General- Advanced FAQ

  • What type of Algorithm do you use ?

    We are using Authenticated Encryption with Associated Data (AEAD) to provide both confidentiality and authenticity (integrity), That's why we are using Advanced Encryption Standard "AES" in Galois/Counter Mode "GCM" to provide both Confidentiality and authenticity of the File

  • What is the key length that you use in Crypto Ghost ?

    Crypto Ghost uses 256-bits key length .

  • Where can I find details about the encryption and decryption processes ?

  • How does it work ?

    You can check our technical specification here

  • How is the key derivation performance ?

  • What happens if use the same information(email and password) in two devices ?

    It will give you different key in every time so if you have 2 devices and you put the same information you will get 2 different private keys in other words it will be unique for every time .

  • What happens If I encrypt the file twice ?

    You will get different outputs when you encrypt the same file so now the attacker can't tell if it's the same file or different file.

  • I found a lot of bugs in your application !

    Well done, This is an open source software you can review our code and point to any vulnerability and we will fix it.

  • Why you use Authenticated Encryption ?

    We want provide both confidentiality and integrity not just confidentiality.

  • Chosen-plaintext attack (CPA)

    In this attack the cryptanalyst is able to choose a number of plaintexts to be enciphered and have access to the resulting ciphertext. This allows him to explore whatever areas of the plaintext, Crypto Ghost will use random 16 bytes nonce and it will be unique every time and even if the attacker want to encrypt the same file twice to see the similarity or any related values he can't because the result will be different every time .

  • Brute force attack ?

    It's an attck to recover the key so the attacker will try all possibilities to finally select the appropriate one, brute force attack on the key will not be usefull here first the key length is 256-bit so it will take the attacker to computer 2^256 and we try to dedicate a full process to derive the key and you can check the key derivation process in the technical specification .