There are already several good email encryption programs available. They are very easy to use, are often built in the email program itself, and some even allow saving of the single password, so it only needs to be entered once. Why would anybody ever want to use Ghostphrase?

 

Ghostphrase was developed with one priority: safety.

Our philosophy will always be: it does not matter how many times you layer different public key algorithms over each other, as long as you are using an ordinary keyboard to enter the single required password, and your clear text message, using an on-line computer, you are not safe enough!

 

Ghostphrase has a mouse-clicked keyboard which makes it impossible to log key strokes with most of the common key stroke loggers. The input clear text is not visible, which makes screen shot collectors pretty harmless at the encryption stage.

 

Most of the major competitor email encryption programs employ master keys and password retrieval options. This is of course very unsafe. How can you trust the one(s) reading all the mail? What happens when someone steals the master key or hacks the password database? GHOSTPHRASE does not employ any of those dangerous options, but instead encourages usage in small communication units. Each unit can be as small as one pair of contacts, with unique key sets.

 

The Ghostphrase cipher employs a bit size many times in excess of currently recommended bit size for both symmetric and asymmetric ciphers. In addition, safety is ensured by generating a large excess of random changes that makes it very difficult for crackers. For the max size message of 2000 characters, there is a 70-fold excess of random changes. For smaller messages, the excess is even larger. For a 100-character message, there is a 1440-fold excess random changes.

 

Ghostphrase employs several different keys. The more often these are updated, the safer it gets. There is the large internal key made from 6000 die rolls with 20-sided dice. There is the Message key of 24 random digits, which should ideally be unique for each message. The Link password is intended to be shared only once, at the establishment of a new contact or small group of contacts. It is good practice to communicate only with people you know and trust. There is great safety in having many different channels of communication, and in using a fresh key for each message, and a fresh key for each contact. This way, a cracker has to monitor so many channels that it becomes very expensive, complicated, and time consuming. In addition, any one password stolen cannot help to decipher the next message or any past message. By contrast, for a cracker of many public key methods, there is only one password to steal, and then the cracker has immediate access to all messages sent and received by that person.

 

Registered users of Ghostphrase can utilize an added security level: the updated large internal keys. With the "Silver" registration, these updates appear regularily on a web page, from where registered users can download. After some time, the update is removed and replaced with a fresh update. The link address changes frequently, and only registered users are notified of the new links. This allows registered users to keep several versions of Ghostphrase and switch between them in a fashion to further increase encryption strength. The "Gold" registration option is a personal subscription of unique internal keys only sent on CD by mail. The NEW "Steel" option offers 48000-bit strength for anonymous users. Visit ghostphrase.com often to catch the briefly posted unique Steel editions!  

 

The Ghostphrase internal keys are generated by rolling real physical 20-sided dice. The reason? They are very good generators of true random numbers. Most of the commonly used computer random number generators are only pseudo random, that is, they tend to create repeated patterns and predictability, something one does not want in encryption software. We strongly recommend using one or several 20-sided dice for creation of the Message keys. Such dice can be obtained for a cheap price in most toy or game stores. Registered users of Ghostphrase get one of these after registration.

 

A Ghostphrase encrypted message will be destroyed if it is older than two days, or if its name was altered. Also, each time Ghostphrase is run, previous clear texts are destroyed.

 

So, yes, Ghostphrase takes time to use. You have to click in your message  with the mouse button. You have to enter three passwords each run, and you should have alternate ways of distributing some of them to your contacts.

 

But in return you get to exchange messages with much, much higher degree of confidentiality than what most other software can offer.

 

                         

 

                                   

 

 

TECHICAL DETAILS:

GHOSTPHRASE is a symmetric cipher that employs true random numbers from 20-sided dice. The encryption algorithm is a mix of a stream cipher with several single-use key options and a large excess of random changes. The algorithm includes two of the passwords, part of each message, a large internal key, and the date. The encrypted text is furthermore drowned in an over 70-fold excess of random changes. There is an internal, pre-generated 48000-bit key, which can be changed on a regular basis for paying users. With the message-specific 192-bit key and a 160- to 640-bit Link password, unique for each of your contacts, the total key size comes to over 48300 bits. The encrypted message will be destroyed if decryption is delayed over two days, if the wrong Message key or Link password were used, or if the crypt file name was altered. Clear texts are destroyed before next message can be read or written. Messages are destroyed directly after decryption. There is a limit of number of decryptions and encryptions per day (four for free versions, 200 for pay versions). These precautions should make Ghostphrase fairly resistant to keyboard loggers, differential attacks, power attacks, brute-force attacks, man-in-the-middle attacks, and protect your copy of the tool from unauthorized use.