How does Inky store my passwords and other sensitive information securely?
We use a combination of strong encryption, innovative algorithms, and common sense to make Inky safe. At a high level, Inky always uses your computer’s network connection to talk to your mail servers, and always negotiates the most secure connection it can to your mail servers. This means that Inky’s communications with your mail servers are private and secure — neither a third party nor our employees can ever access your email.
Inky uses an important new technique to store your confidential information securely. This method — known broadly as a “zero knowledge proof” — allows Inky to prove to our servers that you know your Inky password without actually transmitting the password itself. As strange as that may seem at first, it’s possible to prove that it works without leaking any confidential information.
Here’s how: our servers store what’s known as a “password verifier” that matches your password and only matches your password. Computer scientists believe that it’s similarly hard to recover your password from the password verifier as it is to simply guess the password using brute force — in other words, by trying all possible passwords. This means that if a hacker or a rogue employee gets access to your stored password verifier, the verifier does not actually help the person determine your password.
When you type your password into Inky, Inky uses a zero-knowledge proof protocol called Secure Remote Password (SRP) to authenticate you. Your password is never transmitted outside your computer’s memory, so no one can eavesdrop on it. The SRP protocol is an open standard developed at Stanford by Tom Wu, and is defined in IETF RFC 2945.
Because SRP allows Inky to prove to our servers that you typed in your password correctly without sending the password, your password remains secret. This, in turn, means that Inky can use your password as a key to encrypt other sensitive information we store on your behalf, such as your email passwords. Here again, our goal is to ensure that even if a third party gained access to our database and got your encrypted email passwords, it wouldn’t help the third party get into your mail account and read your mail.
The specific encryption method we use is known as AES-256-GCM. This encryption method has been standardized by the US National Institute of Standards and Technology (NIST), and is authorized for use in top secret applications in the US.
To encrypt your sensitive information with AES-256-GCM, we first derive a key from your Inky password. Because your Inky password may not be very strong from a cryptographic standpoint, we use a method called PBKDF2 to “stretch” your password into a strong key. Our particular implementation of PBKDF2 allows us to increase certain parameters as time goes on and computers get more powerful, but right now we use PBKDF2 with 65,536 cipher iterations, the SHA-256 hash function, and a 24-bit key length. See IETF RFC 2898 for more details on the PBKDF2 standard.
We use this combination of methods to store your data securely both in the cloud and on your device. All data Inky stores on your device — including the contents of all your downloaded emails — are stored encrypted using AES-256-GCM with a strong random key. So if you lose your phone, no one will be able to access your downloaded email without knowing your Inky password.