Frequently Asked Questions

Q: What is Vernam IM? What do I do here?

Vernam IM is the most secured messaging app with a focus on security
and preventing the post-quantum apocalypse.

It uses the Vernam cipher – the only proven unbreakable cipher
("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).

You can use Vernam IM on Android and iOS devices. With Vernam IM,
you can send messages, photos and voice messages encrypted by default.

More information about the Vernam cipher can be found here:
https://en.wikipedia.org/wiki/One-time_pad
Q: What PQ Ready means?
PQ stands for Post-Quantum.
All existing messengers use RSA for key exchange.

Today it is unreliable due to the emergence of quantum computers.
According to NIST Post-Quantum Project
(https://csrc.nist.gov/projects/post-quantum-cryptography) "…sufficiently
large quantum computers will be built to break essentially all public key
schemes currently in use."

The importance of the problem is visible by the fact that NIST held
the First PQC Standardization Conference in April 2018.

In this report (https://csrc.nist.gov/Presentations/2018/PostQuantum-RSA)
we can read:

RSA has tons of mathematical structures and a.
long history of many scary RSA security breaches.
But users keep using RSA.
RSA-512 publicly broken:
"Let's use RSA-768."
RSA-768 publicly broken:
"Let's use RSA-1024."
RSA-2048 publicly broken by quantum computers:
"Yeah, NSA already told us to use RSA-3072."

Vernam IM does not use RSA, so it is fully PQ ready.
Q: Why we don`t use RSA/DH PKI
Because they are unreliable due to the emergence of quantum computers.

With the advent of a quantum computer, all systems that contain the RSA as
an element of security will lose all meaning. See previous question for details.
Q: Who is Vernam IM for?
Vernam IM is intended for communication with very close relationships only,
like family, business partners, couples who need top privacy and so on.

Vernam IM replicates a private analog conversation digitally.
There are no groups at the moment. Person - to - person only.
Q: How is Vernam IM different from WhatsApp, Telegram, Viber etc.?
1. Unlike all existing messengers, Vernam IM uses
the Vernam cipher – the only proven unbreakable cipher
("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).

2. All existing messengers use RSA for key exchange.
Today it is unreliable due to the emergence of quantum computers.
Vernam IM does not use RSA, so it is fully PQ ready.

3. Unlike all existing messengers, Vernam IM has no infrastructure at all.
There are no servers which require registration and stored personal data.
Q: How old is Vernam IM?
Vernam IM is a start-up.
Q: Is it available on my device?
You can use Vernam IM on smartphones and tablets. We have apps for iOS
(6 and above) and Android (4.1 and up).
Q: Where is Vernam IM based?
The producer of Vernam IM is Winterprise LP, located in Suite 260, 2323 - 32
Avenue N.E., Calgary, Alberta T2E 6Z3, Canada.
E-mail: info@winterpriselp.com
Q: Will you have ads? Or sell my data? Or steal my beloved
and enslave my children?
Absolutely not.

Vernam IM does not have any ability to collect any user information.
We have no a central server, or any access to message delivery paths
because we use third-party services.
In fact, Vernam IM was developed completely independently from
outside developers or others.

That`s why only users have full control.
Q: Why is Vernam IM not free like other messengers?
All popular messengers seem like that are really free.

But in fact most of them collect information from their users, like mobile
phone number, media files, contacts and more.

In this case, users will not know what will be done with his/her personal data.
"If you get something for free, remember: You are not a customer.
You are a commodity"

Security is worth the money, just like you would pay to put an alarm on your
car or home to protect your property.
Q: What are your thoughts on Internet privacy?
We convinced that registration and storage of personal data is unnecessary.

We do not require registration and do not store or process any personal user data.

Therefore, your personal data cannot be stolen or sold.
Q: Is there illegal content on Vernam IM?
Content is what is intended for the public.
All messages in Vernam IM are private amongst participants.
No one else can see them.
Q: Do you process data requests?
Vernam IM uses the Vernam cipher, the most secure cipher. Because of this,
we do not have any data to disclose.

There is no user data that is not encrypted by the Vernam cipher.
Q: What is Vernam IM? What do I
do here?

Vernam IM is the most secure messaging app
with a focus on security and preventing
post-quantum apocalypse
.

