Version 1.8 is out!


We have released a new version of SenseMail with mutable keys

To protect a message an encryption key is derived from a user's password with PBKDF2-SHA512 algorithm with 88K rounds. In 2016 NIST recommended a minimum of 10K iterations, so 88K was greatly exceeding that minimum.

To keep up with a growth of computational power we have decided to significantly increase the number of iterations. For example, not so long ago the iPhone 6 needed to iterate approximately 520K times to achieve a delay in one second, while iPhone 4S required only 40K. Moreover, a newer iPhone XR already needs an excessively higher number of rounds raising it up to 1.2M.

Therefore, we introduced a mutable key. The key derivation procedure extends the number of rounds by a random value in a range between 250K and 700K. Why? Because an “ordinary” text password has an extremely low entropy, it simply does not contain enough random data. It can be brute-forced easily. To withstand brute-forcing it should be transformed somehow. The more time and resources that transformation takes the better. A legitimate user needs to complete the transformation once while an adversary needs to perform an exhaustive search. A delay in a second is not annoying, however, it adds up years and centuries to the brute-forcing. PBKDF2-SHA512 is an excellent recommended choice of such a transformation.

For every message sent you'll have a different key derived from your password or a fixed certificate. The number of additional rounds is stored in a message subject, but knowing that exact value won't give any advantages to an adversary (anyway it's a really bad idea to rely on a secrecy of the algorithm).

As an additional benefit, compromising one key won't compromise any past or future keys, unless the number of rounds matches or your password leaks. As for now, if a certificate is used it is notably easier to break the actual derived encryption key rather than trying to find a certificate. Thus, a mutable certificate provides a better protection and secrecy. Yet, One-Time Certificates are still the best!

Eventually we are going to disable a simple password and set a mutable password as a default value.

New PIN request

The other changes include:

  • An option to set the number of messages to load from each account. Default is ten

  • Added “On read” expiration time for OTC. Now you can send a message that will vanish after first read. Such messages will have a red lock icon in the list

  • Fixed OTC exchange bug appearing if you send the same certificates twice

  • Some other minor bugfixes and improvements

  • Stay tuned!

    Let's Get In Touch!


    Have any questions about our products? Or do you need something special? That's great! Send us an email and we will get back to you as soon as possible!


    © CreepyTwo Labs Ltd.
    Developed by CreepyTwo Labs.