Security
In order to acheive good security, it is beneficial to know a little bit about how to best use AxCrypt. There are also some details on the algorithms and methods used in AxCrypt below.

PASS PHRASE CONSIDERATIONS

AxCrypt uses 128-bit keys internally - but if you want to achieve that level you must give it 128 bits of truly 'random' data.

The easiest way to do this is to let AxCrypt generate a Key-File for you. Right-click the folder where you want it, and select 'AxCrypt | Make Key-File'. This will create a small text file with a good key. Store the file on a diskette or USB thumb drive for example, and keep it secret and separate from your files.

Using typical English language, this is approximately equivalent to 10 'random' words. Do not use meaningful sentences and absolutely not famous or even obscure quotations!

By introducing variations on the case, as well as non-alphabetic characters you can reduce the number of words necessary. It is not recommended to use less than 5 words.

If you use a completely random selection of upper and lower-case letters and digits, you need 22 characters to achieve 128 bits security.

(The above is a slight simplification of the issue, but it should serve.)

LOCAL PC SECURITY

AxCrypt by itself will not protect your local PC from, for example:

  • Data exposure due to:
    - Your applications maintaining clear text in memory, which subsequently is placed in the paging file.
    - Your applications creating temporary files, which are not properly wiped.
    - Deep reading of overwritten hard-disk data with custom software and laboratory equipment.
  • Key exposure due to:
    - Untimely power cycling of your computer and subsequent crypt-analysis.
    - Keyboard sniffers, either in hardware or software.
  • Neglect to use:
    - Strong pass phrases, either with AxCrypt or your logon.
    - Pass phrase-protected screen savers.

AxCrypt combined with Microsoft Encrypting File System (EFS) included in Windows 2000/XP and later, applied to the user temporary directory, together with setting the Clear virtual memory pagefile when system shuts down local security policy, will achieve decent local PC security.

Enable EFS by selecting Properties -> Advanced and choosing "Encrypt contents to secure data". The user temporary directory is usually located in "C:\Documents and Settings\Your User Name\Local Settings\Temp".

Additional options for strengthening local security include add-on products such as PGPdisk, BestCrypt, DriveCrypt and others. I am not sure which, if any or all, will protect the system paging file.

For more sophisticated, but conceptually more complex e-mail security, PGP is by many considered to be excellent.

ALGORITHMS

The algorithms used are deemed secure as such, to the best of my knowledge, by the US Government and the Internet community. Please see the property page of an encrypted file, the documents package and the source code for details.

Key wrapping of the pass phrase is done using the NIST specification for AES Key Wrap. The key derived from the pass phrase with SHA1 is only used as a key encrypting key.

As a brute force counter measure, key wrapping is done with at least 10 000 iterations, increasing the work effort with approximately 13 bits. The acutal iteration count is determined dynamically, a typical value is 100 000 to 200 000, adding 16-18 bits of effective key-length. The faster machine you install AxCrypt on - the higher the security!

When a Key-File is used, this is concatenated with the provided passphrase, and hashed together with it, before using it as a key encrypting key as above.

AxCrypt uses the Advanced Encryption Standard with 128-bit keys in Cipher Block Chaining mode with a 'random' IV for the data encryption.

For integrity verification AxCrypt uses HMAC-SHA1-128, i.e. Hash Message Authentication Code using SHA-1 with 128-bit output and key.

The pseudo random number generator (PRNG) is described in FIPS 186-2, with SHA-1 as the hash algorithm.

Entropy collection to seed the PRNG is performed through a variety of common and less common techniques, including keyboard entry, mouse movement, window positions, a rapidly running software bit oscillator and the Pentium Time Stamp Counter if available.

There may well be bugs in my implementation though - that is why it is open source, so you and our peers may review it and keep it safe. This should not be taken as a low level of confidence in my code - anyone who tells you their code is flawless is either inexperienced or lying.