Cryptographic algorithms

Condensation uses the following cryptographic algorithms:

SHA 256 to calculate object hashes, and validate their integrity.
AES 256 in CTR mode without padding to encrypt objects.
RSA 2048 to encrypt AES keys (using OAEP with SHA 256) and sign hashes (using PSS with SHA 256).

All three algorithms have been around for at least 10 years, and are believed to be secure. They offer good performance on today's computers, and a brute-force attack resistance until at least 2025.

Instead of offering a plethora of different encryption methods, Condensation limits itself to a small number of cryptographic primitives. This allows for a smaller codebase that is easier to maintain and review. In addition, no protocol negotiation and configuration is necessary, eliminating a frequent source of errors.

Just as with other protocols, the security suite will evolve to adjust for increasing processing power or changes in processor design. Future versions of Condensation may use a different set of algorithms.

System architecture

This should go to a separate section.

Condensation is based on end-to-end encryption. The data is encrypted within the application that produces or sends it, and decrypted within the application that consumes or receives it. When storing data, sender and receiver of the data are usually the same.

Network and storage systems see encrypted data only, and do not have the encryption keys necessary to decrypt any data.