AES key

elf

Have read in previous posts here that the password I use for Boxcryptor is not actually the AES key for the file decryption, and that my password is merely used to decode the AES key which is kept in the encfs file.

If this is the case, then how is the AES key initially determined? In truecrypt you are asked to randomly wave about the mouse in order to create a secure key in a random way.

Robert

Hi elf,

the volume key which is used to encrypt the files is generated in the following way when creating a new encrypted folder:

1) A temporary key with 384 bits is randomly generated
2) A temporary salt with 160 bits is randomly generated
3) The volume key is generated using PBKDF2 standard with the temporary key and salt as input and 1000 iterations. See http://en.wikipedia.org/wiki/PBKDF2

The values are randomly generated using the .NET class Random (http://msdn.microsoft.com/en-us/library/system.random.aspx). Even though, the generated volume key is very secure by applying an additional PBKDF2 key derivation, we'll replace the Random class with RNGCryptoServiceProvider class in the next version.

--Robert