-
Introduction
- Triple Layer Crypto-Laminate
- 1 Pass Phrase = 6 Keys
- Nothing is Saved in Memory
- Automatic Self-Test
- No Substitute for Face Time
-
CryptoSMS messages
- Chat-like Interface
- Encrypt/Send CryptoSMS
- Receive/Decrypt CryptoSMS
- Replying to a CryptoSMS
- Saving the CryptoSMS list
- Loading the CryptoSMS list
- CryptoSMS delivery report
- CryptoSMS performance
-
Registering your CryptoSMS
- Contacting the Designers
CryptoSMS is designed to secure SMS messages, for even the most paranoid of users. Encrypted SMS is becoming increasingly important as the examples of SMS intrusion, snooping, and interception multiply.
Everyone loves mobile phone text messages a.k.a Short Message Service (SMS). These small email-like notes are discreet, direct, and instantaneous; but at the same time, surprisingly insecure, as this statement from a leading security researcher testifies:
The contents of SMS messages are known to the network operator's systems and personnel. Therefore, SMS is not an appropriate technology for secure communications. Most users do not realise how easy it may be to intercept.
You probably heard the stories, and may have even read the published transcripts, of intercepted and incriminating SMS text sent between famous and notorious alike. Recent examples include a breach of trust by two O2 workers, a prince & his commoner mistress, a footballer & his personal "assistant", a punk rocker mistaken for a terrorist, or that gang of cricketers & their game-fixing mobsters.
In all five of these cases, CryptoSMS could have facilitated the exchange of private, snooper-free text. CryptoSMS can keep eavesdroppers, intruders, paparazzi, stalkers, and other "monitors" out of your business.
CryptoSMS combines the discretion and mobility of "texting" with the privacy and security of modern cryptography.
Fast proliferation of info technology exposes private data to breaches of security. Unfortunately, the single layer encryption tools that are available on the market today are unable to provide a level of security sufficient to protect us from eavesdropping.
CryptoSMS is the only privacy system which uses three overlapping strong encryption schemes, employing both block and stream ciphers. A "crypto" SMS is a Short Message that has been thrice encrypted using Blowfish over ARC4 over 3IDEA, providing a triple layer Crypto-Laminate composed of a stream cipher sandwiched between two block ciphers.
These 3 algorithms have stood the test of time, resisting cryptanalysis by the best mathematicians in the world; and when applied on top of one another, provide unprecedented security.
Your pass phrase is digested by six different one-way hash functions to produce 1088 bits of unpredictable key material, providing for a very large number of possible keys (3.31e+327). This number is so huge as to make it a formidable obstacle to brute force attacks, which is one of the many advantages to multi-pass encryption.
These six keys are used in pairs to drive the Crypto-Laminate described above. Blowfish, ARC4, and 3IDEA use 416, 288, and 384 key bits respectively; meaning that each cipher is running at its full strength. Each one has its own unique random Initialisation Vector (or IV), which the block ciphers use for Cipher Block Chaining (or CBC) and the stream cipher uses as its Nonce.
What all this crypto-jargon implies is that no corners have been cut to make CryptoSMS run faster. The privacy of your short messages is our only concern.
Security is further enhanced by the fact that CryptoSMS saves no keyrings, passphrases, or messages of any kind. Nothing is kept permanently in your PocketPC's memory and all temporaries are overwritten seven times prior to deallocation.
At the end of each CryptoSMS "chat" session, simply tap CryptoSMS > Exit to stop the program and destroy all traces of the "text" messages sent/received. It is as though that conversation never happened, and nothing lingers to prove otherwise.
Most encryption programs add a common header to the beginning of each message before encryption for the purpose of later identifying it as ciphertext/plaintext (encrypted/decrypted). CryptoSMS differs by storing a Message Authentication Code (MAC) in the ciphertext for identification, therefore, no message can be proven encrypted without the correct password. This allows for deniability in areas where use of strong encryption will get you in trouble.
CryptoSMS performs a complete self-test on every startup, wherein all internal routines are forced to process pre-configured test vectors. All cryptographic primitives must pass this initialisation test, or CryptoSMS refuses to run. This ensures CryptoSMS can detect when it has been corrupted or otherwise damaged, enabling it to protect itself against viral infections, trojan horses, and other back-door attacks.
If you and your SMS penpals have met face-to-face, and you agreed upon an unguessable pass phrase, CryptoSMS will allow you to transmit short messages with the utmost privacy. Simply put, there is no substitute for meeting in person to choose passwords. Security, that is otherwise tight, is often breached by eavesdropping of transmitted passwords.
A "cryptographically strong" pass phrase is one that contains upper and lower case letters, numbers, and punctuation, as well as being longer than 20 or 30 characters. This may be hard to think up, and even harder to remember, but if your life and/or freedom depends on the security of your messages, then please pay careful attention to these recommendations.
