Monday, April 14, 2014

AxCrypt, Xecrets and the OpenSSL Heartbleed security issue

Information about Heartbleed

On April 7, a security advisory was published concerning OpenSSL, the security vulnerability described has been given the popular name 'heartbleed'. OpenSSL is a software library component commonly used in web servers supporting encrypted communication using SSL with clients.

This issue probably affects the majority of web servers in the world, and is about as serious as a security issue can be. It's arguably the most dangerous vulnerability the Internet has seen.

However, it does not in any way affect the security of AxCrypt file encryption or Xecrets online password manager.

In the case of AxCrypt, simply because AxCrypt is not a web server, and does not use SSL in any way.

Xecrets is an online service, using a web server, and does use SSL but it is still not vulnerable because OpenSSL is not used, i.e. the faulty component is not part of the software used by Xecrets. There is  no indication that the Certificate Authority used by Xecrets has been compromised, so connections to https://www.axantum.com/ are still to be trusted fully as before.

You do not need to change passwords or passphrases for AxCrypt-encrypted files or your Xecrets account unless you use that same or similar password somewhere else.


7 comments:

  1. I didn't know how else to contact you.
    On Win 7 machine x64, the right context menu appears ok, but not in Total Commander. Installing Legacy version 1.6.4.4 produces the exact oppsite effect: ok in TCMD (different icon), but NO AxCrypt menu in Windows Explorer.
    Tried to install ver 1.7 x64 after 1.6.4.4, but it is not possible.

    Could be installed 32-bit registry values to x64 installer? Or command line with key file (checked and saw only with "Pass-phrase" or key generation, I will double check) ?

    Thank you,
    Liviu

    ReplyDelete
  2. Try http://www.axantum.com/Contact.html . The problem is, if I recall correctly, that Total Commander is a 32-bit application running in a 64-bit system. AxCxrypt is 64-bit. The problem is Total Commander, not AxCrypt.

    ReplyDelete
  3. hello,
    Axcrypt is no more available on AppStore (France, US, ..)
    did you know ?
    why ?
    Do you have a solution ?

    ReplyDelete
  4. Dear Bernard, will you also please try to e-mail me as is suggested in the post above? This is not an appropriate place to respond to your question. These are comments on a totally unrelated blog entry.

    ReplyDelete
  5. Que faire jai effacé et brouille mon mot de passe

    ReplyDelete
  6. Please make a key-file (.jpg .mp3...) instead of entering a password !

    ReplyDelete