Why is the pass phrase stored on your server secure?

Why is the pass phrase stored on your server secure?

Previous Top Next

Ensuring your privacy and security is our number one priority. Your pass phrase is encrypted twice before it is stored on the server to prevent anyone but you from recovering the stored pass phrase. The system is designed so that recovering a pass phrase requires action from two people: the person that created the key and a senior level server technician. Neither person can recover the pass phrase without the cooperation of the other person. The system is also designed so that only the creator of the pass phrase can view the pass phrase once it is recovered.

Is this secure? Will someone be able to access my data?

Using 2 layers of encryption around the stored pass phrase offers a very high level of protection. The outer layer requires our 3072-bit private key to decrypt. This private key is encrypted by our master pass phrase recovery password, which is never written down and is known by only a few people (it is a closely guarded secret). Even those who know the master pass phrase recovery password cannot view your pass phrase because of the inner layer of encryption protecting your pass phrase.

Decrypting the inner layer of encryption requires knowing the answers to your security questions. The security questions themselves are only protected by the outer layer of encryption (anyone with the private key has access to your security questions). Thus, you should choose questions that are difficult for another person to answer (and yet will be something you will never forget). The more questions you use the harder it is to break the inner layer of encryption. Each additional question makes it exponentially more difficult. We recommend using at least four security questions to protect your pass phrase. The answers to your security questions are only used to encrypt the pass phrase and are never sent across the Internet, stored on the server, or remembered by the client software.

Technical Details

When your pass phrase is stored on the server it is secured by following this process:

1. You select a series of questions that only you should know the answer to and then provide the answers. You should use enough questions such that you are sure that only you will have the answers to all of the questions.

2. The answers to the questions are used to generate a 256-bit encryption key by following the standard described in RFC2898 (using SHA-256 for the hash function).

3. The pass phrase is encrypted using the Advanced Encryption Standard (AES) algorithm and the encryption key derived from the answers to your security questions.

4. A random 256-bit file encryption key is generated and is used to encrypt your encrypted pass phrase and your list of security questions (but not their answers) using the AES-256 algorithm. The dually encrypted pass phrase and the encrypted list of security questions is called a pass phrase envelope.

5. The random 256-bit file key is encrypted using our 3072-bit public key. Only someone with the matching private key can decrypt this data. We are the only ones with access to the private key.

6. The encrypted 256-bit file key along with the pass phrase envelope is sent via SSL (an encrypted Internet connection) to our server, where it is stored. The permissions on the stored file are narrowed such that only a senior level server technician can access the data.

When you need to recover your pass phrase it is secured by the following process:

1. You use the client software to request that your pass phrase be recovered. The software generates a new 3072-bit public/private key pair (this is your request key).

2. The public request key and the details of your request are sent via SSL to our server, where it is stored.

3. A senior level server technician will use the master pass phrase recovery program to decrypt the outer layer of your stored pass phrase envelope. This requires that the operator to enter the master pass phrase recovery password, which decrypts our 3072-bit private key.

4. At this point your pass phrase is still encrypted with the 256-bit encryption key that was generated by the answers to your questions. As the technician does not know the answers to your security questions your pass phrase is still private.

5. The recovery program generates a new 256-bit file key and encrypts the pass phrase envelope. The pass phrase envelope is now fully encrypted again. The new 256-bit file key is encrypted with your request public key. Now only the person that can decrypt the pass phrase envelope is the person with the request private key (the person that submitted the request).

6. The newly encrypted pass phrase envelope is stored on the server. The technician emails you notifying you that your request has been handled.

7. You use the client software to connect to our server and download the response over an SSL connection.

8. The client software uses the request private key to decrypt the outer layer of the pass phrase envelope.

9. The client software presents your security questions. If you correctly answer these questions then it will be able to decrypt the final encryption layer protecting your pass phrase, and your pass phrase will be recovered.