It uses the Vernam cipher – the only proven
unbreakable cipher ("Communication
Theory of Secrecy Systems"
, C. E. Shannon, 1949).

You can use Vernam IM on Android
and iOS devices.

With Vernam IM, you can send messages,
Photos and voice messages
encrypted by default.

More information about the Vernam cipher
can be found here:
https://en.wikipedia.org/wiki/One-time_pad
Q: What PQ Ready means?
PQ stands for Post-Quantum.
All existing messengers use RSA
for key exchange.

Today it is unreliable due to the emergence
of quantum computers.
According to NIST Post-Quantum Project
(https://csrc.nist.gov/projects/post-quantum-cryptography)
"…sufficiently large quantum computers will be
built to break essentially all public key
schemes currently in use."

The importance of the problem is visible by the fact
that NIST held the First PQC Standardization
Conference in April 2018.

In this report
(https://csrc.nist.gov/Presentations/2018/PostQuantum-RSA)
we can read:

RSA has tons of mathematical structures
and a long history of many scary RSA
security breaches.
But users keep using RSA.
RSA-512 publicly broken:
"Let's use RSA-768."
RSA-768 publicly broken:
"Let's use RSA-1024."
RSA-2048 publicly broken by
quantum computers:

"Yeah, NSA already told us to use RSA-3072."

Vernam IM does not use RSA,
so it is fully PQ ready.
Q: Why we don`t use RSA/DH PKI
Because they are unreliable due to
the emergence of quantum computers.

With the advent of a quantum computer,
all systems that contain the RSA as an element
of security will lose all meaning.

See previous question for details.
Q: Who is Vernam IM for?
Vernam IM is intended for communication
with very close relationships only, like family,
business partners, couples who need privacy
and so on.

Vernam IM replicates a private analog
conversation digitally.
There are no groups at the moment.
Person - to - person only.
Q: How is Vernam IM different from
WhatsApp, Telegram, Viber etc.?
1.
Unlike all existing messengers, Vernam IM
uses the Vernam cipher – the only
proven unbreakable cipher
("Communication Theory of Secrecy Systems",
C. E. Shannon, 1949).
2.
All existing messengers use RSA
for key exchange.
Today it is unreliable due to the emergence
of quantum computers.
Vernam IM does not use RSA,
so it is fully PQ ready.
3.
Unlike all existing messengers,
Vernam IM has no infrastructure at all.
There are no servers which require
registration and stored personal data.
Q: How old is Vernam IM?
Vernam IM`s foundation year is 2018
Q: Is it available on my device?
You can use Vernam IM
on smartphones and tablets.
We have apps for iOS (6 and above)
and Android (4.1 and up).
Q: Where is Vernam IM based?
The producer of Vernam IM
is Winterprise LP, located
in Suite 260, 2323 - 32 Avenue N.E.,
Calgary, Alberta T2E 6Z3, Canada.
E-mail: info@winterpriselp.com
Q: Will you have ads? Or sell my data?
Or steal my beloved and enslave
my children?
Absolutely not.

Vernam IM does not have any
ability to collect any user information
.
We have no a central server, or any access
to message delivery paths because we use
third-party services.In fact, Vernam IM
was developed completely independently
from outside developers or others.

That`s why only users have full control.
Q: Why is Vernam IM not free like
other messengers?
All popular messengers seem
like that are really free.

But in fact most of them collect
information from their users,
like mobile phone number,
media files, contacts and more.

In this case, users will not know
what will be done with
his/her personal data.
"If you get something for free,
remember: You are not a customer.
You are a commodity"

Security is worth the money,
just like you would pay
to put an alarm on your car or
home to protect your property.
Q: What are your thoughts on Internet privacy?
We convinced that registration
and storage of personal data
is unnecessary.

We do not require registration
and do not store or process any
personal user data.

Therefore, your personal data
annot be stolen or sold.
Q: Is there illegal content
on Vernam IM?
Content is what is intended
for the public. All messages
in Vernam IM are private
amongst participants.
No one else can see them.
Q: Do you process data requests?
Vernam IM uses the
Vernam cipher, the most
secure cipher. Because of this,
we do not have any data to disclose.

There is no user data that is not
encrypted by the Vernam cipher.

