Howdy! First, thanks so much for the hard work on AESCrypt! I made it the centerpiece of keeping data secure for a school district (http://bit.ly/ecsecure).
Second, I ran across an interesting issue. I have some files I encrypted with AESCrypt about a year ago. When I went to decrypt them using the latest version of AESCrypt, I found myself getting the same error ("Message has been altered or password is incorrect").
At first I thought I'd goofed on the password, but it seems the same across a variety of files.
The latest version of AESCrypt would read older encrypted files, right?
With appreciation,
Miguel Guhlin
http://mguhlin.org
AESCrypt 32 vs 64bit
-
paulej
- Posts: 629
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt 32 vs 64bit
AES Crypt should definitely read older files. We've made every attempt to ensure that every file format is supported. The one exception is that the Java version will not read version 0 files. However, that's not the issue you're having.
Of course, there is always an opportunity for a bug. It is strange that some files would decrypt, while others would not. That's quite unusual.
I do not want you to send me any files with sensitive information or to share your passwords with me, but if you could create an example using an older version of AES Crypt that fails to encrypt with a newer version (using non-sensitive data and a password you can share), I'll definitely take a look to see if I can figure out why you have having this issue. If there is a bug, I'll fix it. I've not heard of this before, but I definitely do want to ensure newer versions can properly decrypt all files created with previous versions. It's just as important to me as it is you!
Paul
Of course, there is always an opportunity for a bug. It is strange that some files would decrypt, while others would not. That's quite unusual.
I do not want you to send me any files with sensitive information or to share your passwords with me, but if you could create an example using an older version of AES Crypt that fails to encrypt with a newer version (using non-sensitive data and a password you can share), I'll definitely take a look to see if I can figure out why you have having this issue. If there is a bug, I'll fix it. I've not heard of this before, but I definitely do want to ensure newer versions can properly decrypt all files created with previous versions. It's just as important to me as it is you!
Paul
Re: AESCrypt 32 vs 64bit
Thanks, let me see if I can replicate the error with unimportant stuff.
With appreciation,
Miguel
With appreciation,
Miguel
-
paulej
- Posts: 629
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt 32 vs 64bit
Please do make sure you replicate the issue using a password you can share. I cannot decrypt or even attempt to decrypt the file without the password.
Re: AESCrypt 32 vs 64bit
Howdy! I was NOT able to replicate the problem with a newly created file, so...c'est la vie. I must have forgotten the password (ouch!).
Thanks so much for listening to the ravings of an encrypted maniac.
On a different subject (should I start a new thread?), how does AESCrypt compare with a solution like Secret Space Encryptor (SSE)? http://www.paranoiaworks.mobi/sse/
Simply, how does one assess whether an encryption solution is "safe" and "uncrackable?"
With appreciation,
Miguel Guhlin
Thanks so much for listening to the ravings of an encrypted maniac.
On a different subject (should I start a new thread?), how does AESCrypt compare with a solution like Secret Space Encryptor (SSE)? http://www.paranoiaworks.mobi/sse/
Simply, how does one assess whether an encryption solution is "safe" and "uncrackable?"
With appreciation,
Miguel Guhlin
-
paulej
- Posts: 629
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt 32 vs 64bit
I've never used SSE, but I see that it does a number of things, not just file encryption.
For the file encryption capability, it appears to also support 256-bit AES. Which is more secure? I don't know.
As far as I know, AES has not been cracked. Brute-force attack on a 256-bit key would be virtually impossible. So long as SSE uses a good random number generator, then the encryption strength should be similar to AES Crypt.
I do know a number of banks around the world and a number of US Government agencies use AES Crypt. I've received feedback from them occasionally, so I know it is being used widely. And, the code has been reviewed by a number of experts. The known security issues brought to my attention are posted on the "wish list" page.
In any case, I take security feedback seriously, since I entrust AES Crypt with my own data. It's important to me to ensure there are no holes.
For the file encryption capability, it appears to also support 256-bit AES. Which is more secure? I don't know.
As far as I know, AES has not been cracked. Brute-force attack on a 256-bit key would be virtually impossible. So long as SSE uses a good random number generator, then the encryption strength should be similar to AES Crypt.
I do know a number of banks around the world and a number of US Government agencies use AES Crypt. I've received feedback from them occasionally, so I know it is being used widely. And, the code has been reviewed by a number of experts. The known security issues brought to my attention are posted on the "wish list" page.
In any case, I take security feedback seriously, since I entrust AES Crypt with my own data.
It's important to me to ensure there are no holes.