Hacker News new | past | comments | ask | show | jobs | submit login

From the linked discussion ([3] above):

> 1. We use a 256 bit key derived using a salt and PBKDF2.

> 2. AES is used in CBC mode with a different IV for each account.

> 3. The key is store on the cellphone only and is never transmitted




> 2. AES is used in CBC mode with a different IV for each account.

Depending on the actual implementation (if everything is just one encrypted blob or if individual records are encrypted separately) using the same IV for all data in one account can be pretty bad.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: