Set encryption back to AES-128

[laurent22]

For now we set it back to AES-128 due to severe performance issues on certain devices with certain resources.

#8619

[personalizedrefrigerator]

Another option could be to use AES 256 for items under a certain size (e.g. < 1 MiB) and AES 128 for larger items.

[laurent22]

Another option could be to use AES 256 for items under a certain size (e.g. < 1 MiB) and AES 128 for larger items.

Hmm, not sure about this. I don't think it makes sense to have more secure method for some notes, and a less secure one for other notes. I'm also not convinced it's a good short term solution because maybe the slow decryption issue will still happen on some devices since we are not able to replicate it.

I'm more keen to either replicate and fix the issue for all data, or to switch to native encryption if we can.

[personalizedrefrigerator]

switch to native encryption if we can.

I'm currently looking at libsodium, which has community-developed bindings for React Native and NodeJS. With libsodium, we would probably use ChaCha20-Poly1305 encryption, as the libsodium documentation recommends it over AES-256 GCM.

[wh201906]

we would probably use ChaCha20-Poly1305 encryption

I think the recommended algorithm is XChaCha20-Poly1305 rather than ChaCha20-Poly1305

[laurent22]

Yes that's fine to switch to a different algorithm, especially if it's more secure and performant. Notes encrypted with old algorithms will still be decryptable because we'll leave the decryption methods in.