VERNAM IM BASICS

Q: Who can I write to?
You can write to people you have added to the contact list manually.
You have to create separate contact for each participant.
Q: How do I invite my friends?
Vernam IM is intended for communication with very close relationships only.

First you have to create a free DropBox account and create a new contact
(invent nicknames for you and your friend).

Then you have to meet your friend physically and have him/her scan
the QR code for the new contact.

This is the only reliable way to exchange keys at the moment.
This will give you the safest way to communicate with your partner.

If you can't meet your friend physically, then you can take a screenshot of the QR code, print it on paper and send it to your friend by DHL or other mail service.
We recommend that you use a tamper proof courier bags.
Q: How long you keep my messages on your servers?
We have no servers at all.

Your messages are stored in your DropBox folder only.
Vernam IM uses this folder only for delivery of your messages.

All messages leave your phone in encrypted form with
the help of the Vernam cipher.
Q: Who can see me 'online'?
No one.
Q: How can I see my history?
Vernam IM doesn`t keep any chat history.

When you finish you conversation, your correspondence history will be deleted
from your device instantly.

Your next conversation will start without seeing previous messages.

We do not store history anywhere.
Q: Can I make calls via Vernam IM?
Not at the moment, but it will be available in the future.
Q: Why I need a DropBox account?
Vernam IM uses user's DropBox account as a data channel.

Your message is encrypted and sent to your folder in your DropBox account.

Your subscriber reads it via Vernam IM and decrypts it.

No extra infrastructure is needed!
Q: Who can I write to?
You can write to people you have added
to the contact list manually.

You have to create separate contact
for each participant.
Q: How do I invite my friends?
Vernam IM is intended for
communication with very
close relationships only.

First you have to create a free
DropBox account and create
a new contact (invent nicknames
for you and your friend).

Then you have to meet yourfriend
physically and have him/her scan
the QR codefor the new contact.

This is the only reliable way
to exchange keys at the moment.
This will give you the safest way
to communicate with your partner.

If you can't meet your friend
physically, then you can take a
screenshot of the QR code, print it
on paper and send it to your friend
by DHL or other mail service.
We recommend that you use a
tamper proof courier bags.
Q: How long you keep my
messages on your servers?
We have no servers at all.

Your messages are stored
in your DropBox folder only.
Vernam IM uses this folder
only for delivery of your
messages.

All messages leave your
phone in encrypted form
with the help of
the Vernam cipher.
Q: Who can see me 'online'?
No one.
Q: How can I see my history?
Vernam IM doesn`t
keep any chat history.


When you finish you conversation,
your correspondence history will be
deleted from your device instantly.

Your next conversation will start
without seeing previous messages.

We do not store history anywhere.
Q: Can I make calls via Vernam IM?
Not at the moment,
but it will be available in the future.
Q: Why I need a DropBox account?
Vernam IM uses user's
DropBox account as
a data channel.

Your message is encrypted
and sent to your folder in
your DropBox account.

Your subscriber reads
it via Vernam IM and
decrypts it. No extra
infrastructure is needed!

SECURITY

Q: How secure Vernam IM is?
Vernam IM is the most secure messenger of all mass - market messengers.

It uses the Vernam cipher - the only proven unbreakable cipher
("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).

We do not use RSA or Diffie–Hellman for key exchange.
So Vernam IM is fully PQ ready.
Q: What if I need my privacy more than your average user?
Vernam IM (by design) is intended for people who need
the highest possible privacy level.
Q: So how do you encrypt data?
We use the Vernam cipher - the only proven unbreakable cipher
("Communication Theory of Secrecy Systems", C. E. Shannon, 1949).

We do not use RSA or Diffie–Hellman for key exchange.
Q: Do you collect my private information?
We do not require any registration. We have no own servers at all.
So, we do not collect or process any user`s private information.
Q: Why should I trust you?
1. We are a fully independent, private company.

2. You can scan all your traffic and you will see communication between
your device and your DropBox account only.

3. We have no ability to collect any user's personal data.

4. The Vernam cipher is a symmetric cipher, which means that the only
people with the keys are the people who created them.

5. After each conversation all keys which you've used talking
are immediately destroyed. Nobody will be able to decrypt your messages. Ever.
Q: What if my hacker friend says they could decipher Vernam IM messages?
It is theoretically impossible
Bruteforce attacks cannot be applied to this cipher.

