Security Deep Dive

AES-256, PBKDF2, and why your secrets stay safe

EnigmaCrypt uses industry-standard cryptography. This page explains exactly what we use, why it's secure, and how long it would take to crack — spoiler: longer than the age of the universe.

AES-256 Encryption

AES (Advanced Encryption Standard) is the same algorithm used by the U.S. government for top secret information. The "256" means a 256-bit key — 2256 possible combinations.

That's approximately 115 quattuorvigintillion keys. Even if you could try a trillion keys per second, it would take billions of times the age of the universe to brute-force a single secret. With current technology, AES-256 is considered unbreakable.

NIST FIPS 197

PBKDF2 — 100,000 Iterations

Your unlock password isn't used directly as the encryption key. We use PBKDF2 (Password-Based Key Derivation Function 2) to derive a proper 256-bit key. This adds computational work: 100,000 iterations of hashing before encryption or decryption.

That means brute-forcing isn't just about trying 2256 keys — each guess requires 100,000 hash operations. This makes dictionary attacks and rainbow tables impractical. A typical password like "correct horse battery staple" would take millions of years to crack.

Salt & IV — Unique Every Time

Each secret gets a random salt (for key derivation) and a random IV (initialization vector for AES). Even if you create two secrets with the same password and content, the encrypted output is completely different. This prevents pattern analysis and identical ciphertext attacks.

How Much Power to Crack It?

Let's say you had a hypothetical computer that could try 10 billion keys per second (far beyond current technology). To exhaust half of the AES-256 keys:

  • Time: ~5.4 × 1051 years (the universe is ~1.4 × 1010 years old)
  • Energy: More than the total energy output of the sun over its lifetime

The weak point is never AES-256 — it's the human-chosen password. Use a strong, unique password and you're effectively uncrackable.

The Challenge — Try to Hack It

Below is a real encrypted blob. It was encrypted with the exact same technology we use for your secrets. It contains the developer's bank passwords, credit cards, and project databases. We invite you to crack it.

56f88775e09f2729ecd993e2b8510a56be5afb9e26064eefdbcf32bb72f1aa11bIzxQWCSzNZktBxrO3ML5T69p1KVkEKA9MTBFBByNb9y6VBLclTRA4swk7Wv+Se0yZRYwyQI/zXu/LNxqTXvg5JSe6CxqPP0IiuXAsRKQBdnTIK149JpSiDxqFFO9Gx6BLHJ6jl1tLCRDd0oBArFElIyulAnvwwjprXwd+3AgGkx+yBo1NOaCipCD6zrtd5Eggyk8/9lus8uHjo/Eg7CUPK1EXGCPAgp6t5qWBSA6Uy9y1/1bN3IwRml85v5bXoaXeO0583Nh3z2pueNS5WPChalnjxAdPTLF1TkcsKscBv8Fj0a71tIi+4s1L06L+8GHnSdOZBIVXRuP/GFRqJ6mmhdaTWEY+DEwYWxUTWw6DJFaQxxvamD6V9oeKJSr7dOS9mpB+JpDuolT4Wa+Sntp6XEGIuNJb5RSUgg3mi8bUo=

Summary

  • AES-256-CBC — military-grade cipher
  • PBKDF2 with 100,000 iterations — strong key derivation
  • Random salt and IV per secret — no pattern leakage
  • Client-side only — we never see your password or plaintext

Your secrets are as safe as the technology allows. The rest is up to you: choose a strong password and share it through a different channel than the URL.