How Message Encryption Works
This tool uses AES Password-Based Encryption (PBE). Your password is combined with a random salt using PBKDF2 (Password-Based Key Derivation Function 2) to produce the AES encryption key. This means the key is never stored — only someone who knows your password can decrypt the message.
AES key size comparison
| Key size | Security level | Use case |
|---|---|---|
| AES-128 | 128-bit | General purpose, slightly faster |
| AES-192 | 192-bit | High security applications |
| AES-256 ★ | 256-bit | Maximum security, recommended for sensitive data |
Password strength matters
With PBE, your password becomes part of the encryption key. A weak password means weak encryption regardless of key size. A strong password should contain uppercase and lowercase letters, digits, and symbols, and be at least 12 characters long.
Use our Password Generator to create a strong random password, and check your password strength before using it.
Security notes
- Messages are processed server-side and never stored
- Use the same password and key length for decryption as you used for encryption
- AES-256 with a strong password provides excellent security for most use cases
- For file encryption, use our File Encryption tool