Encryption in Algebraic

There are two distinct steps when Algebraic encrypts a file.

In the first step, namely password hashing, Algebraic derives an encryption key from a user-supplied password. In the second step, namely data encryption, Algebraic encrypts file data and file metadata using the derived encryption key.

Password Hashing

The password hashing step computes an encryption key from a user-supplied password.

Algebraic password window
Algebraic password dialog on macOS

Password hashing is meant to be computationally expensive. The idea is that an adversary that may attempt to guess the encryption password through brute force (i.e. trying every possible password combination) will find it practically infeasible due to the computationally expensive nature of the password hashing step.

Algebraic uses the Argon2id password hash from the Argon2 family. The hash is designed to resist both side-channel attacks, due to operating partially in a password independent order, and cracking attacks, due to operating partially in a password dependent order.

Argon2 was the winner of the latest Password Hashing Competition that ran from 2013–2015.

The latest versions of Algebraic use the following Argon2id parameters.

Argon2id parameter Value
Memory 4 gibibyte
Parallelism Number of logical CPUs
Time (or Iterations) 1

Data Encryption

Encrypting data with the latest versions of Algebraic guarantees both confidentiality and authenticity of the data.

Confidentiality means that an adversary cannot view the underlying sensitive data without knowing the original encryption password or encryption key. Authenticity means that, if an adversary tampers with an encrypted file, Algebraic will detect that the data has been compromised.

Algebraic uses XChaCha20-Poly1305 for encryption of the metadata header and the file data. The 256-bit encryption key is obtained from the eariler password hashing step.

Section Encryption Security Key size
File metadata XChaCha20-Poly1305 Authenticity, confidentiality 256 bit
File data Ditto Ditto Ditto

For more details read Algebraic's file format specification.


Algebraic uses the following open source cryptography packages.