Here are some brief comments about why it's secure to store your secrets here. A complete white paper with all the details will be made available in the future.

XML Encryption

Your secrets are stored as encrypted XML, using 256-bit AES encryption. AES is the current US National Institute of Standards and Technology recommended encryption algorithm, where the full PDF specification is found, a less formal description is available on Wikipedia.

Your Password

Although the use of standardized XML encryption technology minimizes the risk of design and implementation errors, in the end your password or passphrase will determine the resulting actual security, which is why we require at least 10 characters in your password. We also use a standardized key-wrap algorithm, as well as an iterated key-derivation algorithm ensuring that whatever password you use - we'll make it at least a 1000 times stronger. The actual value is determined by the speed of our server, thus automatically upgrading security when faster computer hardware is available.

Your password is not used to encrypt your secrets, it's only used to derive a key which in turn is used to encrypt (wrap) the real key. The real key used for the actual encryption is a full 256-bit key generated by our servers to be as random and strong as possible.

Password loss

If you loose or forget your password, we cannot send it to you. We do not know it. However, you can request a password reset which will cause a new password to be set. Your old secrets will be maintained in their encrypted form, and if you in the future do recall your old password, the old secrets will be automatically decrypted and merged with any new secrets.

If you request a password change, your secrets will be automatically re-encrypted with the new password.

Download your raw encrypted secrets file

When you are logged on, you can download your secrets as an encrypted XML file. What you download is exactly identical to what we store on the server.

The encrypted XML file is using only W3C standardized technology, and is therefore interoperable with any software capable of decrypting W3C encrypted XML. There will also be a simple offline program available to decrypt the file, in source code form as well, in the near future.

Since we only ever store your data in encrypted form on our server, an attacker can at best get hold of the encrypted XML. Provided you have not choosen a very weak password, this encryption is not feasible to force by any attacker, and your secrets will be safe even in this event.

Attacks

The most common attack vector for hackers is via database SQL injection, where faulty validation of user input leads to attackers getting access to the database. This is impossible on the Xecrets server, since we do not use any SQL database at all, we only use files in the file system.

When you are logged on, we are by necessity keeping your password in memory as well as the decrypted secrets when we send them to your browser, but is never saved to disk. The production server is located in a secure hosting facility.

All communication with our server is encrypted with strong SSL encryption, and we do not allow any client that does not accept this to log on.