Q: What is Vernam IM? What do I do here?
Vernam IM is a messaging app with a focus on security and preventing post-quantum apocalypse.
It uses the Vernam cipher – the only proven unbreakable cipher ("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).
You can use Vernam IM on Android and iOS devices.
With Vernam IM, you can send messages, photos and voice messages encrypted by default.
More information about the Vernam cipher can be found here: https://en.wikipedia.org/wiki/One-time_pad
Q: What PQ Ready means?
PQ stands for Post-Quantum.
All existing messengers use RSA for key exchange.
Today it is unreliable due to the emergence of quantum computers.
According to NIST Post-Quantum Project (https://csrc.nist.gov/projects/post-quantum-cryptography) "…sufficiently large quantum computers will be built to break essentially all public key schemes currently in use."
The importance of the problem is visible by the fact that NIST held the First PQC Standardization Conference in April 2018.
In this report (https://csrc.nist.gov/Presentations/2018/PostQuantum-RSA) we can read:

RSA has tons of mathematical structures and a.
long history of many scary RSA security breaches.
But users keep using RSA.
RSA-512 publicly broken:
"Let's use RSA-768."
RSA-768 publicly broken:
"Let's use RSA-1024."
RSA-2048 publicly broken by quantum computers:
"Yeah, NSA already told us to use RSA-3072."

Vernam IM does not use RSA, so it is fully PQ ready.
Q: Why we don`t use RSA/DH PKI
Because they are unreliable due to the emergence of quantum computers. With the advent of a quantum computer, all systems that contain the RSA as an element of security will lose all meaning. See previous question for details.
Q: Who is Vernam IM for?
Vernam IM is intended for communication with very close relationships only, like family, business partners, couples who need privacy and so on. Vernam IM replicates a private analog conversation digitally
There are no groups at the moment. Person - to - person only.
Q: How is Vernam IM different from WhatsApp, Telegram, Viber etc.?
1.
Unlike all existing messengers, Vernam IM uses the Vernam cipher – the only proven unbreakable cipher ("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).
2.
All existing messengers use RSA for key exchange.
Today it is unreliable due to the emergence of quantum computers.
Vernam IM does not use RSA, so it is fully PQ ready.
3.
Unlike all existing messengers, Vernam IM has no infrastructure at all.
There are no servers which require registration and stored personal data.
Q: How old is Vernam IM?
Vernam IM is a start-up.
Q: Is it available on my device?
You can use Vernam IM on smartphones and tablets. We have apps for iOS (6 and above) and Android (4.1 and up).
Q: Where is Vernam IM based?
The producer of Vernam IM is Winterprise LP, located in Suite 260, 2323 - 32 Avenue N.E., Calgary, Alberta T2E 6Z3, Canada.
E-mail: info@winterpriselp.com
Alberta Registration Date: 2018/05/10
Registration Number: LP21180070

Service Request Number:
28977642
Limited Partnership Name:
WINTERPRISE LP
Nuans Number:
120464674
Nuans Date: 2018/05/09
Home Jurisdiction: ALBERTA
Q: Will you have ads? Or sell my data? Or steal my beloved and enslave my children?
Absolutely not.
Vernam IM does not have any ability to collect any user information. We have no a central server, or any access to message delivery paths because we use third-party services.
In fact, Vernam IM was developed completely independently from outside developers or others.
That`s why only users have full control.
Q: Why is Vernam IM not free like other messengers?
All popular messengers seem like that are really free.
But in fact most of them collect information from their users, like mobile phone number, media files, contacts and more.
In this case, users will not know what will be done with his/her personal data.
"If you get something for free, remember: You are not a customer. You are a commodity"
Security is worth the money, just like you would pay to put an alarm on your car or home to protect your property.
Q: What are your thoughts on Internet privacy?
We think that registration and storage of personal data is unnecessary.
We do not require registration and do not store or process any personal user data.
Therefore, your personal data cannot be stolen or sold.
Q: Is there illegal content on Vernam IM?
Content is what is intended for the public.
All messages in Vernam IM are private amongst participants. No one else can see them.
Q: Do you process data requests?
Vernam IM uses the Vernam cipher, the most secure cipher. Because of this, we do not have any data to disclose.
There is no user data that is not encrypted by the Vernam cipher.
Vernam IM Basics
Q: Who can I write to?
You can write to people you have added to the contact list manually.
You have to create separate contact for each participant.
Q: How do I invite my friends?
Vernam IM is intended for communication with very close relationships only.
First you have to create a shared folder in OneDrive or DropBox and send an invitation to your friend (you have to know his/her e-mail).
Then you have to meet your friend physically and have him/her scan the QR code for the new contact.
This is the only reliable way to exchange keys at the moment. This will give you the safest way to communicate with your partner.
If you can't meet your friend physically, then you can take a screenshot of the QR code, print it on paper and send it to your friend by DHL or other mail service. We recommend that you use a tamper proof courier bags.
Q: How long you keep my messages on your servers?
We have no servers at all.
Your messages are stored in your OneDrive/DropBox shared folder only.
Vernam IM uses this folders only for delivery of your messages.
All messages leave your phone in encrypted form with the help of the Vernam cipher.
After that, Vernam IM uses the synchronization function of OneDrive/DropBox shared folders.
When your interlocutor receives a message on his/her phone, it is immediately deleted from the shared folder.
The average time your encrypted message is stored in the folder is 4 seconds.
Q: Who can see me 'online'?
No one.
Q: How can I see my history?
Vernam IM doesn`t keep any chat history.
When you finish you conversation, your correspondence history will be deleted from your device instantly.
Your next conversation will start without seeing previous messages.
We do not store history anywhere.
Q: Can I make calls via Vernam IM?
Not at the moment, but it may be available in the future.
Q: Why I need an OneDrive/DropBox account?
Vernam IM uses OneDrive/DropBox shared folders as a data channel.
Your message is encrypted and sent to a shared folder.
Your subscriber receives it via Vernam IM from the shared folder and decrypts it.
It's simple!
No extra infrastructure is needed!
Security
Q: How secure is Vernam IM?
Vernam IM is the most secure messenger of all mass - market messengers.
It uses the Vernam cipher - the only proven unbreakable cipher ("Communication Theory of Secrecy Systems", C. E. Shannon, 1949). We do not use RSA or Diffie–Hellman for key exchange. So Vernam IM is fully PQ ready.
Q: What if I need my privacy more than your average user?
Vernam IM (by design) is intended for people who need the highest possible privacy level.
Q: So how do you encrypt data?
We use the Vernam cipher - the only proven unbreakable cipher ("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).
We do not use RSA or Diffie–Hellman for key exchange. Thus, Vernam IM is fully PQ ready.
Q: Why should I trust you?
- We are a fully independent, private company.
- You can scan all your traffic and you will see communication between your device and your OneDrive/DropBox account only.
- We have no ability to collect any user`s personal data.
- The Vernam cipher is a symmetric cipher, which means that the only people with the keys are the people who created them.
- After each conversation all keys which you've used talking are immediately destroyed. Nobody will be able to decrypt your messages. Ever.
Q: What if my hacker friend says they could decipher Vernam IM messages?
It is theoretically impossible ("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).
Bruteforce attacks cannot be applied to this cipher.

