Welcome to this space dedicated to our post-quantum EviScramble technology. EviScramble is a new and patented technique developed by Freemindtronic. It can scramble any type of secret, such as passwords, encryption keys, SSH keys, passcodes, and more. It does this by adding random characters and using a position code. EviScramble improves the security and confidentiality of secrets, especially against quantum attacks. It also simplifies their secure sharing. In this article, we will explain how EviScramble works, what its functions are, and how it compares to other technologies. We will also show you some use cases and real-world examples of EviScramble. One of them is an example implementation on AES-128, a symmetric encryption key that uses the AES algorithm with a key size of 128 bits. We hope this article will help you understand the benefits and features of EviScramble, and how it can revolutionize the security of secrets displayed clearly on a screen for all to see.
EviScramble is a technique that can scramble any type of secret, such as passwords, encryption keys, SSH keys, access codes, and more, by adding random characters and using a position code. The position code indicates the number and locations of the characters to be removed to reconstitute the original secret. The scrambled secret and the position code can be transmitted to the recipient, who can use a dedicated application to enter the code and retrieve the original secret. The secret can then be used for its intended purpose, such as securing an encryption key.
EviScramble is a technology that works without a server or a database in real time. It uses secure enclaves, such as the Keychain/Keystore of Android or iPhone phones, or HSM or NFC HSM devices, to store the segment that acts as the key for scrambling and de-scrambling. This segment is a part of the position code that shows which characters to remove to restore the original secret. EviScramble enhances the security level, by naturally and effectively preventing many remote, close-range or spying attacks. In fact, EviScramble never stores the secret in plain text in a computer, phone or information system. The user does not need to know it to use it. They just need to have the scrambling code in a NFC HSM and/or HSM and/or Keychain and/or Keystore. EviScramble provides a simple, fast and secure way to scramble and de-scramble any kind of secret, without relying on a server or a database. EviScramble lowers the costs, risks and complexity involved in managing secrets.
Serverless and databaseless technology also protects against sophisticated attacks that target servers and databases, such as SQL injection, denial-of-service, ransomware, phishing, etc. These attacks are impossible with EviScramble, because it does not use any server or database to operate. EviScramble always keeps the secret scrambled, without needing it to be in plain text. The only requirement is that the key segment (scrambling) and de-scrambling code is secured in a NFC HSM and/or HSM and/or Keychain and/or Keystore of the Android or iPhone phone.
How EviScramble prevents server and database attacks
EviScramble is a serverless and databaseless technology that scrambles and de-scrambles secrets in real time. It uses secure enclaves, such as the Keychain/Keystore of Android or iPhone phones, or HSM or NFC HSM devices, to store the key segment that is used for scrambling and de-scrambling. This key segment is a part of the position code that shows which characters to remove to restore the original secret. EviScramble does not store the secret in plain text in any computer, phone or information system. The user does not need to know the secret to use it. They just need to have the scrambling code in a NFC HSM and/or HSM and/or Keychain and/or Keystore.
By using this technology, EviScramble protects against various attacks that target servers and databases, such as:
EviScramble offers considerable resistance against brute force attacks due to the complexity added to the scrambling process. Even if attackers have access to the scrambled password, they will find it extremely difficult to decipher the secret without the appropriate de-scrambling code. The combination of random characters and the de-scrambling code makes brute force ineffective. Indeed, the scrambled password has a length of 39 characters, which corresponds to an entropy of 256 bits. Entropy is a measure of the uncertainty or disorder of a system. The higher the entropy, the more unpredictable and difficult to guess the system is. To crack a scrambled password by brute force, it would be necessary to test all possible combinations of 39 characters among the 95 printable ASCII characters. The number of possible combinations is 95^39, or about 10^77. This represents an astronomical number, which exceeds the number of atoms in the observable universe. Even with a very powerful computer, capable of testing a billion combinations per second, it would take more than 10^60 years to find the scrambled password. This is much more than the age of the universe, estimated at about 14 billion years. Therefore, EviScramble makes brute force practically impossible, and ensures optimal security for secrets.
Since the scrambled password is difficult to understand without the de-scrambling code, EviScramble offers protection against phishing and social engineering attacks. Users can share the scrambled password without exposing the secret, thus reducing the risk of accidental disclosure or manipulation by malicious attackers. Phishing is a technique that consists of sending fraudulent messages, often by email, to entice users to reveal their personal or confidential information, such as their passwords, their credit card numbers, etc. Social engineering is a technique that consists of exploiting human psychology, such as trust, curiosity, fear, etc., to influence users to disclose their information or to perform actions that compromise their security.
With EviScramble, users do not need to communicate their secret, but only their scrambled password and their de-scrambling code. The scrambled password has no meaning without the de-scrambling code, and the de-scrambling code has no value without the scrambled password. Thus, even if an attacker manages to obtain one or the other of these elements, he will not be able to access the secret or the encrypted data. Moreover, users can choose the mode of transmission of the scrambled password and the de-scrambling code, for example by SMS, by email or by QR code. They can thus avoid potentially compromised or suspicious channels, and verify the identity of their interlocutor. In addition, according to this implementation, neither the password creator, nor the recipient have knowledge of the secret, they use it transparently thanks to the scrambling code they have entered. As a result, they cannot physically transmit to the attacker by phishing or social engineering a non-scrambled secret that they do not have access to, nor have knowledge of. They use it transparently. EviScramble therefore allows users to easily change their scrambled password and de-scrambling code, in case of doubt or suspicion. They can thus strengthen their security and confidence.
