<p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>EncroChat® </strong></p><p><strong>Reference &amp; Features Guide </strong></p><p><strong>EncroChatSure.com </strong></p><p>1</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>EncroChat® - Feature List </strong></p><p>2</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>EncroChat® - The Basics </strong></p><p><strong>Question: What are the problems associated with disposable phones which look like a cheap and perfect solution because of a number of free Instant Messaging (IM) apps with built-in encryption? </strong></p><p><strong>Answer: </strong></p><p>Let us point to the Shamir Law which states that the Crypto is not penetrated, but bypassed. At present, the applications available on play store and Apple App store for Instant Messaging (IM) crypto are decent if speaking cryptographically. The problem with these applications is that they run on a network platform which is quite vulnerable. The applications builders usually compromise on the security issues in order to make their application popular. All these </p><p>applications are software solutions and the software’s usually work with other software’s. For </p><p>instance, if one installs these applications then the installed software interfere with the hardware system, the network connected to and the operating system of the device. </p><p>In order to protect the privacy of the individual, it is important to come up with a complete solution rather than a part solution. Generally, the IM applications security implementations are very devastating for the end user because the user usually ignores the surface attacks of the system and the security flaws. When the user looks in the account, they usually find that the product is nothing but a security flaw. Individuals need to remove all things in order to determine the actual expectation from the product. For instance, the hardware like GPS and microphones should be removed. Web browsers, internet explorer, blue tooth capabilities, and SMS platform usually affect the privacy and facilitate Trojans and malware in the device. Antivirus software could however be used to resist the attacks from the malware and protect the system and operating system both. Additional measures to protect the device include using encryption; USB debugging and using secure data wipe capabilities. </p><p>The verification of the user is the most neglected area in the most of the application; however, it is a very important component in communication security. Through verification, it becomes easier to determine whom one is talking to and the chances of attacks become almost negligible. Additionally, this way the attacks severity also reduces manifold. Furthermore, the individuals who promote these products should also be trustworthy. In simple words, if the promoter is trustworthy, the likelihood that the application will be trustworthy becomes high automatically. Do you feel that your interests in privacy are being served when ex-Navy seals (hello, Silent Circle) or the former CEO of IN-Q-TEL an investment arm of CIA (hello, Wickr), and other prominent former members of US government have managed to secure seats on these corporate boards with large investments? Good cryptography is only a part of the security system and not just the whole game. </p><p>3</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong><br><strong>EncroChat® Messaging Protocol vs Off-The-Record Messaging Protocol </strong></p><p><strong>OTR Version 3.0 </strong></p><p>The term OTR stands for ‘’Off the Record Messaging’’. It is nothing but a protocol for cryptography that is used for encrypting instant messages. It comprises of AES symmetric key algorithm, SHA-1 has function and the Diffie Hellman key exchange. </p><p>Key Exchange: </p><p>Diffie-Hellman Group 5 (1536 bit key) Through this method, both parties share a key through the channel of communication. These parties have no knowledge about each other. The key is used for encryptions. The key idea is here is that Bob and Alice indulge in key exchange and then the authentication is done in the communication channel. </p><p>Cipher: </p><p>AES 128 cipher in CTR mode symmetrical key cipher </p><p>Public Key: </p><p>DSA 1024 This is the usual key for authentication only and not for encryption purpose. </p><p>MAC: SHA-1: <br>The message is authenticated via code which ensures integrity of the message. </p><p>Verification: </p><p>This is done manually or via Socialist Millionaires' Protocol (SMP) </p><p><strong>EncroChat® Messaging Protocol </strong></p><p>This protocol provides end to end encryption to users. It includes forward and future secrecy properties. It also has deniability guarantees. Through this protocol, we ensure that the end user does not face problems&nbsp;related to encryption. </p><p>Key Exchange: Elliptical Curve Diffie-Hellman Ephemeral (ECDHE) 25519 (http://safecurves.cr.yp.to/) </p><p>Cipher: AES 256 cipher in CTR mode MAC: HMAC-SHA256 Verification: Performed manually or through Notaries </p><p>4</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong><br><strong>EncroChat® -&nbsp;Welcome to the Evolution of Data Privacy </strong></p><p>The term PGP stands for the ‘’Pretty Good Privacy’’. This is nothing but an encryption tool used for decades in order to protect data. The tool like its name is actually pretty good. However, there are certain drawbacks of the tool as well. </p><p>One key / Non-Reputability: </p><p>For instance, is an encryption key but the limitation is that each user can have one key only. It becomes more problematic if the private key is hacked or exposed, then the attacker can retrieve all messages using that key. Hence, this is a huge limitation. In addition to that, the sender identity and ownership can be checked through the sent message because each message is signed with the user private key. The receiver holds the