Has there been a security review / audit of Cryptomator?


The desktop application Cryptomator has been peer-reviewed by the community. Its cryptographic libraries use only cryptographic primitives of well-known open source libraries like JCA, OpenSSL, and Common Crypto. Except SIV Mode, which is the only self-implemented cryptographic primitive.

All cryptographic libraries have been reviewed by Cure53. The pentesting report can be found here. The reported issues are commented in the corresponding GitHub respositories.

SIV-Mode has been reviewed by Tim McLean. The report on SIV Mode 1.0.8 can be found here and the issues found have been fixed with version 1.1.0.

256 Bit SHA Verschl├╝sselung wurde von NSA eingef├╝hrt?