An update for the client-side encryption is expected to be released on the DRACOON Cloud in September 2020 as part of a new DRACOON version. This will make the client-side encryption of DRACOON even more secure. This will be achieved by encrypting file keys and personal decryption passwords with keys of 4096 bit length.
Therefore the key length is increased to 4096 bit
The German Federal Office for Information Security (BSI) still considers key lengths of 2048 bit, as used by DRACOON so far, absolutely secure for asymmetric encryption until the end of 2023, but recommends to increase the key length to at least 3000 bit afterwards.
The reason: It cannot be ruled out that by the end of 2023 much more powerful computers with corresponding computing power will be available, with which key lengths below 3000 bit can possibly be cracked.
With its encryption update DRACOON will go one step further than the BSI recommendation and will even increase the key length to 4096 bit - which means that DRACOON's client-side encryption will be future-proof for at least the next 10 years.
From the point of view of users and administrators nothing fundamental will change in the current methods of client-side encryption in DRACOON. However, the keys for files in encrypted data rooms, the emergency passwords for individual data rooms, the DRACOON-wide emergency password as well as the personal decryption passwords of the individual users will in future be stored in DRACOON in a more strongly encrypted form, namely with keys of 4096 bit length instead of 2048 bit as before.
Detailed information about the extension of the key length at our client-side encryption can be found in our support area.