At Edge, we felt that proper security requires that private keys are ALWAYS encrypted before being saved on the device, and that the encryption use a unique and strong password that only the user knows. To further increase the security, the user’s password is hashed into a pseudo-random number using a CPU and memory intensive algorithm (Scrypt) that is dynamically tuned to the speed of the user’s device. The faster the device, the stronger the hashing, the harder it is to brute force a user’s password. That strong cryptographic hash is the encryption key that secures the user’s data, helping protect it from malware on the device.
Additionally our code base is open source and our white paper is available for those interested in the details of our Edge Security platform. Our architecture has undergone a 3rd party security audit and we feel very confident we’ve found the right balance of security and ease of use for the masses and advanced users.
Feel free to reach out to us if you have any questions about our security model and philosophy. We are always looking to improve and your feedback is appreciated.