200 000, adding 16-18 bits of effective key-length. The faster machine you install AxCrypt on - the better the security!

When a key-file is used, this is concatenated with the provided passphrase, and hashed together with it, before using it as a key encrypting key as above.

AxCrypt uses the Advanced Encryption Standard with 128-bit keys in Cipher Block Chaining mode with a 'random' IV for the data encryption.

For integrity verification AxCrypt uses HMAC-SHA1-128, i.e. Hash Message Authentication Code using SHA-1 with 128-bit output and key.

The pseudo random number generator (PRNG) is described in FIPS 186-2, with SHA-1 as the hash algorithm.

Entropy collection to seed the PRNG is performed through a variety of common and less common techniques, including keyboard entry, mouse movement, window positions, a rapidly running software bit oscillator and the Pentium Time Stamp Counter if available.

There may well be bugs in my implementation though - that is why it's open source, so you and our peers may review it and keep it safe. This should not be taken as a low level of confidence in my code - anyone who tells you their code is flawless is either inexperienced or lying.