Perfect Forward Secrecy is a feature in Ciphr that generates unique encryption keys for each message. This eliminates the risk of a single encryption key decrypting an entire chat conversation.
Argon2 is a cryptographic algorithm and a key derivation function (KDF) designed to be GPU-resistant. A KDF is an algorithm designed simply to make a password-guessing attack more time-consuming for an attacker. By making each test take longer, a KDF makes even weak passwords harder to guess.
GPUs are optimized to perform specific tasks very quickly. However, a limitation of GPUs is the amount of memory they can use. Argon2 uses a significant fraction of a GPU's available memory, limiting the number of parallel cracking attempts that a GPU can make, eliminating a big part of the GPU's advantage.
Argon2 is used to protect password authentication in all Ciphr apps.
When a user activates their Ciphr apps, a cryptographic identity is generated for each app and stored on the device. Instead of Ciphr storing encryption keys, users control their own encryption keys. This feature ensures that even Ciphr cannot decrypt user data.
Ciphr's Composite Key Brute-Force Protection protects your data from online and offline brute-force attacks by splitting your "password-based encryption key". This split prevents attackers from guessing passwords against an offline device, as they need to prove possession of the correct password to get the other key component from the server. This protection severely limits the number of guesses per second an attacker can perform and allows the platform to block requests suspected to be part of an attack.
Composite Key Brute-Force Protection is an optional security setting and only available with Ciphr’s paid subscription.
Ciphr does not store any private keys or communication data on the servers outside of "bouncing" it to the intended recipient. Once the message is delivered to the recipient, our servers will automatically purge all data.
Messages, emails, and call data are encrypted on the sender's device before being transmitted. Any data on our servers remains end-to-end encrypted during transit until it is received on the recipient's device. Only then can the message be decrypted by the recipient's private key.
If a user sends a message and the recipient's device is offline, the server will continually try to deliver the message until the recipient's device is back online. If the device does not come back online within fourteen days, the data will be deleted from the server regardless of if the message reaches the recipient's device.
With Ciphr’s paid subscription, there are two ways to backup your Ciphr data. Backup with Ciphr Text:
- You can create an encrypted backup of your Ciphr Text contacts, Ciphr Mail Contacts, and Ciphr Vault notes. This backup will be stored on Ciphr secure servers and will be password protected and AES-256 encrypted.
Backup with Ciphr Vault:
- You can create an encrypted backup of your Ciphr Vault notes only (not images). This backup can be emailed to your Ciphr Mail inbox, or to the Ciphr Mail inbox of a trusted contact, for safekeeping. The backup data will be password protected and AES-256 encrypted.
Want to learn more about Ciphr?
Visit our blog for more helpful information.