Give it a try:
Send "Hello!" (or something else) to your contact when he/she is offline.
Open your shared folder and see "photo15.jpg" or "screenshot32.jpg" file.

Open it in a text editor and see an encrypted "Hello!".
You will see something like this: "0AAAAAHX9zpMhomKwAA4p".
Send this encrypted text to your hacker friend and ask him/her to decrypt it.



Q: Can Vernam IM protect me against everything?
All data (including media and files) that you send and receive via Vernam IM
cannot be deciphered when intercepted by your ISP, network administrator,
or other third-parties.

The only situation which may be potentially dangerous is such.

Vernam IM is running in the background and you lost your device or it has been stolen. In this case a thief can start talking with your subscriber on your behalf.

To avoid this situation, we recommend starting each conversation
with a password phrase (you have to arrange this with your partner in advance).
Q: Master key. What is it?
A master key is necessary for encryption of keys which are located on your device directly. You should invent your personal combination of numbers and letters
and enter it at every app start.

A master key is not a password, so if you enter it incorrectly you will not get a warning. However, when you send a message to your subscriber, he/she will see corrupted text or an error message "Message corrupted".

So if you receive corrupted text or an error message "Message corrupted" then
it means the following:

1. You or your subscriber entered a wrong master key;
2. Your subscriber's device was stolen and someone is trying to find the key illegally.

In both cases, you should check your own master key and connect with your subscriber in another channel and find out what has happened.

Always make sure that you have entered the master key correctly.
Keep in mind that there is no way to restore a master key if you forget it.
Q: Can I use brute force attack to find parameters for key generation?
Yes, you can.
But first compare the number of variants for AES and for our parameters.
AES key length is 256 bit, so the number of variants is equal to 2^256.

To generate a PRN sequence, the Blum-Blum-Shub algorithm requires 3 prime numbers.
Vernam IM selects them from one million prime numbers stored in it's database.
The number of variants is 1000000!/(1000000 – 3)! * 3!) = 999998*999999*1000000/6 = 1.6*10^17 = (approximately) 2^57.

The number of variants for a 2000 bit sequence of true random numbers is 2^2000.

The total number of variants is 2^57 * 2^2000 = 2^2057.
So compare 2^256 (AES) and 2^2057 (Vernam IM) and the conclusion is clear.
Q: How secure Vernam IM is?
Vernam IM is the most secure
messenger of all mass - market
messengers.

It uses the Vernam cipher - the only
proven unbreakable cipher
("Communication Theory of Secrecy
Systems", C. E. Shannon, 1949).

We do not use RSA or Diffie–Hellman
for key exchange.
So Vernam IM is fully PQ ready.
Q: What if I need my privacy more than your average user?
Vernam IM (by design) is intended
for people who need the highest
possible privacy level.
Q: So how do you encrypt data?
We use the Vernam cipher - the only
proven unbreakable cipher
("Communication Theory of Secrecy
Systems", C. E. Shannon, 1949).

We do not use RSA or Diffie–Hellman
for key exchange.
Q: Why should I trust you?
1. We are a fully independent,
private company.

2. You can scan all your traffic and
you will see communication between
your device and your DropBox
account only.

3. We have no ability to collect any
user's personal data.

4. The Vernam cipher is a symmetric cipher,
which means that the only people with
the keys are the people who created them.

5. After each conversation all keys which
you've used talking are immediately destroyed.
Nobody will be able to decrypt your messages. Ever.
Q: What if my hacker friend says they could decipher Vernam IM messages?
It is theoretically impossible
Bruteforce attacks cannot be
applied to this cipher.

Give it a try:
Send "Hello!" (or something else) to your
contact when he/she is offline.
Open your shared folder and see
"photo15.jpg" or "screenshot32.jpg" file.

Open it in a text editor and see
an encrypted "Hello!".
You will see something like this:
"0AAAAAHX9zpMhomKwAA4p".
Send this encrypted text to your hacker
friend and ask him/her to decrypt it.



Q: Can Vernam IM protect me against everything?
All data (including media and files)
that you send and receive via Vernam IM
cannot be deciphered when intercepted
by your ISP, network administrator,
or other third-parties.

The only situation which may be potentially
dangerous is such.

