SAFE eKey Machine - Encryption Information

How the SAFE eKey Machine
and the SAFE eKey encrypted file work

We are not jeopardizing your security by explaining how our product works. Because of the way the SAFE eKey cryptosystem works, knowing how it works won't make it any easier to break the encryption or compromise your information.

Encryption types:

There are two different forms of cryptosystems: symmetric ("secret key") and asymmetric ("public key") ciphers. We use the symmetric system because it offers significantly more protection with the same size key. The problem with using the symmetric system for most forms of encryption is that the symmetric ciphers require both the encrypter and decrypter to have the same set of keys. That makes the decryption harder if the message is to be decrypted by someone else, because you have to deliver the key to him or her before they can unencrypt the message. In our case, the encrypter is the decrypter, and a symmetric cipher works perfectly!

Keys vs. Pass-phrases:

A "pass-phrase" or "password" is not the same thing as a "key." In order to resist assault, all possible keys must be equally probable (random). If some of the keys are more likely to be used than others (called an anticipated pattern), then the attacker can use this information to reduce the work needed to break the cipher.

A true key will always be random. Whereas a pass-phrase generally needs to be remembered easily, so it has significantly less randomness than its length suggests. A 20-letter English phrase, rather than having 20 x 8 = 160 bits of randomness, only has about 20 x 2 = 40 bits of randomness because there are only two types of letters, upper and lowercase.

So, to increase the effectiveness of the cipher, SAFE eKey Machine converts the pass-phrase into a key through a process called "hashing or "key initialization" to take advantage of the full 8 bits available per byte and provide the highest security.

Random Session Keys:

SAFE eKey Machine also uses random session keys. These are temporary keys that are generated specifically for each SAFE eKey when it is made. They are symmetric keys that are specifically generated for each SAFE eKey session and are not repeated in any other SAFE eKeys generated. So, no two SAFE eKeys will ever be alike, even when the same information or the same "Master Password" is used. This means that even if a hacker compromises an eKey, the hack can't be used to open any other SAFE eKey.

Initialization Vectors:

SAFE eKey Machine creates initialization vectors resulting in a less predictable ciphertext message in the SAFE eKey data file. Encrypted files generated from programs like word processors and email have a high degree of predictability about the first part of the message. Hackers could easily break the encrypted message by using this predictability. By using initialization vectors we randomized your information differently each time a SAFE eKey is made, making it just that much harder to crack our cipher.

Secrecy vs. Integrity:

SAFE eKey users aren't concerned with preserving the key code itself since it changes each time a new key is created. What they are concerned with is that their information is protected from identity theft or the ability of someone to get access to their passwords, money, records, etc. Like a modern hotel's electronic door key (that can only be used on a specific hotel room door) a SAFE eKey offer its users a similar functionality and security -- all while being easy-to-use, completely disposable, and very secure.

Can a SAFE eKey be broken?:

Yes, but not very easily, and not even by us - its creator.

We have all heard stories or watched movies where "teenage geniuses" break into business or government computers and steal all of their secrets or wreak havoc. A few years ago that scenario might have been true with the small ciphers used then, but with today's much larger and more elaborate ciphers you're well protected. You really should be more concerned about how venerable you are right now by having weak passwords and not changing them often enough! Using a SAFE eKey will make it easy for you to fortify your passwords to the maximum and change them as often as you like.

Yes it's true; theoretically speaking there isn't a cipher out there that can't be broken. But there are three factors that will deter anyone from successfully breaking most modern day complex ciphers. It takes a lot of money, computing power and time to break a complex cipher, and the type of expertise and resources needed to break a SAFE eKey is limited to a very few professionals.

Not Exportable from the USA:

Strong cryptography like that found in the SAFE eKey Machine are considered dangerous munitions by the United States and requires approval from the US Bureau of Export Administration, under the US Department of Commerce, before it can leave the country. Various interested government agencies serve as consultants to the Bureau of Export Administration when evaluating such requests. As of this date, we have not applied for export approval for the SAFE eKey Machine software.

However, our SAFE eKey executable file is exportable since it does not encrypt data and the executable file is itself encrypted. We have gone to the trouble of encrypting our SAFE eKey executable file so that it can not be reversed engineered by other software companies or hackers.