Give it a try:
Send "Hello!" (or something else) to your contact when he/she is offline.
Open your shared folder and see "photo15.jpg" or "screenshot32.jpg" file.
Open it in a text editor and see an encrypted "Hello!".
You will see something like this: "0AAAAAHX9zpMhomKwAA4p".
Send this encrypted text to your hacker friend and ask him/her to decrypt it.



Q: Can Vernam IM protect me against everything?
All data (including media and files) that you send and receive via Vernam IM cannot be deciphered when intercepted by your ISP, network administrator, or other third - parties.
The only situation which may be potentially dangerous is such. Vernam IM is running in the background and you lost your device or it has been stolen. In this case a thief can start talking with your subscriber on your behalf.
To avoid this situation, we recommend starting each conversation with a password phrase (you have to arrange this with your partner in advance).
Q: Master key. What is it?
A master key is necessary for encryption of keys which are located on your device directly.
You should invent your personal combination of numbers and letters and enter it at every app start.
A master key is not a password, so if you enter it incorrectly you will not get a warning. However, when you send a message to your subscriber, he/she will see corrupted text or an error message "Message corrupted". So if you receive corrupted text or an error message "Message corrupted" then it means the following:
1. You or your subscriber entered a wrong master key.
2. Your subscriber's device was stolen and someone is trying to find the key illegally.
In both cases, you should check your own master key and connect with your subscriber in another channel and find out what has happened.
Always make sure that you have entered the master key correctly.
Keep in mind that there is no way to restore a master key if you forget it.
Q: Can I use brute force attack to find parameters for key generation?
Yes, you can.
But first compare the number of variants for AES and for our parameters.
AES key length is 256 bit, so the number of variants is equal to 2^256.
To generate a PRN sequence, the Blum-Blum-Shub algorithm requires 3 prime numbers.
Vernam IM selects them from one million prime numbers stored in it's database.
The number of variants is 1000000!/(1000000 – 3)! * 3!) = 999998*999999*1000000/6 = 1.6*10^17 = (approximately) 2^57.
The number of variants for a 2000 bit sequence of true random numbers is 2^2000.
The total number of variants is 2^57 * 2^2000 = 2^2057.
So compare 2^256 (AES) and 2^2057 (Vernam IM) and the conclusion is clear.
Deeper questions
Q: Why not open - source everything?
All code will be released eventually.
We have to earn some money first.
Q: Can I use the Vernam IM API?
No.
Vernam IM has no infrastructure or servers where the software is located.
Q: What is the most probable attack?
The Vernam cipher is theoretically unbreakable.
The most probable attacks are:
- unauthorized access to the device's archive in the cloud or on the local computer (to ensure reliability, you should not create backup copies of the device.)
- some sort of malware which can transfer anything you print to a third - party,
- recorded voice messages using eavesdropping devices,
- unauthorized access to photos that can be automatically saved in cloud services (you must disable automatic saving of photos in cloud services).
Q: Do you have a Privacy Policy?
Sure.It's simple.
We do not require, collect or process any personal data of users.

Q: Can I translate Vernam IM?
Vernam IM is officially available in English at the moment.
But you can write messages in any language.
Other languages will be added in the nearest future.
Q: My phone was stolen. What do I do?
First of all, sorry about your phone.
None of your recently sent messages will be decrypted (keys are one - time and use are destructed right after using).
If Vernam IM was turned off, then there is no danger. To start talking on your behalf, a thief must know your master key.
If Vernam IM was in background mode, then a thief can start talking on your behalf.
To avoid this situation, we recommend starting each talk with a password phrase (you have to arrange this with your partner in advance).
To restore your channels you have to install Vernam IM on the new device and recreate all your channels manually.
Q: How can I move to another device?
You can't. There is no way to transfer data from your current device to the new device. You have to recreate all channels on the new device manually.
Made on
Tilda