A concern that usually arises among password manager users is whether their data can be accessed by anyone else (for example, the application development team). This is a fair and legitimate question as the user data stored in password manager applications is confidential such as passwords, personal notes, and private keys of cryptocurrency wallets. If such data is breached, the consequences can be devastating.
The answer to the question above is that: in Locker, ONLY you can access and read your data; no one else can, not even the Locker team. In this article, I will analyze in more detail how we can achieve this.
First, we need to understand the concept of encryption – the main technology behind Locker that keeps all your data secure.
Encryption is a way of changing the original information so that only the parties involved can read and understand the content. Essentially, this is the process of converting human-readable texts (also referred to as plaintext) into unintelligible or meaningless texts (also known as ciphertext). Simply put, encryption is the process where readable data is changed in accordance with a specific set of rules so that it appears random.
The rules here are, technically, an encryption algorithm that comes with an encryption key. Usually, the encryption algorithm is public, which means we all know its name and specifications, while the encryption key is either
- Entirely secret, revealed only between the sender and the intended receiver of the message
- Semi-secret, being a key pair that consists of 1 completely secret key and 1 public key.
We should also know about two opposite processes related to the encryption technology:
- “Encrypt” is the process of scrambling the original plaintext into ciphertext.
- “Decrypt” is the process of converting ciphertext back into the original plaintext.
We can classify encryption methods in many ways. One of the most popular ways is based on the symmetry of the encryption key:
- If we encrypt the plaintext with key k and decrypt the ciphertext with the same key k, this is Symmetric Encryption.
- If we encrypt the plaintext with key k1 but need key k2 to decrypt the ciphertext (k1 is different from k2), this is Asymmetric Encryption or public encryption.
Within the scope of this article, we will focus on Symmetric Encryption, which is Locker’s main data encryption technology.
To understand the Symmetric Encryption more easily, let’s take a look at one of its simplest techniques: the Caesar cipher. The Caesar cipher is a mono-alphabetic substitution cipher that is based on the transposition of 26 English alphabet letters. Specifically, it involves shifting each letter m of the plaintext by k letters so m becomes c.
For example, we have a plaintext of hello and choose k = 7, then the ciphertext will be olssv: as we shift h by 7 letters in the alphabet, we get o; similarly, shifting e by 7 letters leaves us at l and so on.
|ENCRYPT||h + 7||e + 7||l + 7||l + 7||o + 7|
To decrypt the ciphertext of olssv, it is imperative that we know k = 7 and implement decryption in an opposite way compared to encryption. We shift back 7 letters from o and get h, shift back 7 letters from l and get e, and so on. Eventually, we will obtain the plaintext of hello.
|DECRYPT||0 – 7||l – 7||s – 7||s – 7||v – 7|
At this point, we need to agree that successful ciphertext decryption using Symmetric Encryption requires the encryption key k previously used in the encryption process. In some cases, we can guess k correctly by trial and error or with brute-force attacks (covering all possible answers). As with the Caesar cipher example above, k can be guessed by trying each value from 1 to 26 to see if the result is readable. However, such a method is feasible only when the ciphers are weak. With today’s modern cryptographic algorithms, it is impossible to perform brute-force attacks within a short time, even with the help of computers having the highest processing speed.
The AES, which stands for Advanced Encryption Standard, algorithm is a standard symmetric encryption algorithm used by the US government and other government agencies worldwide to protect top-secret data. With proper implementation and strong enough Encryption Keys, the AES algorithm is proven unbreakable. In this article, I will not go into details of AES architecture and algorithm; instead, I will focus more on how we use the AES algorithm in Locker. You can read more about AES in general here.
Locker currently uses AES specifications with key k of 256-bit length, and is in the CBC mode of operation; this is also referred to as AES-256-CBC. Compare with a Caesar cipher key being a number between 1 and 26, a typical AES-256-CBC key is much more complex: it is a string of 32 characters that can be numbers, alphabetic letters, and unreadable characters. Therefore, it is impossible to guess or brute-force attack to find AES keys so far.
How does Locker encrypt user data?
Every Locker user is required to create a Master Password, which is extremely important for all internal encryption processes. If you lose your Master Password, you will not be able to access your data anymore (unless you have already set up Emergency Access).
Once the Master Password is created, Locker will:
- Hash the Master Password to generate a 256-bit Master Key.
- Stretch the 256-bit Master Key to a 512-bit Stretched Master Key.
- Randomly generate a 256-bit Symmetric Key.
- Use AES-256-CBC to encrypt the Symmetric Key with the Stretched Master Key to get an Encrypted Symmetric Key.
- The Encrypted Symmetric Key will be saved to the Locker servers.
It should be emphasized that steps from 1 to 4 above happen entirely on your computer/mobile device and Locker cannot know or store your Master Password or Symmetric Key.
After you have successfully logged in to your Locker account and saved a password or other secret data (I’d call each of these an Item), below is what happens on your device itself (not on the Locker servers):
- Retrieve the Encrypted Symmetric Key from the Locker servers.
- Calculate the Stretched Master Key from the Master Password in similar steps to the above.
- Calculate the Symmetric Key by using AES-256-CBC with the Stretched Master Key to decrypt the Encrypted Symmetric Key.
- Calculate the Encrypted Item by using AES-256-CBC to encrypt the Item with the Symmetric Key.
- Send the Encrypted Item to the Locker servers for storing.
I hope my descriptions of the technical processes remain clear and understandable until now. As you can see, we store only the Encrypted Symmetric Keys and Encrypted Items on the Locker servers. Such data is ciphertext and would look like gibberish, meaningless and unusable, to anyone.
Can we (or anyone else, apart from you) access and read your data?
To access and read your data, i.e. your Item, we need to be able to decrypt the Encrypted Item. This means we must obtain the Symmetric Key first.
The problem is that we only have the Encrypted Symmetric Key so we will have to find a way to decrypt this value. However, as shown in the previous diagram, the Encrypted Symmetric Key is generated using the Stretched Master Key, which is a stretched value from your Master Password. Long story short, we must know your Master Password to decrypt the Encrypted Symmetric Key and get the Symmetric Key; only then will your data be accessible to us.
This whole process is entirely unfeasible for the Locker team (or anyone else, apart from you) since your Master Password exists only in your memory and temporarily on your devices.
With all the explanations so far, you can see that it is totally impossible for the Locker team to access and read your confidential data. We always maintain the highest level of security, truthfulness, and transparency for you to rest assured that your data is in safe and competent hands with Locker. We also collaborate with independent cybersecurity partners and the global community of cybersecurity experts to continuously assess and maintain Locker’s safety so that your data is accessible and readable to you ONLY, not anyone else – even the Locker team.