responsibility for the sender privacy. The receiver usually denies any conversation with the sender when they are having a private conversation so that both remain safe and sound. </p><p>It is the requirement of the system that the user should have one public key in order to communicate privately so that they remain safe. Through this public key, both parties can authenticate each other. In addition to that, this key is of no importance if two people are discussing encryption protocol like PGP. As per the developer view at EncroChat, the problem of encryption is in implementation and not in the development phase. </p><p><em>As per the Shamir Law, the attacker simply bypasses the cryptography. Additionally, the hackers of the modern day software usually penetrate the system through the cryptanalysis. However, there are other simpler ways to attack and break the system as well. </em></p><p>Why users should use <strong>EncroChat®</strong>? </p><p>The best thing <strong>EncroChat® </strong>is that it is equipped with all the security measures. It does not protect partial security rather it is an end to end security system. Being a software system, this software interacts with the other software applications, the network of the system and the operating system. The system is very much useful and the developers ensured that the system integrity is the primary responsibility. For this purpose, the developers ensured that the software is capable of securing the hardware, the operating system, the software applications, the data transit, and the servers. The developers also know that they must secure these aspects in order to satisfy the customers. The end-to-end encryption security mechanism is the unique selling preposition of the system. </p><p>5</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>EncroChat® </strong>protects conversations with the following four <strong>Tenets: </strong></p><p>1. <strong>Perfect forward secrecy</strong>: a different set of keys is used to encrypt each message session. <br>In addition to that, if there is a repetition of the key then the previous message is not replaced with the new message. </p><p>2. <strong>Repudiable authentication</strong>: there is no digital signature that can be misused by the third party but the party remains assured as to whom they are talking to. Therefore, it works two ways. </p><p>3. <strong>Deniability</strong>: once the conversation is over, it may be possible that the message may be forged by the third party but during conversation, it cannot happen. Everything is done in the real time. </p><p>4. <strong>Encryption strength</strong>: as compared to the algorithms employed by the PGP, the <br><strong>EncroChat® </strong>is stronger. Different families of mathematics are used to develop this strong algorithm so that there is no mismanagement and the encryption algorithm remains unsolved. </p><p>6</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong><br><strong>EncroChat® Features </strong></p><p>There are different features of <strong>EncroChat®</strong>. The following are the main features </p><p>1. Advanced Off-The-Record (OTR) Protocol: </p><p>This is equal to the conversation between two individuals. This protocol offered by us is very different and useful as compared to the competitors. We offer future secrecy to the client so that they remain satisfied. </p><p>2. Guarantee Anonymity: </p><p>There is no method to associate any device or sim card to the customer account. </p><p>3. Virtual private network: </p><p>When the data is transferred to offshore data-center, then the user traffic is verified and encrypted to protect the customer data. </p><p>4. Customized Android Platform: </p><p>The data starts to be encrypted once the power is on. The focus is on user privacy. The settings are user friendly. </p><p>5. Industry Leading Hardware: </p><p>The goal of the product is to maintain security. The product is customized in order to improve security. The camera, microphone, and GPS could be removed for better security. </p><p>6. Global service: </p><p>The product is global and more than 120 countries Sims are protected. Additionally, Quad-band GSM, UMTS and CDMA are also supported. </p><p>7. Self-destructive message: </p><p>The user has the option to delete their message from other user device due to our advance burn function. This is done by a timer count down. </p><p>8. Panic wipe: </p><p>The device data can wipe off from a screen lock by typing in the secret PIN. </p><p>9. Password wipe: </p><p>In case the password is entered wrongly several times, all data is wiped off. </p><p>10. Simple verification of contacts: </p><p>The Notary verification process facilitates end user encryption </p><p>7</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p>11. Tamper proofing: The product attached ADB connectivity </p><p>12. Secure Boot: </p><p>When the device is booted, the system checks internally in case if there is a tampering in the device. If found any tampering, then the device becomes locked. </p><p>13. Updates: </p><p>The system regularly updates itself from the <strong>EncroChat</strong>® site. <br>The goal of <strong>EncroChat® </strong>is to simplify the process of encryption for the end user. Once the power is on, the device starts to be encrypted. The clients have the facility to negotiate the keys as per their convenience. Additionally, the client can trust on the server as the server does not store or read the user data. Everything is protected and safe and sound. </p><p>8</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong><br><strong>EncroTalk® </strong></p><p>Voice over IP is usually used these days by most of the telecommunication applications. The Real time transfer protocol is also used in telecommunication over the internet. The VoIP/RTP has replaced the traditional analog telephones too. It is age of digital technology and the telecommunication