Frequently Asked Questions
HOW DOES IT WORK?
All content stored within our infrastructure is secured both in transit and at rest using the latest in end-to-end encryption technologies. To illustrate this lets follow a simple account setup process:
- You choose your username and password
- A unique random salt is generated for your account
- Your login credentials and your unique salt are hashed using PBKDF2 of 10,000 iterations
- A unique asymmetric encryption key pair is generated and encrypted symmetrically using a derivative of your password
- Your encrypted keys are sent up to our secure servers using SSL/TLS encryption
- Before your data ever leaves your phone it is fully encrypted and can ONLY be decrypted with YOUR password
- Additionally our servers write data to an encrypted disk which further protects against data theft.
Now that you have your account setup you can upload your first file:
- All Tribes have unique symmetric encryption keys that give the authorized users the ability to decrypt files stored in that tribe.
- When a person joins a Tribe they are given a unique encrypted copy of the Tribe’s encryption keys, these are never stored nor transmitted in clear/plaintext and we (nor anyone else) can ever see it.
- When you upload a file to a Tribe, the file is encrypted using the Tribe’s encryption key and the file is written to disk as an encrypted BLOB element.