How secure sharedSecrets is
|Back to Overview|
sharedSecrets uses the AES-128 encryption. All block ciphers are performed with Cipher Block Chaining mode and normal PKCS5/7 padding. This means, that the encryption key changes every 128 bit, which makes it much more safe then pure AES-128 with ECB.
A random initialization vector guarantees, that two versions of the same file are encrypted totally different.
AES-128 was selected by us, because this algorithm is a well-accepted standard; it was accepted by FIPS as the U.S. Government standard in October 2000. It has received massive peer review and scrutiny in the Security community and is widely believed to be very secure. Also, the implementation of AES-128 in MacOS X has a very good reputation.
It is true, that there are algorithms with 256 or even more bits available today. Nevertheless, the question is misleading. In fact, the effective key size is not restricted by the algorithm, but by you. How long is the password you want to type in? To make use of the 128 bit key length of AES-128, you need to type in (and remember) 22 characters for the password at least.
Conclusion: Algorithms with higher key length like AES-256 can be used effectively only, if the keys are stored at a smart card or other type of removable media.