diff --git a/FAQ.md b/FAQ.md index 9772a814a3..a953dfd804 100644 --- a/FAQ.md +++ b/FAQ.md @@ -5010,13 +5010,18 @@ Password protected content is encrypted with [AES](https://en.wikipedia.org/wiki with a 256 bits key derived with [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) / [SHA](https://en.wikipedia.org/wiki/Secure_Hash_Algorithms)-512 with 120,000 iterations. With a sufficiently long/complex password, which is communicated to the recipient securely, this is considered safe in 2022 and for the foreseeable future. -The maximum content size is 1,500 bytes, which includes [HTML](https://en.wikipedia.org/wiki/HTML) formatting tags. -Images will be replaced with placeholders to reduce the content size, but other formatting, like bold, italic, etc., will be retained. +Due to [URL](https://en.wikipedia.org/wiki/URL) length limits, the maximum content size is 1,500 bytes, +which includes [HTML](https://en.wikipedia.org/wiki/HTML) formatting tags. +Images will be replaced with placeholders to reduce the content size, but other formatting, like bold, italic, links, etc., will be retained. + +The content size limit is also why complete messages (possibly including a long reply chain) cannot be password protected. +You can use [PGP](https://en.wikipedia.org/wiki/Pretty_Good_Privacy) or [S/MIME](https://en.wikipedia.org/wiki/S/MIME) encryption for this (see [this FAQ](#user-content-faq12)). + [Cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) is prevented by using [DOMPurify](https://github.com/cure53/DOMPurify) (Apache License Version 2.0). -This feature is available since version 1.1985, but only in the GitHub version of the app. +Protected content is only available in non-Play Store versions of the app (since version 1.1985). -Sending protected text is a pro feature, decrypting protected text is a free feature. +Sending protected content is a pro feature, decrypting protected content is a free feature.