The security used to protect messages sent through the Salvanote app is very strong indeed, and improves on the current state of the art.
Salvanote uses end-to-end Hybrid PKI encryption to protect messages. Messages can only be encrypted or decrypted on the device. Not even the Salvanote system administrators can see messages! Private keys (used to encrypt messages) are generated only on the device, and never leave the device. Each message is encrypted with a random session key (generated on the device) so that if one message is ever “cracked” this does not compromise all other messages which still remain secure.
Compliant With Australian Law
The Australian Federal Government’s Access and Assistance Bill of 2018 (known colloquially as the “Encryption Bill”) requires providers of end-to-end encryption products to permit government to read the encrypted messages upon request (after due process), but without weakening the level of encryption of the product.
Most security professionals in the industry are adamant that the only way to comply with Bill is to provide a “back-door” – a way to bypass the security of the encryption – which would thus weaken the encryption in the product. For this reason there is a widely-held view that what the government asks (to be able to read end-to-end encrypted messages, but without weakening encryption) is mathematically impossible.
At Salvanote, we thrive on the impossible. We have built the Salvanote mobile app to be compliant with the Encryption Bill, and have done so without creating any back-doors, or weakening any encryption strength. Encryption remains entirely end-to-end, with no way around it.
Better Than State Of The Art
Many products offering end-to-end encryption are built with strong encryption using 2048-bit keys. This bit size refers to the length of the keys. In simple terms, the longer the key, the stronger the encryption (and the more computing power needed for encryption and decryption). A lot of products standardise on 2048-bit keys because it provides very strong security for a reasonable computational overhead. The American NIST has confirmed 2048-bit encryption to be plenty good enough to depend on at least until the year 2030. Forbes refers to this as “military grade encryption” .
At Salvanote, we are using the same strong encryption, but will soon go beyond the state of the art, when we begin to roll out 4096-bit keys – a key strength that Forbes calls “one of the most secure algorithms in the world”.
Numerically, 4096 is double the number 2048… but this doesn’t mean that 4096-bit encryption is twice as strong. In fact it is 2048 times stronger: each additional bit (roughly) doubles the key’s strength.
Just As Fast
Many systems avoid strong encryption due the computational overhead: it takes a LOT longer to generate keys and encrypt or decrypt messages. Salvanote solves this problem by using Hybrid encryption, where a long random key is generated for each message, and used to encrypt the message. That random key is the only thing being encrypted with the high-bit-strength key, and therefore the whole process goes a great deal faster.
In practical terms, on a modern phone or tablet the performance impact of using high-bit-strength keys is barely noticeable in the Salvanote app, adding only a fraction of a second to the “send” operation. A huge boost in security with negligible impact on performance.
Its Best To Assume The Worst
In the world of information security, generally the more secure systems tend to be the ones that put the most effort into planning for the worst possible cases (both known and unknown).
At Salvanote we have designed our message security to withstand the worst-case scenario of an attacker getting “root” (super-administrator) access to all our systems and databases. Assuming someone ever reached this point (past all our firewalls, key-based access points, network-level restrictions, and bastion hosts) and got all our data, including all stored messages… they would be unable to decipher ANY messages.
In such a scenario, the only way to decrypt a message would be to get their hands on the phone of the sender or recipient, and hack their way in. Assuming they could do that (something not even the FBI could do) they would still only have access to the messages of that particular user. All other messages would remain encrypted and impossible to read.