Despite the inherent complexity involving encryption, here is a simple guide to how we protect your information and access to your account:

 

Basic security:

All communications between our users (via the web browser or via our application), the recipients of the messages (when receiving messages) and our service, are always encrypted with an SSL/TLS 2048Bit certificate (asymmetric encryption).

 

All account information and transaction log data are stored in a database fully encrypted with Transparent Data Encryption,  located on the "Microsoft Azure" cloud computing infrastructure in the Netherlands.

Step-by-step security details:

1 - When you create an account

When you create an account you send your Name and Email address through a web browser, through a session encrypted by SSL/TLS. In order to prevent all the data needed to login to your account from being sent over the internet in a single browser session (which could pose a security risk), we decided to split the account creation and password and PIN setting operation into two separate sessions. This way we prevent anyone from obtaining your full login details, also preventing anyone from creating and activating an account on your behalf without your consent and intervention.

Your password, PIN Code, and the answers to security questions are transformed by a Hashing algorithm (PBKDF2 with a 48-bit "Salt") and it is the final value, already transformed, that is stored on our servers. This way, neither we have access to any of your account's security settings.

When you try to log into your account through our website and enter your username and password:

  1. The existence of an account is verified for the user name you entered. If the account is found:
    1. the password you entered will be transformed again by the same algorithm (PBKDF2) and the resulting value will be compared with the one stored in our servers. If you entered the correct password the resulting value will be the same as the one we have stored and the result of the comparison will be positive. An additional authentication code will be sent to you by email. Only after entering this code on the web page you will be granted access.
    2. If the password is different, even in a simple thing like a letter CaSe, the final result will be completely different, so the result of the comparison will be negative. Access will be denied and a generic message will be displayed saying that the information entered is not valid.
  2. If the account does not exist, a generic message will be displayed saying that the entered information is not valid, without specifying if the problem is whether or not the account exists or if an incorrect password has been provided. The “error” message is purposely generic because if it was more specific, anyone trying to find if you have an 3NCRYPT3D account could enter your email and any random password and the service would say that the password is incorrect, so it could be implied that the account exists.
  3. If someone is trying to guess your password your account will be locked for security reasons.

 

When your account is verified (i.e. when you click on the link sent to you asking you to set your password, PIN Code and security questions) a HASH value is created for a series of unique concatenated values. From that value 12 characters are taken and sent to you as your Application Code. This way, the first application you install (Primary Device) can only be installed with this code, making it impossible for any other person to install the application and access your account even if they know your username and password.

 

If you decide to install the application on an additional device you will need to authorize it using the first device you have installed (Primary Device), thus maintaining integrity on which devices are authorized to access your account.

 

2 - When you install the application on the Primary Device

When you install and configure your Primary Device, a unique and unreplicable encryption key is generated, based on various fixed (account, device, etc.) and volatile (date/time related, milliseconds, etc.) information. This key will be used to encrypt all content sent by the application to our servers. We will never have access to this key and, outside the scope of use of the application, it is virtually impossible to decrypt the information encoded with it.

 

This key is the essential security pillar of your stored information and it is very important that you have a backup. When creating the backup you will be asked for a password. This password will be processed by the AES256 encryption algorithm that will generate the encryption key that will be used to encrypt your original key. This makes it impossible for anyone who would obtain this key to use it without knowing the password you used to encrypt it. Still, it is extremely important that you keep this backup file in a safe place because one day you may have to reinstall your device to access your messages (if you have lost the original device) and, without it, it will be impossible to access the original key. If you have the key backed up and you don't remember the password you used to encrypt it, you won't be able to access your information (stored messages) ever again and you will have to delete them.

3 - When using the application

After installing and configuring the application, when you log in:

  • An SSL/TLS 2048 Bit connection is created between the application and our server, providing an encrypted "tunnel" for the transmission of your login data (username and password/PIN).
    1. After the established secure session our server and your device start an additional one-way encryption key exchange (AES256), creating a new encryption tunnel for communication, thus getting all following communication encrypted within 2 tunnels (TLS2048 + AES256).
      • When you create and save a message for a contact:
        • Your application encrypts all message content (subject, content and attachments) with the symmetric encryption key referred to in point 2 (above) and saves the message to our servers.
          • A copy of the message is created for that contact. That copy is encrypted with an encryption key (symmetric) that is generated by using the answers you give to the encryption questions for that contact, with the AES256 algorithm. This copy is stored in a different location until the conditions for sending are met. The original message is encrypted with your key, accessible only to you, accessible on the "Messages" screen of your application.

 

4 - When you access your account via website

You have the option to login to your account via browser so that if, by some reason, you lose access to the application, you can still log in (showing that you are in good health). This way, in a scenario where, for example, you are on holiday in a remote place and your smartphone or laptop is stolen (or damaged irreparably), you can easily go to any Internet-enabled device, log in to your account and de-authorize the stolen or damaged device, while, at the same time, you show that everything is fine with you.

