From the documentation, it says Cryptomator has an AES 256 keysize; versus another provider that has AES 4096. I’m inclined to trust open-source more favorably; however, I am curious if the AES keysize here can be increased or?
A commercial entity that provides AES 4096 must surely receive some governmental scrutiny.
I’m not an encryption expert and I’m new to using these sorts of vaults. I just want to understand the relative issues about the key sizes available, etc., as we all want the best security we can get.
What service claims to use AES at 4096 bit?
Are you sure it wasn’t an RSA key of that size?
The key length vs security varies greatly between different styles of encryption.
As a simple comparison, the National Institute of Standards and Technology believe that AES-128 is roughly equivalent to an RSA key of 3072
There is no (productive) AES 4096 as far as I know. As @anon24105312 already mentioned, I also assume you are mixing up AES and RSA
The difference? I found this helpful to me.
Ugh, note to self: don’t post until you’ve finished a couple of coffees.
Thank you for clarifying that.
I found this page
Encryption Keys and Boxcryptor
Thing I get most curious about with a commercial provider such as above, is if they are indeed providing a high level of security, which country gov’t agencies are pissed and/or poking at them for info
AES-256 will be enough for you and everyone else for most likely our lifetimes.
AES-128 is not breakable at this stage, but there is concern that with quantum computers it may be rendered obsolete. Hence AES-256 which will be proof against even quantum computers. For the forseeable future.
If you’re a bit of a geek and interested this is worth a read:
(Edited to add the link)
A risk with any company, provider or pre-compiled code. Realistically though if someone wanted your data “that badly”, it’d probably be easier and more concealable to exploit a weakness or backdoor in your system/OS and capture passwords. (windows 10 patch tuesday breaks new records every week for amount of bugs!)
TBH if the NSA or similar wants to get your data you’re screwed. If you do some investigation you will be shocked at what they can do, particularly if they can gain physical access to your device, even for just a few minutes. “Bugs” exist as in the movies, but unlike the movies they’re passive and only active when triggered, despite being able to record data. Lots of other gear. You can actually view the NSA “catalogue”. Quite amazing.