Android Question B4X 256 bit encryption?

MrKim

Well-Known Member
Licensed User
Longtime User
I am using B4XCipher and it works great, however I understand it is only 128 bit? There are now rumblings that this is not secure, or will not e secure in the near future.
My main concern is clients saying "We MUST have 256!!!"
Is there a clean 256 bit B4X method?
My next question, as I am no crypto expert and don't want to be: Can't you just encrypt the encryption to get a higher level of security? i.e.
Return Str.EncodeBase64(c.Encrypt(c.Encrypt(text.GetBytes("utf8"), password), password))

Thanks for your help
 

MrKim

Well-Known Member
Licensed User
Longtime User
While not a crypto expert, I don't see any source that claims that AES 128 is not secure. On the contrary.
Technically it shouldn't be difficult to add 256 bit encryption to B4XEncryption.
I agree. 128 is in reality, fine, but then when you Google you can find headlines like this,
"Does Size Matter? AES 128-Bit Encryption is (Probably) Good Enough"
or
"Guess why we’re moving to 256-bit AES keys"
If you delve into the articles they do, in fact support 128 as being more than enough but notice there is always the hedge. Users don't read the technical details. They will simply see the headlines and ascribe (like the US military) to the "more is better" philosophy. Customers will spec 256 because it is "better".

I couldn't find the article that led me down this path, but primarily the big concern going forward is Quantum computing and what it will do to security. The article stated that it is estimated that Cryptocurrency has about 5 more years before it will be breakable.

From what I read 256 is about 40% slower than 128 and speed is a bit of an issue for me so I prefer to stay with 128. The reality is for my users 128 is more than enough. There is simply not enough value in their data to warrant the effort it would take to decrypt it. But it is easier to sell 128 if I can also offer 256.

If it is easy to add 256 and make it an option that would be nice because then we could offer users the choice. But it is primarily a marketing exercise :p.

Who knows Erel? Some big corporation out there might be looking right now for a cross platform language to standardize on for the next 20 years and one of their specifications for that language might be 256 bit encryption:rolleyes:.

I guarantee if anyone is going to spec security for the long term it won't be 128.

As always Erel thank you for the truly incredible job you are doing. An your patience with those of us who don't have your talent. I would give my eye teeth to have half your skills.
 
Upvote 0
Top