 

When you login on your account via browser you can view some non-editable meta-information and partial information. You can perform some account maintenance operations, but to do so you need to validate all operations by entering your PIN Code. It is purposely not possible to access or create messages or contacts via web browser. As such, if someone had access to your account through a browser they would not see useful information or be able to change any of your settings without knowing your PIN Code.

 

The PIN Code has been designed to validate the transactions in your account whenever they are made through a browser. This way, even if someone had knowledge of your username and password you wouldn't be able to do anything on your account, because all operations require PIN validation. Additionally, you can configure the app to accept the login with your PIN Code instead of the password, which can be useful on devices with small screens.

 

5 - When installing the application on an additional device

When you install the application on an additional device there are three steps you must perform before you can use it to login to your account:

  1. Start the configuration by logging in with your username and password, proving that you know the access credentials to the account you are accessing. If this step fails, the whole process fails.
  2. Authorize the new device by reading a QR code that is generated on your primary device. This way you'll be giving cumulative proof that..:
    1. You know the access credentials to the account you're accessing;
    2. you have authorized access to your primary device. If this step fails, the whole process fails.
  3. Import the existing encryption key into the new device by reading a QR code that is generated on your primary device. This way you will be ensuring that the new application is correctly configured and can decrypt and open your previously encrypted account contents. If this process fails, you can create new messages and change other settings in your account, but all previously created messages (and attached files) will be inaccessible, as the encryption key used to create them is different from the key you are using now. If this happens and you do not have a backup of your corresponding key, you should login to your account through the account site (via browser) and delete the previously created messages as it is totally impossible to access them from that moment on. Note: only messages and files will be deleted. Your contacts and other settings will remain accessible as they are not encrypted with this key.

6 - When you create a message

When you create a message for one or more contacts:

  1. your application encrypts all its content (subject, content and attachments) with the symmetric encryption key and sends the message, already encrypted, to our servers. This message will only be accessible to you through the "Messages" screen of your application.
  2. for every contact who will receive that message:
    1. a copy of the original message is created, which is decrypted (with your key) and re-encrypted with a new encryption key generated from the answers you give to the encryption questions you chose for each contact. The encryption algorithm used is AES256.
    2. This copy of the message is stored in a special location in our database until the conditions are met for it to be sent to its recipient(s).

7 - When a contact of yours receives a message

The recipient of the message will receive an email from our services with a link to your message. This way we control a safe environment for the delivery of messages. When your contact clicks on the link, he is forwarded to a page of ours:

  1. access is secure with SSL/TLS 2048Bit
  2. your contact must enter the correct email address where he received the message. This way we guarantee that if another person, other than the legitimate recipient, had access to the link he would not know how to which email address it was originally sent.
  3. your contact will need to correctly answer all the questions you have set for him. The answers provided are, in essence, the basis for recreating the encryption key originally used to encrypt the message. If, in any way, the provided answers are different from those you provided when you created the message:
    1. the message will not be decrypted;
    2. If your contact gets the answers wrong several times, he will have to wait longer and longer between attempts. The wait time can easily reach months or even years if the wrong answers keep being provided. We implemented this security feature to prevent a potential hacker from attempting to use brute-force attacks (successive attempt-and-failure attacks) on your message.

 

8 - If you forget your password

If you forget your password, you should reset it through the account website, by providing the email address you used to register your account.

 

The webpage will show you a generic message saying that if, in fact, this account exists, a link will be sent to the email address you provided. This message is purposely generic to prevent anyone from trying to find out if an account has been created with your email address.

 

After accessing your email you should click on the link received, which will take you to a page where you should correctly answer the Security Questions (which you have set when you created the account) and choose the new Password. If for any reason you have forgotten the answers you gave to the Security Questions, your account will be permanently inaccessible. If, in a case-by-case analysis, you can provide us with irrefutable evidence that the account does indeed belong to you, we could help you regain access to your account. Always remember that in any case, under the Terms and Conditions of the Service, you are the sole responsible for the proper maintenance and use of your account.

 

9 - If the legal authorities, in the course of a criminal investigation, oblige us to provide access to your account’s contents.

According to the law we would be obliged to give access to your account if a court ordered it. However, since all your messages (subject and body of the message) and attachments are encrypted with encryption keys we don’t have access to, it is impossible to decrypt them unless you personally provide the keys.

So you get an idea, to decrypt an encrypted message with AES256bit:

 

There are about 7,000,000,000 (7 billion) people on the planet. If each of them had 10 computers and each of these computers could test 1,000,000,000 (1 billion) of possible keys per second, then the planet's population working together to decode the message would take 77,000,000,000,000,000,000,000,000,000 years to do.

 

For reasons related to service operation, some of your account information cannot be encrypted with your key:

  • Your name and email address
  • The name of your authorized devices, brand, model and operating system
  • The date and time you logged in, as well as the device you used
  • The name and email address of your contacts
  • Meta-information about messages sent or programmed to your contacts (date/time the message was sent, date/time the message was opened, who was the intended recipient)

 

 

You can read more about our security features here.