Entropy Keycrypt


Risks and Mitigations

Incorrect Implementations — For cryptography, we use audited implementations wherever possible. For qualified individuals, further auditing and the use of formally verified implementations are possibilities. Tap 'Services' from inside the Entropy app for details.

Source of Randomness — For sources of randomness we use number generators conjectured to be cryptographically secure.

Advances in Cryptanalysis — One potential risk involves the possibility of partial or complete failures in the underlying algorithms, such as AES-256-GCM and ChaCha20-Poly1305. Such failures could potentially allow someone in possession of a single share to reconstruct the confidential secret. However, this risk is mitigated by two factors: First, the shares are specifically designed to be stored offline, reducing the likelihood of unauthorized access. Second, it's presumed that there is a certain level of trust between the owner and each individual share holder. Finally, the likelihood of sudden and complete failures in these established algorithms is extremely low. Should such an event occur, it would have far-reaching implications, causing massive disruptions not just in this system but across banking, finance, communications, and society as a whole.

Quantum Computers — Advances in quantum computing will not assist in breaking Entropy's key distribution algorithm, which has information-theoretic security properties. Regarding the encoded secret itself, sufficiently powerful quantum computers are not currently believed to completely break symmetric ciphers like those employed by Entropy. Please see Professor Bernstein's Grover vs. McEliece paper for more information.

Device Security and Malware Risks — To minimize exposure to vulnerabilities, keep your device current with the latest security patches and avoid disabling built-in security features. Some users opt for a dedicated, offline device - like a WiFi-only iPad mini in airplane mode with lockdown mode enabled - for increased security during secret preparation and reconstruction. Firmware for air-gapped open source hardware is a possibility depending on user demand. Please get in touch if this is of interest.

Personal Accountability — Despite these safeguards, remember that no cryptosystem can defend against malware that captures and leaks decrypted data. Therefore, your choice of device and its security posture remain critical.

Human Factors — Human factors pose unique challenges; recipients might lose shares or potentially collude to access secrets prematurely. To mitigate the risk of share loss, you can adjust the settings so fewer shares are needed to reconstruct the secret, thus providing a buffer if some shares are lost. For mitigating coercion and collusion, you have the option to `seal' the secret to add an extra layer of protection. Independent secure storage can also be considered. For instance, encrypted devices or archival media can be stored in a physically secure location, such as a safe or a secure vault, with access granted only upon meeting specific legal criteria.

Next: System Requirements