How strong is the Volume Key?

thelostgeek

Hi ,

I understand that all the files in BoxCryptor are encrypted using the volume key which is generated during the enc. drive creation. The volume key is then encrypted by the master password (user password) and stored in the .encfs6.xml.

How strong is the volume key ? like length/strength ? if i understand correctly. When some one gets my encrypted file. they just need to figure out the volume key to decrypt it.So , eventually, the strength depends on the volume key. Is my understanding correct ?

~tlg

thelostgeek

Can anyone help me to confirm my understanding ? Appreciate your help. Thanks.

Robert

Hi,

The volume key is generated using different secure random generators with additional hashing via PBKDF2. The default key length is 256 bits. Depending on the platform, the following secure random generators are used:

Windows: .NET RNGCryptoServiceProvider
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider(v=vs.90).aspx

Mac OS X: OpenSSL RAND_bytes
http://www.openssl.org/docs/crypto/RAND_bytes.html

iOS: Cocoa SecRandomCopyBytes
http://developer.apple.com/library/ios/#DOCUMENTATION/Security/Reference/RandomizationReference/Reference/reference.html

Android: Java SecureRandom
http://docs.oracle.com/javase/6/docs/api/java/security/SecureRandom.html

The volume key is very strong - the strength really depends on the password you choose to secure this volume key because user passwords generally have far less entropy than a randomly generated 256 bits key. If an attacker gets access to your BoxCryptor Folder, he will most likely try to guess/crack/brute force etc. your password in order to decrypt the volume key and then decrypt your files.

More information on how to choose good passwords and password strength in generall can be found on Wikipedia:

http://en.wikipedia.org/wiki/Password_strength

Best regards,
Robert