Changes in client-side encryption starting January 2021

What exactly will change in the upcoming update of the client-side encryption in DRACOON?

From the point of view of users and administrators, nothing fundamental will change when using client-side encryption in DRACOON. However, the keys for files in encrypted data rooms, the emergency passwords for individual data rooms, the DRACOON-wide emergency password, and the personal decryption passwords of the individual users will be stored in DRACOON with stronger encryption in the future—with keys of 4096 bits instead of 2048 bits as before.

Why will DRACOON encrypt file keys etc. with 4096 instead of 2048 bits in the future? Are 2048 bits no longer sufficient for security?

The German Federal Office for Information Security (BSI) still considers key lengths of 2048 bit, as used by DRACOON so far, to be absolutely secure with asymmetric encryption methods until the end of 2023, but recommends increasing the key length to at least 3000 bit afterward. The reason: It cannot be ruled out that by the end of 2023, much more powerful computers with corresponding computing power will be available with which key lengths below 3000 bits can possibly be cracked.
With its encryption update, DRACOON will go one step further than the BSI recommendation and even increase the key length to 4096 bit—which means that DRACOON's client-side encryption will be future-proof for at least the next 10 years.

See also: Technical Guideline TR-02102

Will working with encrypted files become noticeably slower by increasing the key length?

The calculation of 4096-bit keys is generally more complex than that of 2048-bit keys, which has a corresponding effect on the calculation time. How much the difference e.g. in the DRACOON Web App is noticeable by the user depends on the used web browser. When uploading to an encrypted data room, there is hardly any difference in Chrome, the new Microsoft Edge, or Firefox compared to 2048 bit keys (just milliseconds). When downloading, the difference is a bit greater, but in practice, it is hardly noticeable (0.2 seconds typical calculation time for one file key per file download e.g. in Chrome, the new Microsoft Edge, or Firefox). Since the change only affects the file keys and not the actual files, the size of the files is irrelevant.

Will DRACOON administrators and users have to perform any actions to be able to use the new key length of 4096 bit or will the conversion be done automatically?

It will not be possible to update the existing keys in DRACOON from 2048 to 4096 bit automatically. This is because, for the recalculation of the keys in 4096 bit, the passwords associated with the keys are needed—and therefore have to be specified once by the corresponding DRACOON users, as the passwords are not stored in DRACOON and therefore cannot be used automatically for a recalculation of the keys.

• To change the system-wide emergency password key to 4096 bits, a user with the Configuration Manager role will need to re-enter the system-wide emergency password once. Alternatively, a new system-wide emergency password can be specified, which was not possible before.
• Each encrypted data room can have its own data room emergency password as an alternative to the system-wide emergency password. To change the existing data room emergency passwords to 4096 bits, a room administrator of each top-level encrypted data room must re-enter the existing emergency password of the data room or, alternatively, specify a new emergency password for the data room. This is only required for top-level encrypted data rooms, not for encrypted subrooms.
• In order to change the keys of the individual files in encrypted data rooms to 4096 bits, users of encrypted data rooms must enter their existing personal decryption password once. They can also change their password at this opportunity if desired.

How are users in DRACOON made aware of the actions required to switch to 4096-bit keys?

For all affected users, a task will be displayed at the top of the DRACOON Web App, which will prompt for the personal decryption password, for example. The task will remain visible even after closing the DRACOON Web App and will be shown again when opening it again until it is completed.

Example:

Users who are using DRACOON for Windows/Mac version 4.3 and have stored their decryption password there may not be prompted to re-enter the decryption password in the web app because the conversion to the 4096-bit file keys could already be done automatically by DRACOON for Windows/Mac with the stored decryption password.

For technical reasons, no task will be displayed for entering the new data room emergency passwords—instead, room administrators will get a prompt when opening a corresponding data room.

What happens if users ignore the actions required to convert the file keys, such as not entering their decryption password?

In this case, the existing file keys (2048 bit) are automatically reused.
However, users of the DRACOON Web App are already generally prompted to enter their decryption password when opening the first encrypted data room in a session. Without entering the decryption password, for example, no new files can be uploaded to encrypted data rooms. Therefore, it can be assumed that users regularly enter their decryption password in the DRACOON Web App anyway (provided they have access to encrypted data rooms).

When will the new key length of 4096 bit be usable?

On the DRACOON cloud, a DRACOON update with support for 4096-bit keys will be available in January 2021.
On-premises customers will receive 4096-bit key support in the next DRACOON release (DRACOON Server).

Will the new 4096-bit file keys also be supported by other DRACOON clients than the DRACOON Web App?

Yes, updates have been released for all official DRACOON clients that can use the new 4096-bit file keys. The following versions of the DRACOON clients support the new 4096-bit file keys:

• DRACOON for Windows/Mac version 4.3 or later
• DRACOON for Outlook version 5.11 or later
• DRACOON for iOS version 6.1 or later
• DRACOON for Android version 5.10 or later

For developers of proprietary DRACOON solutions, updated versions of the Crypto SDKs for DRACOON have been made available with support for 4096-bit file keys.

Are the changes also relevant if no encrypted data rooms are used and the encryption for the DRACOON environment is not activated in Settings?

If you currently do not use encrypted data rooms and have not activated encryption for your DRACOON environment in Settings, no actions on your part or by your users in the course of the conversion are necessary. If you use encryption later, all keys will be generated automatically in 4096 bit.

Why was the increase of the key length from 2048 to 4096 bit not done earlier by DRACOON?

4096-bit keys are significantly longer than 2048-bit keys, so their calculation is correspondingly more complex and takes more time. Only the latest improvements in the JavaScript engines of common web browsers as well as in the computing power available on mobile devices now allow the calculation of such complex keys without noticeable delays for DRACOON end-users, e.g. when using encrypted data rooms in the DRACOON Web App. Since Internet Explorer, whose outdated JavaScript engine would have been too slow for the calculation of 4096-bit keys, is no longer supported for the DRACOON Web App since July 2020, the way has been cleared for the use of 4096-bit keys in DRACOON only now.