News & Updates

From the 1Cryptor Team

Security updates, product news, and technical deep-dives on zero-knowledge encryption.

v2.0

Release May 8, 2026 5 min read

1Cryptor 2.0: Deeper Argon2id Tuning, Faster Rust Engine, and Native Files App Support

Today we’re releasing 1Cryptor 2.0 — the most significant update since launch. The core cryptographic engine has been re-tuned with Argon2id parameters raised to 131,072 KiB of memory and 4 iterations, raising the brute-force cost floor by an order of magnitude. The Rust engine now parallelises chunk encryption across CPU cores, and the iOS FileProvider extension has been rewritten for zero-latency file access directly from the Files app.

Argon2id Memory131,072 KiB

Iterations4 passes

EncryptionAES-256-GCM

Read full release notes

SecurityApr 22, 2026

Why AES-256-GCM Makes Ciphertext Tampering Impossible

A deep dive into authenticated encryption and why the 16-byte GCM authentication tag is your last line of defence against ciphertext modification attacks.

EngineeringApr 10, 2026

Building a Rust Crypto Engine Bridged to Swift via C ABI

How we compile Rust cryptographic primitives into a static library, expose them through a C header, and call them from Swift with zero runtime overhead.

PrivacyMar 29, 2026

Zero Knowledge Is an Architecture, Not a Policy

The difference between a company that promises not to read your files, and one that is technically incapable of doing so. Why the distinction matters in practice.

SecurityMar 14, 2026

Argon2id vs scrypt: What the Password Hashing Competition Decided and Why

In 2015 the PHC selected Argon2id as the modern KDF standard. We explain the memory-hardness tradeoffs and why we chose 128 MB as our memory cost parameter.

EngineeringFeb 28, 2026

Native iOS FileProvider vs WebDAV: Why We Rebuilt the Integration from Scratch

The technical story behind replacing a WebDAV bridge with a first-class FileProvider extension — and what it means for reliability, speed, and battery life.

ReleaseFeb 12, 2026

1Cryptor 1.5: RSA-4096 Key Wrapping and Multi-Vault Support

This release introduces RSA-4096 asymmetric key wrapping via OAEP-SHA256, replaces the previous symmetric scheme, and adds support for multiple independent encrypted vaults.

PrivacyJan 30, 2026

Our Minimal Data Pledge: What We Collect, What We Never Can

A plain-language walkthrough of our data architecture — why we are technically incapable of seeing your filenames, metadata, or file contents, even if compelled.

SecurityJan 15, 2026

Threat Modelling a Zero-Knowledge File Vault: What We Protect Against

Our STRIDE analysis — spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege — and how each is addressed in 1Cryptor’s architecture.

EngineeringJan 3, 2026

5 MB Chunks: The Engineering Tradeoff Between Overhead and Isolation

Why we chose 5 MB as our chunk size — the cryptographic isolation benefits, the performance characteristics on modern hardware, and how it compares to fine-grained alternatives.

WorldPrivacyFeb 2025

UK Forces Apple to Disable iCloud Encryption for British Users

The UK government secretly ordered Apple to create an encryption backdoor into iCloud — forcing Apple to withdraw Advanced Data Protection from the entire UK rather than comply.

Read full analysis

WorldSecurity2022–2023

LastPass Breached: 25 Million Vaults Stolen, $35M+ in Crypto Lost

Attackers stole 25 million encrypted vault backups from LastPass, then cracked thousands of them — draining over $35 million in cryptocurrency from victims with weak master passwords.

Read full analysis

WorldPrivacy2023–2024

Germany Bans Microsoft 365 in Schools Over GDPR Violations

All 16 German states declared Microsoft 365 illegal in schools under GDPR — citing unacceptable transfers of student data to US servers, with no compliant alternative offered by Microsoft.

Read full analysis

WorldPrivacyJul 2023

Google Uses Your Drive Files to Train Its AI — Without a Real Opt-Out

Google’s 2023 privacy policy update states that content you upload to Drive, Docs, and Photos can be used to train AI models — affecting 3 billion users with no meaningful way to refuse.

Read full analysis

WorldPrivacy2018 Law

The US CLOUD Act: How American Authorities Can Demand Your Data Worldwide

The 2018 CLOUD Act empowers US law enforcement to compel any American tech company — Apple, Google, Dropbox, Microsoft — to surrender your data regardless of where it is stored.

Read full analysis

WorldSecurityApr 2024

Dropbox Sign Breach: 700,000+ Users’ Tokens and API Keys Stolen

Attackers breached Dropbox Sign’s production environment in April 2024, exfiltrating authentication tokens, API keys, MFA secrets, and the personal data of over 700,000 users.

Read full analysis

WorldPrivacy2013 / 2024

NSA PRISM: Mass Surveillance of Apple, Google & Microsoft — Still Active in 2024

Since 2007 the NSA’s PRISM program has collected data directly from 9 major tech companies. Section 702 — its legal authority — was renewed by Congress again in April 2024.

Read full analysis

WorldPrivacy2022–2024

EU Chat Control: Brussels Wants to Scan Every Private Message You Send

The EU’s proposed Chat Control regulation would require all messaging platforms to scan private messages for prohibited content — breaking end-to-end encryption for 450 million Europeans.

Read full analysis

WorldPrivacyOngoing

iCloud Backup Is Not End-to-End Encrypted by Default — Apple Can Read It

Most iCloud backups — photos, messages, device state, health data — remain accessible to Apple unless you manually enable ADP. Apple has complied with thousands of government data requests.

Read full analysis

WorldPrivacy2021 Policy

WhatsApp Collects 18+ Metadata Categories and Shares Them with Meta

Despite end-to-end encrypted messages, WhatsApp shares your contacts, precise location, device identifiers, usage patterns, and 18+ other data categories with Facebook’s advertising platform.

Read full analysis

From the 1Cryptor Team

1Cryptor 2.0: Deeper Argon2id Tuning, Faster Rust Engine, and Native Files App Support

Why AES-256-GCM Makes Ciphertext Tampering Impossible

Building a Rust Crypto Engine Bridged to Swift via C ABI

Zero Knowledge Is an Architecture, Not a Policy

Argon2id vs scrypt: What the Password Hashing Competition Decided and Why

Native iOS FileProvider vs WebDAV: Why We Rebuilt the Integration from Scratch

1Cryptor 1.5: RSA-4096 Key Wrapping and Multi-Vault Support

Our Minimal Data Pledge: What We Collect, What We Never Can

Threat Modelling a Zero-Knowledge File Vault: What We Protect Against

5 MB Chunks: The Engineering Tradeoff Between Overhead and Isolation

World Security News

UK Forces Apple to Disable iCloud Encryption for British Users

LastPass Breached: 25 Million Vaults Stolen, $35M+ in Crypto Lost

Germany Bans Microsoft 365 in Schools Over GDPR Violations

Google Uses Your Drive Files to Train Its AI — Without a Real Opt-Out

The US CLOUD Act: How American Authorities Can Demand Your Data Worldwide

Dropbox Sign Breach: 700,000+ Users’ Tokens and API Keys Stolen

NSA PRISM: Mass Surveillance of Apple, Google & Microsoft — Still Active in 2024

EU Chat Control: Brussels Wants to Scan Every Private Message You Send

iCloud Backup Is Not End-to-End Encrypted by Default — Apple Can Read It

WhatsApp Collects 18+ Metadata Categories and Shares Them with Meta

Security updates in your inbox