Cryptography in Algebraic
There are two distinct steps when Algebraic encrypts a file. The first step, called password hashing, derives an encryption key from a user-supplied password. The second step, called data encryption, encrypts file data and file metadata using the derived key.
The cryptography core of Algebraic is built in Go, a statically typed language, which compiles to efficient native code, similar to Swift.
The password hashing step computes an encryption key from a user-supplied password.
Password hashing is meant to be computationally expensive. The idea is that an adversary that may attempt to guess the encryption password through brute force (i.e. trying every possible password combination) will find it practically infeasible due to the computationally expensive nature of the password hashing step.
Algebraic uses the Argon2id password hash from the Argon2 family. The hash is designed to resist both side-channel attacks, due to operating partially in a password independent order, and cracking attacks, due to operating partially in a password dependent order.
Argon2 was the winner of the latest Password Hashing Competition that ran from 2013–2015.
The latest versions of Algebraic use the following Argon2id parameters.
|Parallelism||Number of logical CPUs|
|Time (or Iterations)||1|
Algebraic uses XChaCha20-Poly1305 for encryption of the metadata header, and it uses XChaCha20 for streaming encryption of file data.
The encryption key is obtained from the eariler password hashing step.
|Encryption algorithm||Section||Security||Key size|
|XChaCha20-Poly1305||Metadata header||Confidentiality + authenticity||256 bits|
|XChaCha20||File data||Confidentiality||256 bits|
For more details on Algebraic's use of the algorithms, see the algebraicfile specification.
Algebraic uses open source—and largely architecture-optimized— implementations of Argon2id, XChaCha20, and XChaCha20-Poly1305 from the cryptography packages in module golang.org/x/crypto, which is part of the Go Project.
Algebraic generates salts and nonces for the algorithms from cryptographically secure RNGs via package crypto/rand in the Go standard library.