To keep your sensitive data safe, Sky Wallet implements strong security encrypting data using AES algorithm.
AES is the most secure encryption algorithm provided by Windows Phone. AES algorithm is certified by NSA for encrypting secret and top secret documents (the latter using keys that are at least 192 bits long).
Sky Wallet crypts and decrypts data using a 256 bit key, which offers the strongest security level. The key is derived from user’s master password, so Sky Wallet does not use one specific encryption key.
The master password and the derived encryption key are never stored on the user’s phone or anywhere else: that means that if the user loses his phone, nobody can find the key on the file system and try to access his data. Please note that it means also that if a user forgets his own master password there’s no way to recover it, no way to derive the key and no way to decrypt and recover his sensitive data.
To maximize security, the app uses cipher-block chaining (CBC) and a different initial vector every time it crypts data and saves the file (every time a user makes a change to his data).
During synchronization, the app always uploads or downloads the encrypted file. Readable data is never transmitted, neither stored on SkyDrive. Moreover, the app uses HTTPS protocol to communicate with SkyDrive, so user’s data is encrypted two times during its transmission on the internet.
User data is never sent to or stored on any server, system or service other than the user’s authenticated SkyDrive.
A note about the master password
Users should always choose a strong master password that is hard to guess: finding a 256 bit key given an encrypted file is extremely hard, but guessing someone’s master password can be easy if the user chose a simple password (e.g. a date of birth, the son’s name, the preferred football team, etc.)
Master passwords should always be complex, long and unpredictable, and contain capital and lower-case letters, symbols and numbers.