live_helpHow long are sensitive details on your servers?They are stored in ciphertext (encrypted state) on the server for a maximum of 72 hours. Less if you set a sooner self-destruct time.
live_helpWhat encryption do you use?
- - User passwords are hashed using bcrypt, salted, and peppered.
- - Sensitive details that you send to others are encrypted using NaCl/libsodium
- - Your connection with our site is secured by TLS has an A rating from SSL Labs
live_helpWhat would an attacker need to compromise my sensitive details if I send them using Boveda? (What’s the attack surface?)
In a normal scenario where Alice is sending sending sensitive details to Bob, Eve would need to gain access to Alice or Bob’s email account and she’s got everything she needs.
With Boveda, if Eve get’s access to Alice’s email, she still can not get access to secure details sent through Boveda because once Alice sends these details, she can no longer view them.
If Eve gets access to Bob’s email, then she would need to have access within the 8-72 hour window that Alice sends the secure details to Bob. She would also need to get to the email before Bob does as the email provides one-time access to the details. She would also need to have access to Bob’s physical device or figure out a way to to compromise the phone number within the very small window she has to use the link before Bob does, it expires, or Bob notices his phone no longer has an active signal.1 Having access to a physical device as well as the email account is very unlikely. Most attacks are not performed by someone breaking into your house/office to gain access to your computer and phone simultaneously. The latter attack still requires an incredible amount of coordination with multiple attack vectors.
As you can see the attack surface is considerably smaller. Should you share state secrets with this service? Probably not. But you can quite confidently send keys/passwords to others who normally would request you send them via plaintext emails.
1: The most common way to gain access to an SMS is to social engineer the cellular provider into releasing the phone number to Eve. However, the moment it is released, Bob loses cellular service.
live_helpIs 2FA using SMS problematic?
- - Refer to our attack surface.
- - We recommend utilizing a landline and the voice pin option if this is a concern.
- - While not perfect, SMS 2FA is much better than not having it.
- - We’re working on Google Authenticator as an option for recipients who are existing users.
live_helpCan you see my sensitive details that I'm sharing?
No. An encrypted value is stored that requires your contact's key to decrypt (unlock). Because of the way the system is designed, there is no way for us to decrypt the value stored on our systems.
live_helpDo you store the sensitive details after my contact has received it or the self-destruct time?
No. An encrypted value is stored that requires your contact's key to unlock, but as soon as your contact has unlocked it, it is destroyed. If it isn't retrieved by your contact within the time you've allotted, it is also destroyed.
live_helpWhere do you get those snazzy robots for my avatar?
Robots lovingly delivered by Robohash.org. A unique robot-hash is generated from your email. Pretty great right?