08-12-2020, 11:51 AM
Well, the user should probably know it. The distinction is quite clear: only paid/premium users get the AES-256 support (at least for the time being, in the current version).
Furthermore, some users might remember what cipher was written there (the screenshot above shows that it's quite highlighted in that list what algorithm is used, but I guess some users just don't give attention to it... that might also the problem that you didn't noticed that the 2 files were different, one was crackable by JTR, the other was not... but the AxCrypt list should have made this clear that the "AES-128" vs "AES-256" is different).
Yeah, most hash crackers do not allow trying 2 very different algorithm at the same time... I think it's still best to say: if you really have no clue if "AES-128" or "AES-256" was used, just think about if you paid for the premium version... and if in doubt always try the AES-128 cracking first and if every attempt fails, try with AES-256. I think that is kind of an acceptable strategy and is still very flexible (because if the user knows for sure that AES-256 was used because of the pro version, they do not need to try the other one and the algorithm also internally doesn't try both, which would be a waste of time/resources).
Thx
BTW: just forget to add this: for the AxCrypt software itself it's basically a no-cost operation to test both ciphers (AES-128 and AES-256)... it's not that of a waste and somehow obscures the underlying algorithm (some people think that fact makes it more secure, but it's very doubtable in this case... in other cases like full disk encryption - FDD - it sometimes makes a little more sense, because the data could be also a completely random data and not as obvious as a .axx file, where it is quite obvious which ciphers are supported or not... in the FDD case, some security guys think it's a good idea to "hide" the hashing or cipher (like in VeraCrypt/TrueCrypt) because of properties like https://en.wikipedia.org/wiki/Deniable_encryption , but at the end, the number of possibilities and options is always quite limited, so you "just" have to try with several different configurations).
Furthermore, some users might remember what cipher was written there (the screenshot above shows that it's quite highlighted in that list what algorithm is used, but I guess some users just don't give attention to it... that might also the problem that you didn't noticed that the 2 files were different, one was crackable by JTR, the other was not... but the AxCrypt list should have made this clear that the "AES-128" vs "AES-256" is different).
Yeah, most hash crackers do not allow trying 2 very different algorithm at the same time... I think it's still best to say: if you really have no clue if "AES-128" or "AES-256" was used, just think about if you paid for the premium version... and if in doubt always try the AES-128 cracking first and if every attempt fails, try with AES-256. I think that is kind of an acceptable strategy and is still very flexible (because if the user knows for sure that AES-256 was used because of the pro version, they do not need to try the other one and the algorithm also internally doesn't try both, which would be a waste of time/resources).
Thx
BTW: just forget to add this: for the AxCrypt software itself it's basically a no-cost operation to test both ciphers (AES-128 and AES-256)... it's not that of a waste and somehow obscures the underlying algorithm (some people think that fact makes it more secure, but it's very doubtable in this case... in other cases like full disk encryption - FDD - it sometimes makes a little more sense, because the data could be also a completely random data and not as obvious as a .axx file, where it is quite obvious which ciphers are supported or not... in the FDD case, some security guys think it's a good idea to "hide" the hashing or cipher (like in VeraCrypt/TrueCrypt) because of properties like https://en.wikipedia.org/wiki/Deniable_encryption , but at the end, the number of possibilities and options is always quite limited, so you "just" have to try with several different configurations).