symmetric encryption algorithms

PGP can use several symmetric encryption algorithms. How is the algorithm selected when encrypting a message?
Is it possible to see or change this in Delta Chat?

Delta Chat uses 128-bit AES.

The core encrypts with a Default algorithm here:

Default algorithm is defined here:

Thank you very much!
That is, in order to use AES-256, I must build the application with different parameters?
I will try.

Are there any plans to add the choice of encryption algorithm to the program settings?

There are no plans to add such low-level options to the UI.

We could probably switch to AES-256 if there is a good reason to, but as far as I know it does not practically matter except that it would make encryption and decryption slower.

One reason to use it could be that other messengers use it, e.g. Signal is using AES-256 in Double Ratchet, WhatsApp claims to use AES-256 in their security whitepaper and likely uses Signal’s implementation, Matrix uses AES-256 in Olm and Telegram uses AES-256 in MTProto too. Threema uses Salsa20 with a 256-bit key.


All clear.
Thanks for the quick and complete answer!

I have made a PR to put the constants for AES-128 and SHA-256: refactor(pgp): add constants for encryption algorithm and hash by link2xt · Pull Request #4696 · deltachat/deltachat-core-rust · GitHub This will make it easier to switch to new ciphersuite in the future.

I have decided not to make any changes for now, because even AES-128 to AES-256 change is not uncontroversial. AES-256 is not just a bigger AES-128, it is an additional construction on top of AES-128 that may actually make security worse. See the blog post Another New AES Attack - Schneier on Security which announced that and recommends not to use AES-256 for new systems and “Best public cryptanalysis” section on page Advanced Encryption Standard - Wikipedia

1 Like

Thank you for the interesting information about AES and the changes in the program!

Will it be enough to enable AES 256 mode to change the value in this line?

Yes, you can replace 128 with 256 here if you want and Delta Chat should encrypt messages with AES256.