We have a newer web site! Visit axcrypt.net instead!
Security
In order to achieve good security, it's beneficial to understand a little bit about
how to best use AxCrypt with pass phrases
and local PC security. There are also some details
on the algorithms and methods used in AxCrypt below.
AxCrypt uses 128-bit keys internally - but if you want to achieve that level of
security you must give it 128 bits of truly 'random' data.
The easiest and safest way to do this is to let AxCrypt generate a key-file
for you. Right-click the folder where you want it, and select 'AxCrypt | Make Key-File'.
This will create a small text file with a strong key. Store the file on a diskette
or USB thumb drive for example, and keep it secret and separate from your files.
Always print your key-file or pass phrase and deposit in a safe place! If you
lose it, all documents encrypted with it are permanently lost. There are no back-doors
and no way to decrypt without it.
Using typical English language in a pass phrase, this is approximately equivalent
to 10 'random' words. Do not use meaningful sentences and absolutely not famous
or even obscure quotations!
By introducing variations on the case, as well as non-alphabetic characters you
can reduce the number of words necessary. It's not recommended to use less than
5 words.
If you use a completely random selection of upper and lower-case letters and digits,
you need 22 characters to achieve 128 bits security.
(The above is a slight simplification of the issue, but it should serve.)
The shredding, or wiping, feature of AxCrypt allows you to erase files in a way
that makes it impossible to recover the contents with undeletion software. However,
there are some caveats:
- The name of the file, as well as the size, may be recovered.
- If the file has been viewed or edited with an application that creates temporary
copies of the content (such as Microsoft Office may), those temporary copies may
still be available for undeletion on your harddisk.
See the section below on local PC security for tips on how to increase your security
margin for these matters.
AxCrypt by itself will not protect your local PC from, for example:
Data exposure due to:
- Your applications maintaining clear text in memory, which subsequently is placed
in the paging file.
- Your applications creating temporary files, which are not properly wiped.
- Deep reading of overwritten hard-disk data with custom software and laboratory equipment.
Key exposure due to:
- Untimely power cycling of your computer and subsequent crypt-analysis.
- Keyboard-sniffers, either in hardware or software.
Neglect to use:
- Strong pass phrases, either with AxCrypt or your logon.
- Pass phrase-protected screen savers.
AxCrypt combined with Microsoft Encrypting File System (EFS) included in Windows
2000/XP and later, applied to the user temporary directory, together with setting
the Clear virtual memory pagefile when system shuts down local security
policy, will achieve decent local PC security.
Enable EFS by selecting Properties -> Advanced and choosing "Encrypt contents
to secure data". The user temporary directory is usually located in "C:\Documents
and Settings\Your User Name\Local Settings\Temp".
Additional options for strengthening local security include add-on products such
as PGPdisk, BestCrypt, DriveCrypt and others. I am not sure which, if any or all,
will protect the system paging file.
For more sophisticated, but conceptually more complex e-mail security, PGP is by
many considered to be excellent.
The algorithms used are deemed secure as such, to the best of my knowledge, by the
US Government and the Internet community. Please see the property page of an encrypted
file, the documents package and the source code for details.
Key wrapping of the pass phrase is done using the NIST specification for AES Key
Wrap. The key derived from the pass phrase with SHA1 is only used as a key encrypting
key.
As a brute force counter measure, key wrapping is done with at least 10 000 iterations,
increasing the work effort with approximately 13 bits. The actual iteration count
is determined dynamically, a typical value is 100 000 to 200 000, adding 16-18 bits
of effective key-length. The faster machine you install AxCrypt on - the better
the security!
When a key-file is used, this is concatenated with the provided passphrase, and
hashed together with it, before using it as a key encrypting key as above.
AxCrypt uses the Advanced Encryption Standard with 128-bit keys in Cipher Block
Chaining mode with a 'random' IV for the data encryption.
For integrity verification AxCrypt uses HMAC-SHA1-128, i.e. Hash Message Authentication
Code using SHA-1 with 128-bit output and key.
The pseudo random number generator (PRNG) is described in FIPS 186-2, with SHA-1
as the hash algorithm.
Entropy collection to seed the PRNG is performed through a variety of common and
less common techniques, including keyboard entry, mouse movement, window positions,
a rapidly running software bit oscillator and the Pentium Time Stamp Counter if
available.
There may well be bugs in my implementation though - that is why it's open source,
so you and our peers may review it and keep it safe. This should not be taken as
a low level of confidence in my code - anyone who tells you their code is flawless
is either inexperienced or lying.