|
|
|
|
|
|
by ttgurney
1453 days ago
|
|
|
I appreciate the idea and the ease of use. How is the key being stored? What would make sense to me is that the key is given in in the URL as a query parameter, so that it is not actually stored anywhere on the server side. But that doesn't look to be the case. > We use AES encryption with a 4096-bit key. I have never heard of 4096-bit AES. Typically the expert opinion I have heard on AES key lengths is that 128-bit is enough and that 256-bit is overkill reserved for the paranoid. I am reminded of Bruce Schneier's warning sign #5 of cryptographic snake oil: ridiculous key lengths:
https://www.schneier.com/crypto-gram/archives/1999/0215.html... I don't mean to imply that this tool is "snake oil"--just that "4096-bit AES" is not a good look in light of the above advice from a highly respected cryptographer. (On the other hand, 4096-bit keys are often used with RSA. But that is a different kind of algorithm with a different purpose.) |
|
|