Your Name
Your Email Address
Your Message
Support us by disabling your Ad-Blocker for our page. Our service is free, help us keep it this way by disabling your ad block and clicking things that interest you.

Cryptographic Security

For the perfect protection of your data Bitbuckler relies on the most modern cryptographic standards and a fully automated key exchange. For encryption we exclusively trust the Advanced Encryption Standard (AES) in its safest variation with a key length of 256 bit in Cipher Block Chaining Mode (CBC). Recommended by the BSI it is even approved for secret government documents.

What is AES and is it really secure?

AES is a symmetric cipher. It uses the same key for encryption and decryption. To successfully crack an AES-256 encrypted dataset an attacker needs to try 10 to the power of 89 possible keys. Using a very fast computer this would take about 10 to the power of 63 years – a period of time which is even longer than the age of our universe. Using one billion computers it would still take 10 to the power of 54 years to decrypt only one single set of data. By creating a complete new encryption key for every single message or file, it’s almost impossible for an invader to get access to your private data.

How can I give AES keys to my friends?

The exchange of AES keys between author and recipient(s) is executed automatically. A secure asymmetric public key exchange algorithm called Elliptic Curve Diffie-Hellman (ECDH) is utilized for this purpose. Messages of this protocol are securely stored on our Bitbuckler web service.

The exchange of keys is secured and verified by a digital signature algorithm called Elliptic Curve Digital Signature Algorithm (ECDSA with SHA-3 512 bit).

Both procedures (ECDH and ECDSA) are asymmetric cryptographic algortihms which depend on a private and a public key. The public key is used for the verfication of a signature. The private key is used to create a signature. Therefor the public key needs to be known to every partaking party in the communication process, the private key must only be known to the author of a message. Both elliptic curve algorithms are operated with a key length of 519 bit. This is delivers security levels comparable to AES 256.

Why signatures?

A user’s public signature validation key allows Bitbuckler to verify the sender of a message, if you have added said sender to your friends-list.
By using signature algorithms it is possible to identify manipulated data or keys right away. Thus attacks which are based on the Man-in-the-Middle Attack are no longer a threat. Simplified this means that Bitbuckler can guarantee that an incoming message -- and the encryption keys for that message -- has really been written by one of your friends or colleagues and not by an attacker.

How do my friends get my signature key?

You need to tell your friends your public signature validation key. There are several risk-free options to do this, e.g.: via telephone, personally or via mail. If it’s not possible to manipulate the key while it is being transported, it is even possible to send it via the Internet.

In addition to a direct key handover between the author and recipient (via telephone, letter or in person) it is possible to download the key using a web of trust. This allows you to see, which of your friends already trust a newly received validation key. If you deem your signing friends trustworthy, you can choose to use the downloaded validation key.