Password security is crucial in Tresorit. In order to hide your password from anybody - even from us - we apply the following principles:
- We are using PBKDFV2 (RFC 2898) with HMAC (RFC 2104) with SHA-1 (FIPS-180-4), as a password derivation function. For parameters, we use 160 bit, random salt and 10.000 iterations.
- We planned to use scrypt, because unlike PBKDFv2, scrypt needs big memory in order to avoid GPU cracking. But scrypt is still not standardized. When it will be, we will include it.
- Because of this any UTF8 character can be used in your password, and password length (theoretically) is not limited.
- For autologin, the key derived with PBKDFv2 is stored only on your computer. That key is used to decrypt your profile. The content of this file NEVER leaves your computer.
- Your encrypted profile contains your private and public keys used for sharing tresors with others, and to authenticate yourself to the server.
- By default, we are using SSL Client certificates to authenticate you when you log in to our servers.
- For the first time you log in, you need to download your encrypted profile file without user certificate authentication. To authenticate, we use a challenge-response protocol, based on a key derived with PBKDFv2 with the above described set up, but with an absolutely independent salt from the profile encryption salt. Only in this scenario, the client communicates with the server through SSL without client authentication. We planned to use SRP (RFC 2945) for this, but because implementation problems of TLS-SRP (RFC 5054) we use an application layer challenge-response protocol.
- The brief description of the protocol is attached.
The password on this site (support.tresorit.com) is absolutely independent from your password in Tresorit. We strongly recommend to use different password on our support site. We are working on integrating support site with the Tresorit challenge-response protocol and SAML-2.