The security provided by CryptoSMS is only as strong as the pass phrase you choose.
Can you pass the password safety test?
CryptoSMS messages are sent/received via the standard Short Message Service (SMS) mechanisms. As a consequence, they are billed at your usual rate and will appear on your service statements as regular text messages. CryptoSMS supports "larger" content (also known as LMS, long SMS, or concatenated SMS) allowing you to send messages up to 1000 characters in length. This is done by segmenting over multiple messages and will therefore increase in cost proportionally (at the rate of about 1 extra SMS per 100 characters).
CryptoSMS operates like a typical "chat" program, meaning that you will see a scrolling list of messages, and you can view & respond to them in any order.
There are two panes in the main CryptoSMS window:
The upper one is the message list, showing a timestamp & the first 20 or 30 characters of the message body. The lower pane shows the full message content. Between the two is a field that displays the sender's phone number, and another that accepts a passphrase.
To create a CryptoSMS, tap Message > New Message and the Send CryptoSMS form will appear:
Fill in the recipient's phone number and the pass phrase you share with this person, then enter a message body in the big "edit" box.
If the recipient's phone number is in the Contacts database, then enter two non-numeric characters into the Number field, and a fly up menu will appear listing all Contacts whose First, Last, or Company name begins with those two letters.
If you need to confirm what you entered as a pass phrase, check the Show box and the asterisks (*'s) will disappear.
Should you want to be notified of this message's disposition (i.e. receive a return receipt), then check the Stat Rep box.
When you are sending a message longer than 100 characters, check the LMS ok box; but both the sender's and the receiver's devices must support this.
After the form is filled out, tap the Send button and the CryptoSMS message will be sent. A confirmation of the message's size, ID#, and contents will be displayed when it has been accepted by your SMS Center.
When an incoming CryptoSMS arrives, it will appear in the message list.
You can view messages in the list by tapping them. If they have not been decrypted yet, the password field will become active. Tap in your passphrase then hit Return, and the message will decrypt.
To reply to a previously received CryptoSMS, select the message you want to respond to, then tap Message > Reply. The Send CryptoSMS form will appear, with the Number & Password fields already filled out. Tap in the message body you want to send, then click Send. As described above, you will see a confirmation box when the message has been sent.
In normal operation, messages are saved in transient memory, and the message list is shredded when CryptoSMS exits (as discussed above). In this way, no trace of any CryptoSMS "conversation" is left behind.
Be that as it may, there are times when you want to leave something behind, when you need to save a conversation or pass some info to another program.
You can save a plain text copy of the current message list by tapping Message > Save ClearText, and a file save box will appear which allows you to save an unencrypted text file (.TXT).
Since this procedure saves a visible copy of the CryptoSMS messages, it should normally be avoided and used only when absolutely necessary.
For the occasions where a conversation must be saved and also kept private, tap Message > Save CryptoText, and a file save box will appear which allows you to save an encrypted "anti" file (.ANT), with whatever name you like. This file encapsulates the current message list, and can be decrypted later using the same password, as described next. This is the preferred method for saving CryptoSMS messages.
When you want to reload a previously stored message list, enter the pass phrase that was in use when you saved it, then tap Message > Load CryptoText. A file open box will appear which allows you to open the encrypted "anti" file (.ANT) of your choice.
Assuming you provlded the correct password, the message list will fill up, and you can pick up this conversation where it left off.
To check the delivery status of the last CryptoSMS you sent, tap Message > Status Report . This report will not exist unless you requested it when the message was sent.
To see a report of the CPU time consumed by each algorithm, tap CryptoSMS > Timers :
This report shows the last/total bytes processed & milliseconds used by the six (6) hashing routines and the three (3) ciphers.
Unregistered copies of CryptoSMS have a pass phrase size limit of three (3) characters, which isn't as secure as it could be.
To purchase a registration code that will remove all nag boxes, entitle you to future upgrades, and allow you to send secure short messages without any limitation on the length of your pass phrase, simply visit:
When registering your copy of CryptoSMS, please be careful to provide your 8-digit SystemID number exactly as it appears in the CryptoSMS registration dialog. The registration code for your device can not be computed without it.
To see your CryptoSMS SystemID number, tap CryptoSMS > Register, and the rego box will appear:
It is also important that you include a valid destination for the rego code to be sent to, either an email address or a mobile phone number.
Registration codes are computed daily, so you can expect to receive yours within 24 hours. If you provide a mobile phone number, your code will be sent by CryptoSMS and your registration will be instant, automatic, and very private. Should you prefer to receive your code by email, just follow the directions contained in the registration message.
You can get in touch with the designers of CryptoSMS by email: 
All correspondence is appreciated, and every one will receive a speedy reply.