That's a great writeup. Is it possible to create a really long passphrase whose hash can't be reversed easily? Perhaps a diceware passphrase with six randomly chosen words?
The difficulty of breaking Deepsound is basically equivalent to the difficulty of reversing a SHA-1 hash. For dictionary words and shorter passwords, consider them broken instantaneously through pre-computed lookup tables.
For more complex passphrases (and remember, only the first 32 characters count here), exponential growth probably works in your favor, even with today's Bitcoin-fueled hyper-accelerated SHA-1 implementations.
Even then, the scheme where they use the password directly as the AES key is flawed. For example, in ASCII, every octet's most-significant bit is zero, so 32 bits of your AES key are fixed. I don't know if this enables practical attacks, but anyone who cares about securing their data shouldn't rely on amateur cryptography like this.
Edit: Oh right, and aside from the password aspect, it uses ECB mode for the encrypted content. That’s not good.
For more complex passphrases (and remember, only the first 32 characters count here), exponential growth probably works in your favor, even with today's Bitcoin-fueled hyper-accelerated SHA-1 implementations.
Even then, the scheme where they use the password directly as the AES key is flawed. For example, in ASCII, every octet's most-significant bit is zero, so 32 bits of your AES key are fixed. I don't know if this enables practical attacks, but anyone who cares about securing their data shouldn't rely on amateur cryptography like this.
Edit: Oh right, and aside from the password aspect, it uses ECB mode for the encrypted content. That’s not good.