What kind of encryption does Tenta use?

Tenta Browser uses various protocols and encryption to protect your data. Here is what we use and when:

  • Latest TLS/SSL for data transport Layer.
  • AES-256 bit encryption for stationary browser data stored on the device, with testing of ChaCha20/256 for future storage of downloaded files. We may transition our other storage to ChaCha20/256 in the future, if we find a sufficient performance benefit.
  • Unique user pincode not stored on any server or on the device.
  • OpenVPN for secure connections and encrypting all inbound and outbound connections to the web (depending on configuration).
  • Transit meta data (OpenVPN control channel) - TLS 1.2 DH key exchange, AES-256 with SHA-384 authentication. 2048bit RSA keys.
  • Transit data (OpenVPN data channel) – AES-256 with SHA-512 authentication.
  • Service APIs: TLS 1.2 Elliptic Curve DH key exchange, AES-256 with SHA-384 authentication. 384bit EC keys.
  • As an added security feature, we enforce authentication on ZONE servers, to make sure only Tenta Browser users have access.
  • The unique user PIN is never stored on any server or the device, rather it is used to derive the user specific encryption key, which is also not stored on any server.
  • Tenta DNS supports both DNS over TLS and DNSSEC to keep your DNS requests private and secure.