The scrambling and de-scrambling process is performed by a secure application that uses the EviScramble algorithm. The application limits the risks of espionage and man-in-the-middle attacks. The communications between the Password Creator and the Password Recipient are protected by robust security measures, which make it difficult for attackers to intercept or manipulate the data transmitted.
Espionage is a technique that consists of monitoring the activities or communications of users, without their consent, to collect sensitive or confidential information. Man-in-the-middle is a technique that consists of inserting oneself between two parties who communicate, without them realizing it, to listen, modify or divert the data exchanged.
With EviScramble, users do not have to worry about these threats, because their scrambled password and their de-scrambling code are encrypted and secured by the application.
Moreover, the communications between the Password Creator and the Password Recipient are independent of the security protocols used by the networks or servers. Even if these protocols are corrupted or bypassed, this does not affect the security of the secret, because it is scrambled with EviScramble. Thus, EviScramble ensures that the scrambled password and the de-scrambling code are not intercepted or altered by attackers who would place themselves between the Password Creator and the Password Recipient.
With EviScramble, the application encrypts the secret and the data with the scrambled password and the de-scrambling code, and transmits them securely to the recipient. The application also verifies the integrity and authenticity of the secret and the data, and decrypts them with the de-scrambling code entered by the recipient. The application prevents any unauthorized access or modification by third parties, and ensures the confidentiality and reliability of the secret and the data. Moreover, the application does not store the secret or the data on the device or on the cloud, but only in a Keystore/Keychain, a secure location for storing encryption keys. The application thus avoids any leakage or hacking of the secret or the data, and allows the user to delete them at any time. EviScramble therefore allows users to secure and share their secret and their data without exposing or entering them in clear, and without being spied on or attacked by malicious actors.
EviScramble works by performing four main functions: secret generation, secret scrambling, secret de-scrambling, and secret verification. These functions are performed by a robust algorithm that ensures the security and integrity of the secret throughout the process. The algorithm can generate a random secret on an ascii base of 95 printable characters, or use an existing secret provided by the user. The algorithm then adds random characters on the same base between the original characters of the secret, and determines the number and locations of the added characters. The algorithm then generates a position code that indicates the positions of the characters to be removed to reconstitute the original secret. The position code can also be freely chosen by the user. The algorithm then transmits the scrambled secret and the position code to the recipient, who can use a dedicated application to enter the code and retrieve the original secret. The algorithm then verifies the secret by the application, and uses it for its intended purpose, such as securing an encryption key. The algorithm then transmits the encryption key to the recipient, who can use the secret to decrypt it. The algorithm then stores the encryption key in a Keystore/ keychain, a secure location for storing encryption keys.
EviScramble has four main functions: secret generation, secret scrambling, secret de-scrambling, and secret verification. These functions are performed by a robust algorithm that ensures the security and integrity of the secret throughout the process. The following table summarizes the main features and benefits of each function:
| Function | Feature | Benefit |
|---|---|---|
| Generation of the secret | Generates a random secret on an ascii base of 95 printable characters, or uses an existing secret provided by the user | Creates a strong and unique secret that resists brute force or dictionary attacks |
| Scrambling of the secret | Adds random characters on the same base between the characters of the original secret, and determines the number and locations of the added characters | Adds a layer of obscurity that makes the secret incomprehensible and unpredictable for attackers |
| De-scrambling of the secret | Generates a position code that indicates the positions of the characters to remove to reconstitute the original secret, or uses a position code freely chosen by the user | Allows the user to control the level of complexity and security of the secret, and to share it easily without exposing it |
| Verification of the secret | Transmits the scrambled secret and the position code to the recipient, who can use a dedicated application to enter the code and retrieve the original secret | Ensures the integrity and confidentiality of the secret, and prevents unauthorized access or manipulation by malicious actors |
EviScramble is a versatile technique that can be integrated into different products and technologies that need to secure and share secrets. Some examples of using EviScramble are:
EviScramble stands out from other technologies that aim to secure and share secrets, such as:
EviScramble can be used in various contexts and industries to secure and share secrets, such as:
EviScramble is a patented innovation that is protected by a patent filed on February 27, 2017 in France and on February 26, 2018 internationally (WO2018154258A12).
Issued internationally in regions including the European Union, the United States (US20210136579), South Korea, Japan, China, and Algeria.
System Overview: This system is designed for authenticating applications accessible via a computer, where access is controlled by an authentication datum.
The system involves a main mobile device and a main token, with the authentication datum recorded on the main token. The main mobile device recovers the authentication datum from the main token using a pairing key segmented into multiple parts.
The authentication method with segmented keys by coded removal of added segments, which includes:
In summary, EviScramble is a groundbreaking technique that can obfuscate any type of secret, ensuring its security and privacy while simplifying its sharing. By using innovative algorithms and user-friendly applications, EviScramble revolutionizes encryption practices, providing robust protection against a wide range of cyber threats. EviScramble is a patented innovation that is compatible with different platforms and contexts, and can be applied to various types of secrets, such as passwords, encryption keys, SSH keys, access codes, and more. EviScramble is the ultimate technique to obfuscate any type of secret.
