To assure confidentiality over time all StoredSafe products can easily change crypto algorithms and modes on the fly as needed, without putting current data at risk. Further more you won’t have to do any complex data migration, as soon as you handle your stored information it will be encrypted with you most resent crypto algorithms.
Data at rest¶
StoredSafe utilizes 4096 bit RSA Keys for asymmetric encryption and AES-128 in OFB mode for symmetric operations.
Data in transit¶
StoredSafe uses TLS/SSL for protection of data in transit. The idea is to have as strong encryption as possible without breaking to many browsers and also mitigating attacks similar to BEAST etc.
We plan to change the OFB mode in the future to a list of choices with preferred mode set to GCM or similar when ready for production.