OneBuddy uses encryption in two features: Browser Lock (password hashing) and Encrypted Messaging (message encryption).
Browser Lock uses SHA-256 hashing for passwords. When you set a lock password, it's hashed with SHA-256 before storage. The original password is never stored. When unlocking, your input is hashed and compared to the stored hash.
Encrypted Messaging uses two layers of cryptography:
1. Key Exchange: ECDH (Elliptic Curve Diffie-Hellman) with the P-256 curve. This allows two parties to establish a shared secret over an insecure channel without ever transmitting the secret itself.
2. Message Encryption: AES-GCM with 256-bit keys. Each message is encrypted with a unique initialization vector (IV), providing both confidentiality and integrity. AES-GCM is the same standard used by governments and financial institutions.
Zero-Knowledge Architecture: The relay server handles only encrypted ciphertext. It has no access to encryption keys and cannot decrypt messages. Even a complete server compromise would not expose message contents.