E2E encryption

What does end-to-end mean?

End-to-end (E2E) encryption means message content is turned into ciphertext in your browser before it is sent. The server relays encrypted data only and has no key to read it.

The encryption key is derived from the room password using PBKDF2. Every participant with the same password can decrypt messages locally.

Algorithms

• AES-GCM: message content encryption
• PBKDF2 (210,000 iterations): key derivation from room password
• Random IV for each message

Important limitations

E2E applies to text messages. Images are sent as compressed data and stored in participants’ browser localStorage — a separate mechanism from text encryption.

Password strength is up to you: longer, complex passwords are harder to guess. Share invite links only with people you trust.