Elpass uses the most cutting-edge encryption algorithms. Here is a simplified summarization:
- First. The master password is hashed with Argon2id algorithm. This requires 256 MiB of dedicated RAM, and takes about 1.0 seconds on iPhone 11 Pro, to against a brute force attack. The salt for hashing is generated randomly while creating vault or changing the master password.
- The output of step 1 is the key to decrypt the encrypted part of Index file. This step uses XSalsa20+Poly1305 algorithm. Now the master key of the vault is extracted.
- Then, Elpass derives multiple sub-keys from the master key with BLAKE2B algorithm. Every file is encrypted with a distinguishing sub-key.
- Elpass uses the sub-key to encrypt your data with XSalsa20+Poly1305 algorithm.
Elpass uses libsodium as the algorithm provider, which is one of the most wildly used cryptographic libraries.
We open-source the part of the encryption part of our source code for anyone interested in inspecting it. You may find it here: