BetaWe're currently in beta. Signing in will place you on our waitlist.
Reports, Blockchain & Trust

Report Password Protection

Why Pentest Reports Need Encryption

Penetration test reports contain some of the most sensitive information in an organization's security program. They document exactly how to exploit the organization's systems — complete with proof-of-concept payloads, internal network details, and attack chains. If a report falls into the wrong hands, it becomes a roadmap for attackers.

TurboPentest encrypts every PDF report with AES-256-GCM before it is stored or transmitted. This means that even if someone gains access to the storage backend or intercepts the download, the report contents remain unreadable without the correct password.

The Encryption Stack

AES-256-GCM: Authenticated Encryption

TurboPentest uses AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode) for report encryption. This is an authenticated encryption scheme, which means it provides both confidentiality and integrity:

  • Confidentiality — The report content is encrypted and unreadable without the key
  • Integrity — Any tampering with the encrypted data is detected upon decryption
  • Authentication — The GCM authentication tag proves the ciphertext has not been modified

The "256" in AES-256 refers to the key length in bits. A 256-bit key has 2^256 possible values — a number so large that brute-force attacks are computationally infeasible with any current or foreseeable technology. AES-256 is approved by NIST and used by governments worldwide for classified information.

GCM mode is specifically chosen over older modes like CBC because it provides authenticated encryption in a single pass. With CBC, you need a separate HMAC step to detect tampering. GCM builds integrity verification directly into the encryption process, producing an authentication tag that is verified during decryption.

Key Derivation with Argon2

A user-chosen password is not directly usable as an AES-256 encryption key. Passwords are variable-length strings that may have low entropy, while AES-256 requires exactly 256 bits of high-entropy key material. Key derivation functions (KDFs) bridge this gap.

TurboPentest uses Argon2id for key derivation — the winner of the Password Hashing Competition and the current best practice for deriving cryptographic keys from passwords. Argon2id combines two approaches:

  • Argon2d — Data-dependent memory access, resistant to GPU cracking attacks
  • Argon2i — Data-independent memory access, resistant to side-channel attacks
  • Argon2id — A hybrid that provides both protections

The key derivation process works as follows:

  1. A cryptographically random 128-bit salt is generated for each report
  2. The user's password and the salt are fed into Argon2id
  3. Argon2id parameters are tuned for security: memory cost (64 MB), time cost (3 iterations), and parallelism (4 lanes)
  4. The output is a 256-bit derived key suitable for AES-256-GCM

The salt ensures that the same password produces different keys for different reports. The high memory cost makes it expensive to attempt parallel brute-force attacks, even with specialized hardware.

Encryption Process

When a report is generated, the encryption pipeline executes these steps:

  1. PDF Generation — The report is rendered as a complete PDF in memory
  2. Salt Generation — A fresh 128-bit cryptographically random salt is created
  3. Key Derivation — The user's password and salt are processed through Argon2id to produce the 256-bit encryption key
  4. IV Generation — A unique 96-bit initialization vector (IV) is generated for GCM mode
  5. Encryption — The PDF bytes are encrypted with AES-256-GCM using the derived key and IV
  6. Storage — The encrypted blob, salt, IV, and authentication tag are stored together; the plaintext PDF is never written to disk

The initialization vector (IV) must be unique for every encryption operation with the same key. Reusing an IV with the same key in GCM mode completely breaks the security guarantees. TurboPentest generates the IV from a cryptographically secure random number generator to ensure uniqueness.

Decryption Flow

When a user downloads a report and enters their password:

  1. The salt is read from the stored metadata
  2. Argon2id derives the same 256-bit key from the password and salt
  3. AES-256-GCM decrypts the blob using the derived key and stored IV
  4. The GCM authentication tag is verified — if it does not match, decryption fails with a tamper-detection error
  5. The decrypted PDF is streamed to the user's browser

If the wrong password is entered, the derived key will be different, and the authentication tag verification will fail. This produces a clear "incorrect password" error rather than garbled output.

Secure Password Delivery

Encryption is only as strong as the password management around it. TurboPentest provides two password workflows:

User-Set Password

The user sets a report password during scan configuration. This password is used for key derivation during report generation and is never stored in plaintext. The system stores only the encrypted report, salt, and IV. If the user forgets the password, the report cannot be decrypted — there is no recovery mechanism, by design.

Auto-Generated Password

For users who prefer not to manage passwords, TurboPentest can auto-generate a high-entropy password using 128 bits of randomness encoded as a base62 string. This password is displayed once at report generation time and can optionally be sent to a secondary email address for split-knowledge delivery — the report link goes to one address, the password to another.

Compliance Considerations

AES-256-GCM encryption with Argon2id key derivation meets or exceeds the encryption requirements of SOC 2 Type II, ISO 27001, HIPAA, and PCI-DSS. For organizations subject to these frameworks, TurboPentest's report encryption provides documentation-ready evidence of data protection controls applied to sensitive security assessment output.

Previous

PDF Reports

Next

Export Formats

On this page