Elevate your
communication security

Use more than just end-to-end encryption to communicate confidently.

find out how

Security-first
development

Designed to prioritize the protection of your privacy and communication data from the start.

Multi-layered, defense
in-depth strategy

Ciphr uses more than just end-to-end encryption to secure your communications against potential threats and evolving cyber risks.

User-controlled
security & privacy

We ensure no communication data is ever seen in plaintext by Ciphr’s infrastructure with user-controlled encryption keys.

Independently
audited

Ciphr applications and infrastructure are independently audited by Cure53 to ensure the highest level of code and data security.

Securing Your
Stored Data

Composite Key Brute-Force Protection

Enhance the protection of stored data with the strongest safeguard against malicious online and offline brute-force attacks (optional setting).

Learn more

Maximum Password Attempts Limit

Limit the number of incorrect password attempts to keep your data protected in case you lose your device.

Argon2

Argon2 makes it harder for cyberattacks to guess entry passwords by using multiple, parallel rounds of memory and CPU-intensive hashing.

Password Protection

Our required password protection keeps your data in Ciphr encrypted and protected even if your device is unlocked.

Encrypted Data at Rest

All data stored in Ciphr is encrypted using SQLCipher with AES-256.

FAQ

What is Perfect Forward Secrecy?

Perfect Forward Secrecy is a feature in Ciphr that generates unique encryption keys for each message. This eliminates the risk of a single encryption key decrypting an entire chat conversation.

What is Argon2?

Argon2 is a cryptographic algorithm and a key derivation function (KDF) designed to be GPU-resistant. A KDF is an algorithm designed simply to make a password-guessing attack more time-consuming for an attacker. By making each test take longer, a KDF makes even weak passwords harder to guess.

GPUs are optimized to perform specific tasks very quickly. However, a limitation of GPUs is the amount of memory they can use. Argon2 uses a significant fraction of a GPU's available memory, limiting the number of parallel cracking attempts that a GPU can make, eliminating a big part of the GPU's advantage.

Argon2 is used to protect password authentication in all Ciphr apps.

What are User-Controlled Keys?

When a user activates their Ciphr apps, a cryptographic identity is generated for each app and stored on the device. Instead of Ciphr storing encryption keys, users control their own encryption keys. This feature ensures that even Ciphr cannot decrypt user data.

What is Composite Key Brute-Force Protection?

Ciphr's Composite Key Brute-Force Protection protects your data from online and offline brute-force attacks by splitting your "password-based encryption key". This split prevents attackers from guessing passwords against an offline device, as they need to prove possession of the correct password to get the other key component from the server. This protection severely limits the number of guesses per second an attacker can perform and allows the platform to block requests suspected to be part of an attack.

Composite Key Brute-Force Protection is an optional security setting and only available with Ciphr’s paid subscription.

Is Ciphr Lite, Ciphr Text, or Ciphr Mail communication data stored on the servers?

Ciphr does not store any private keys or communication data on the servers outside of "bouncing" it to the intended recipient. Once the message is delivered to the recipient, our servers will automatically purge all data.

Messages, emails, and call data are encrypted on the sender's device before being transmitted. Any data on our servers remains end-to-end encrypted during transit until it is received on the recipient's device. Only then can the message be decrypted by the recipient's private key.

If a user sends a message and the recipient's device is offline, the server will continually try to deliver the message until the recipient's device is back online. If the device does not come back online within fourteen days, the data will be deleted from the server regardless of if the message reaches the recipient's device.

Can I backup my Ciphr data?

With Ciphr’s paid subscription, there are two ways to backup your Ciphr data. Backup with Ciphr Text:

  • You can create an encrypted backup of your Ciphr Text contacts, Ciphr Mail Contacts, and Ciphr Vault notes. This backup will be stored on Ciphr secure servers and will be password protected and AES-256 encrypted.

Backup with Ciphr Vault:

  • You can create an encrypted backup of your Ciphr Vault notes only (not images). This backup can be emailed to your Ciphr Mail inbox, or to the Ciphr Mail inbox of a trusted contact, for safekeeping. The backup data will be password protected and AES-256 encrypted.
Start using the most
secure communication app
This website uses cookies to ensure you get the best experience on our website. Learn More
Learn More