The encryption used is AES Cypher with Rijndael algorithm. AES is a ‘symmetric block cipher’ for encrypting texts which can be decrypted with the original encryption key. Each encryption is done using 256bits.
AES means Advanced Encryption Standard. Noticed that AES, based on the Rijndael algorithm, is the tightest security currently available (approved by the US government for classified information up to ‘Secret’ – and in in 192 or 256 key lengths, up to ‘Top Secret’). AES was adopted by NIST in 2001 as FIPS-197, and is the replacement for DES which was withdrawn in 2005.
Encryption in TeamPass is done on 2 levels.
First level consists in encrypting every transaction between the user’s computer and the server. So when a POST query is sent to the server and back to the user, the data posted is previously encrypted.
Second level consists in encrypting the data in the Database. So before saving in Database, data is previously encrypted.
As a result, the exchanges between the user and the server are secured, and the data stored in the Database are secured.
The encryption uses 2 keys.
For Database encryption, it uses a SALT key given by the administrator of TeamPass. Once some data have been encrypted, it can’t be changed any more. Indeed this SALT is the key for encrypt/decrypt the data.
For Exchange encryption, it uses a unique KEY generated automatically when User gets logged to TeamPass. This KEY is stored in a Session variable. If this key is broken and changes during a query, then the results will not be decrypted and an error would occur.