How secure is Secure Share?
Cacti’s Secure Share is quite secure. Of course, nothing is a 100% secure; smart people are constantly trying to break into encrypted systems. Given that, we believe Secure Share is secure enough due of the following reasons.
Encryption: 256-bit AES
Whenever you share something through Secure Share, Cacti first encrypts that photo using 256-bit AES. This is an industry-standard encryption protocol that makes brute-force attacks unreasonably long.
Cacti allows you to choose a passphrase up to 256 characters, which makes it extremely secure.
As long as you ensure that the passphrase used for you Secure Share encryptions are only shared with the people who are the intended receivers, you could be confident of your shared photos not falling into the wrong hands.
Unencrypted data is never stored
Your Secure Share Profile passphrases are stored inside Cacti’s encrypted vault, and these cannot be accessed without first unlocking your vault. No sensitive information is ever stored unencrypted. Tip: If you choose to make Secure Share even more secure, never store these passphrases into a Secure Share Profile and manually enter them each time. This way, your passphrases are only committed to your memory.
No Cloud
Cacti does not have a cloud backend to store, transfer, or process your sensitive information. You vault lives only on your device, and when you send something over Secure Share, it’s not shared through any of Cacti’s services. You may choose to use any existing messaging platforms like iMessage, WhatsApp, Signal, etc. Us, the developers of Cacti never get access to any of your sensitive photos or passphrases—encrypted or decrypted. While using Secure Share to transfer your photos, you rely on at least 2 parties (Cacti for encryption-decryption and another communication app for transferring the file), you can be even more assured that not one party has all the information required to view your decrypted photos.
What Secure Share doesn’t prevent?
Secure Share only ensures that your shared photos are encrypted in transit through any app of your choice. But once the receiver decrypts the photo, they are free to do what they want with it.
Make sure you trust the person you send your photos to, as what they do after falls outside of Cacti’s purview.