ZeroKit for Realm: Easy End-To-End Encryption

&gt; If you’re building an app dealing with highly sensitive data, we definitely recommend you check out ZeroKit and give it a try!<p>ZeroKit&#x27;s website says they offer &quot;hack proof encryption&quot; and a $50k prize with a quote from The Next Web about &quot;1,000 hackers&quot; failing to break it.<p>If I&#x27;m handling highly sensitive data, I&#x27;d prefer any service I&#x27;m using to do that have multiple third party security audits on a source code level. Look at TrueCrypt&#x27;s audit -- which gets into actual lines of code and details potential attack vectors -- as an example. Without any kind of auditing, it&#x27;s a very tough claim to be hack proof.<p>Not to mention the fact that $50k might just not be enough to entice reporting. It&#x27;s a good bounty for sure, but if you can compromise highly sensitive data sources, it stands to reason that the value on breaking that crypto is much, much higher than $50k.

From reading this, one of the lynchpins seems to be a user password that encrypts a keychain containing stored key material used in the encryption.<p>This article doesn&#x27;t say enough for me to attempt using this as a security product.<p>What are the key sizes? What is the kdf used to create them? How many iterations? What entropy requirements are enforced on the passwords? Where and how are the keys stored on the other side of the connection? How do the keys get there in the first place?<p>Also, what mode of AES is used? What bit strengths?<p>There is a lot that is unsaid in this, and what is said uses marketing not security terms. Together these lead me to believe there weren&#x27;t security people involved in the actual design.

From my reading so far, it sounds like ZeroKit&#x27;s stores the private keys? Am I mistaken? Because if so, this is definitely not end-to-end encryption because ZeroKit is a middleman that can be attacked to gain access to keys.<p>Edit: It says ZeroKit doesn&#x27;t have access to the password, so asking for clarification here - is ZeroKit running entirely on the client then? Or do passwords ever get sent to the server (even if they are not stored or are session encrypted)? If that is true, why does one need to make a ZeroKit API call? Edit again: Quote from the article &quot;which enables you to log in a ZeroKit user on the server&quot;, perhaps cool that they have this option, but that is a huge red flag to me that there is a server side attack vector.<p>Full disclosure: I work on a competing system that has uses real end-to-end encryption. It works like this:<p>- First, PBKDF2 extend a user&#x27;s password into a proof of work.<p>- Use that proof of work to AES encrypt&#x2F;decrypt an ECDSA private key.<p>- Now use that private key AES encrypt&#x2F;decrypt private data, or a public key of a trusted user to encrypt&#x2F;decrypt private messages.<p>Note: The user authenticates strictly against their device, the password is never sent to any servers. Same with the private key, it can only be derived from a local process PBKDF2 extending the password (to prevent brute force attacks) and decrypting the private key with the proof of work. The private key is never shared or known by any middleman servers.<p>To read more about how this works, see a working prototype demo, and watch our 1 minute animated explainers on cryptography, check out this link: <a href="https:&#x2F;&#x2F;github.com&#x2F;amark&#x2F;gun&#x2F;wiki&#x2F;auth" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;amark&#x2F;gun&#x2F;wiki&#x2F;auth</a> (Note: All our code is MIT&#x2F;ZLIB&#x2F;Apache2 and open for auditing).