Level of Resistance against Attacks
Brute Force
EviScramble offers considerable resistance against brute force attacks due to the complexity added to the scrambling process. Even if attackers have access to the scrambled password, they will find it extremely difficult to decipher the secret without the appropriate de-scrambling code. The combination of random characters and the de-scrambling code makes brute force ineffective. Indeed, the scrambled password has a length of 39 characters, which corresponds to an entropy of 256 bits. Entropy is a measure of the uncertainty or disorder of a system. The higher the entropy, the more unpredictable and difficult to guess the system is. To crack a scrambled password by brute force, it would be necessary to test all possible combinations of 39 characters among the 95 printable ASCII characters. The number of possible combinations is 95^39, or about 10^77. This represents an astronomical number, which exceeds the number of atoms in the observable universe. Even with a very powerful computer, capable of testing a billion combinations per second, it would take more than 10^60 years to find the scrambled password. This is much more than the age of the universe, estimated at about 14 billion years. Therefore, EviScramble makes brute force practically impossible, and ensures optimal security for secrets.
Phishing and Social Engineering
Definition and risks
Since the scrambled password is difficult to understand without the de-scrambling code, EviScramble offers protection against phishing and social engineering attacks. Users can share the scrambled password without exposing the secret, thus reducing the risk of accidental disclosure or manipulation by malicious attackers. Phishing is a technique that consists of sending fraudulent messages, often by email, to entice users to reveal their personal or confidential information, such as their passwords, their credit card numbers, etc. Social engineering is a technique that consists of exploiting human psychology, such as trust, curiosity, fear, etc., to influence users to disclose their information or to perform actions that compromise their security.
Solution and benefits
With EviScramble, users do not need to communicate their secret, but only their scrambled password and their de-scrambling code. The scrambled password has no meaning without the de-scrambling code, and the de-scrambling code has no value without the scrambled password. Thus, even if an attacker manages to obtain one or the other of these elements, he will not be able to access the secret or the encrypted data. Moreover, users can choose the mode of transmission of the scrambled password and the de-scrambling code, for example by SMS, by email or by QR code. They can thus avoid potentially compromised or suspicious channels, and verify the identity of their interlocutor. In addition, according to this implementation, neither the password creator, nor the recipient have knowledge of the secret, they use it transparently thanks to the scrambling code they have entered. As a result, they cannot physically transmit to the attacker by phishing or social engineering a non-scrambled secret that they do not have access to, nor have knowledge of. They use it transparently. EviScramble therefore allows users to easily change their scrambled password and de-scrambling code, in case of doubt or suspicion. They can thus strengthen their security and confidence.
Espionage and Man-in-the-Middle Attack
The scrambling and de-scrambling process is performed by a secure application that uses the EviScramble algorithm. The application limits the risks of espionage and man-in-the-middle attacks. The communications between the Password Creator and the Password Recipient are protected by robust security measures, which make it difficult for attackers to intercept or manipulate the data transmitted.
Espionage is a technique that consists of monitoring the activities or communications of users, without their consent, to collect sensitive or confidential information. Man-in-the-middle is a technique that consists of inserting oneself between two parties who communicate, without them realizing it, to listen, modify or divert the data exchanged.
With EviScramble, users do not have to worry about these threats, because their scrambled password and their de-scrambling code are encrypted and secured by the application.
Moreover, the communications between the Password Creator and the Password Recipient are independent of the security protocols used by the networks or servers. Even if these protocols are corrupted or bypassed, this does not affect the security of the secret, because it is scrambled with EviScramble. Thus, EviScramble ensures that the scrambled password and the de-scrambling code are not intercepted or altered by attackers who would place themselves between the Password Creator and the Password Recipient.
Solution and benefits
With EviScramble, the application encrypts the secret and the data with the scrambled password and the de-scrambling code, and transmits them securely to the recipient. The application also verifies the integrity and authenticity of the secret and the data, and decrypts them with the de-scrambling code entered by the recipient. The application prevents any unauthorized access or modification by third parties, and ensures the confidentiality and reliability of the secret and the data. Moreover, the application does not store the secret or the data on the device or on the cloud, but only in a Keystore/Keychain, a secure location for storing encryption keys. The application thus avoids any leakage or hacking of the secret or the data, and allows the user to delete them at any time. EviScramble therefore allows users to secure and share their secret and their data without exposing or entering them in clear, and without being spied on or attacked by malicious actors.