To protect a message an encryption key is derived from a user's password with PBKDF2-SHA512 algorithm with 88K rounds. In 2016 NIST recommended a minimum of 10K iterations, so 88K was greatly exceeding that minimum.
To keep up with a growth of computational power we have decided to significantly increase the number of iterations. For example, not so long ago the iPhone 6 needed to iterate approximately 520K times to achieve a delay in one second, while iPhone 4S required only 40K. Moreover, a newer iPhone XR already needs an excessively higher number of rounds raising it up to 1.2M.
Therefore, we introduced a mutable key. The key derivation procedure extends the number of rounds by a random value in a range between 250K and 700K. Why? Because an “ordinary” text password has an extremely low entropy, it simply does not contain enough random data. It can be brute-forced easily. To withstand brute-forcing it should be transformed somehow. The more time and resources that transformation takes the better. A legitimate user needs to complete the transformation once while an adversary needs to perform an exhaustive search. A delay in a second is not annoying, however, it adds up years and centuries to the brute-forcing. PBKDF2-SHA512 is an excellent recommended choice of such a transformation.
For every message sent you'll have a different key derived from your password or a fixed certificate. The number of additional rounds is stored in a message subject, but knowing that exact value won't give any advantages to an adversary (anyway it's a really bad idea to rely on a secrecy of the algorithm).
As an additional benefit, compromising one key won't compromise any past or future keys, unless the number of rounds matches or your password leaks. As for now, if a certificate is used it is notably easier to break the actual derived encryption key rather than trying to find a certificate. Thus, a mutable certificate provides a better protection and secrecy. Yet, One-Time Certificates are still the best!
Eventually we are going to disable a simple password and set a mutable password as a default value.
The other changes include:
An option to set the number of messages to load from each account. Default is ten
Added “On read” expiration time for OTC. Now you can send a message that will vanish after first read. Such messages will have a red lock icon in the list
Fixed OTC exchange bug appearing if you send the same certificates twice
Some other minor bugfixes and improvements