technology uses that technology too. Through VoIP/RTP, the quality of conversation has become clear and quick. The traditional telephones these days usually are still not very clear as compared to VoIP/RTP. The conversations become secure and protected only the protocol used is safe and implemented properly. </p><p>Through Encro<strong>Talk®</strong>, the ZRTP protocol is used to encrypt all conversations and the data is transmitted through close loop network. The subscribers cannot call for pizza but all subscribers on Encro<strong>Talk® </strong>system can be reached easily. Our company uses VoIP switches based on Malaysia, Netherland, Canada, and Romania. Every user of the system can invite others on the network and can contact them irrespective of the residence of the user. Most of our customers are located worldwide. However, mostly they reside in China and Australia. These users can easily communicate with users in South America and Canada through <strong>EncroChat®</strong>. The voice quality is very clear. </p><p>The Meta data is first obfuscated in our system in order to protect the users. The VoIP switches then encrypt the call setup and thus the users cannot trace each other at any cost. Additionally, the VoIP is like a transmitter that transmits data from one place to other using complex mathematical algorithms. One the keys are negotiated by the users, the system uses the audio channel to compare data and protect the system from the attacks of Man-in-the-Middle (MitM). This way the whole process becomes safe. In case there is any detection of attack or fraud, the system determines it and ensures the integrity of the system. </p><p>Additionally, the users of the Encro<strong>Talk® </strong>application usually negotiate keys on its own so that no one else knows the keys and the system remain encrypted from end to end. Furthermore, the ZRTP implementation does not store the keys in the memory. The memory becomes clear soon after the process comes to end so that there is no problem in the system and the user privacy could be maintained. A Retained Secret (RS) code is saved on each device after the first call between two users of Encro<strong>Talk® </strong>and after this on every future call; the code detects any attacks and warns the users. Additionally, a perfect forward secrecy (PFS) code is also employed which supports the call integrity and destroys the meaning keys after the call is ended. </p><p>9</p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>1. Registration 2. Key&nbsp;Exchange </strong></p><p><strong>Shared Secret </strong></p><p>Triple Elliptic Curve Diffie-Hellman Ephemeral 25519 (ECDH) </p><p>key exchange. Provides both <strong>forward </strong>and <strong>future </strong>secrecy </p><p><strong>3. Key&nbsp;Management (axolotol ratchet) </strong></p><p>A new encryption key is generated for next message after every sent and received encrypted message. Old encryption keys becomes obsolete immediately and are discarded. </p><p><strong>4. Stateful&nbsp;Authenticated Encryption </strong></p><p>From key management, encrypted message is generated by using ephemeral AES 256 cipher in CTR mode. HMACSHA 256 guarantees integrity and authenticity. </p><p><strong>5. Verification&nbsp;– Manual or Notary </strong></p><p>From key management, encrypted message is generated by using ephemeral AES 256 cipher in CTR mode. HMACSHA 256 guarantees integrity and authenticity. </p><p>10 </p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>Bob </strong></p><p><strong>receives subscription request </strong></p><p><strong>Alice </strong></p><p><strong>and accepts it </strong></p><p></p><ul style="display: flex;"><li style="flex:1"><strong>Bob </strong></li><li style="flex:1"><strong>Alice </strong></li></ul><p></p><p><strong>from </strong></p><p><strong>Subscription request </strong></p><p><strong>Bob </strong></p><p><strong>receives subscription request accepts it from Eve and </strong></p><p><strong>Eve </strong><br><strong>Bob </strong></p><p><strong>Subscription request </strong></p><p><strong>Bob </strong></p><p><strong>and Alice verify security </strong></p><ul style="display: flex;"><li style="flex:1"><strong>fingerprints manually using a </strong></li><li style="flex:1"><strong>secure </strong></li></ul><p><strong>secondary channel like VOIP or in person </strong></p><p><strong>Bob </strong><br><strong>Alice </strong></p><p><strong>Verified &amp; Notary </strong></p><p><strong>Bob and Eve verify security fingerprints manually using a secure secondary channel like VOIP or in person </strong></p><p>11 </p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>Eve </strong><br><strong>Bob </strong></p><p><strong>Verified &amp; Notary </strong></p><p>12 </p><p><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>Bob is a notary for Alice and Eve. Both are verified on his contact list </strong></p><p><strong>Bob </strong><br><strong>Contact list </strong></p><p></p><p><strong>Alice Eve </strong></p><p><strong>Eve sends subscription request to Alice who accepts. Both users add each other to their respective contact lists unverified </strong></p><p><strong>Eve </strong><br><strong>Alice </strong></p><p><strong>Subscription Request &amp; Accepted </strong></p><p><strong>Contact list </strong><br><strong>Contact list </strong></p><p></p><p><strong>Bob Eve </strong></p><p></p><p><strong>Bob Alice </strong></p><p><strong>Eve is a notary for Bob. He is verified </strong><br><strong>Alice is a notary for Bob. He is verified </strong></p><p><strong>on her list. </strong></p><p>13 </p><p><strong>on her list. </strong><br><strong>EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! EncroChatSure.com .&nbsp;. .&nbsp;Better Sure than sorry! </strong></p><p><strong>Bob </strong></p><p><strong>3. Eve&nbsp;verifies security fingerprints and responds to Bob </strong></p><p><strong>4. Bob&nbsp;relays back to Alice </strong></p>