Vernam IM is running in the background
and you lost your device
or it has been stolen. In this case
a thief can start talking with your
subscriber on your behalf.

To avoid this situation, we recommend
starting each conversation with a password
phrase (you have to arrange this with your
partner in advance).
Q: Master key. What is it?
A master key is necessary for encryption
of keys which are located on your device
directly. You should invent your personal
combination of numbers and letters and
enter it at every app start.

A master key is not a password, so if you
enter it incorrectly you will not get a warning.
However, when you send a message
to your subscriber, he/she will see corrupted
text or an error message "Message corrupted".

So if you receive corrupted text or an error
message "Message corrupted" then
it means the following:

1. You or your subscriber entered a wrong
master key;
2. Your subscriber's device was stolen and
someone is trying to find the key illegally.

In both cases, you should check your own
master key and connect with your
subscriber in another channel and
find out what has happened.

Always make sure that you have
entered the master key correctly.
Keep in mind that there is no way
to restore a master key if you forget it.
Q: Can I use brute force attack to find parameters for key generation?
Yes, you can.
But first compare the number of variants
for AES and for our parameters.
AES key length is 256 bit, so the number
of variants is equal to 2^256.

To generate a PRN sequence,
the Blum-Blum-Shub algorithm requires
3 prime numbers.
Vernam IM selects them from one million
prime numbers stored in it's database.
The number of variants
is 1000000!/(1000000 – 3)! * 3!) =
=999998*999999*1000000/6 =
=1.6*10^17 = (approximately) 2^57.

The number of variants for a 2000 bit
sequence of true random numbers is 2^2000.

The total number of variants is
2^57 * 2^2000 = 2^2057.
So compare 2^256 (AES) and
2^2057 (Vernam IM) and the conclusion is clear.
DEEPER QUESTIONS
Q: Why not open-source everything?
All code will be released eventually.
Q: Can I use the Vernam IM API?
No.
Vernam IM has no infrastructure or servers where the software is located.
Q: What is the most probable attack?
The Vernam cipher is theoretically unbreakable.
The most probable attacks are:

- unauthorized access to the device's archive in the cloud or on the local
computer (to ensure reliability, you should not create backup copies of the device.);

- some sort of malware which can transfer anything you print to a third-party;

- recorded voice messages using eavesdropping devices;

- unauthorized access to photos that can be automatically saved in cloud services (you must disable automatic saving of photos in cloud services).
Q: Do you have a Privacy Policy?
Sure. It's simple.
We do not require, collect or process any personal data of users.

Q: Can I translate Vernam IM?
Vernam IM is officially available in English at the moment.
But you can write messages in any language.
Other languages will be added in the nearest future.
Q: My phone was stolen. What do I do?
First of all, sorry about your phone.

None of your recently sent messages will be decrypted
(the keys are disposable and are destroyed immediately after use).

If Vernam IM was turned off, then there is no danger.
To start talking on your behalf, a thief must know your master key.

If Vernam IM was in background mode, then a thief can start talking on your behalf.
To avoid this situation, we recommend starting each talk with a password
phrase (you have to arrange this with your partner in advance).

To restore your channels you have to install Vernam IM on the new
device and recreate all your channels manually.
Q: How can I move to another device?
You can't.

There is no way to transfer data from your current device to the new device.
You have to recreate all channels on the new device manually.
Q: Why not open-source everything?
All code will be released eventually.
Q: Can I use the Vernam IM API?
No.
Vernam IM has no infrastructure or
servers where the software is located.
Q: What is the most probable attack?
The Vernam cipher is theoretically
unbreakable.
The most probable attacks are:

- unauthorized access to the device's
archive in the cloud or on the local
computer (to ensure reliability, you should
not create backup copies of the device.);

- some sort of malware which can transfer
anything you print to a third-party;

- recorded voice messages using
eavesdropping devices;

- unauthorized access to photos that can
be automatically saved in cloud services
(you must disable automatic saving
of photos in cloud services).
Q: Do you have a Privacy Policy?
Sure. It's simple.
We do not require, collect or process
any personal data of users.

Q: Can I translate Vernam IM?
Vernam IM is officially available
in English at the moment.
But you can write messages
in any language. Other languages
will be added in the nearest future.
Q: My phone was stolen. What do I do?
First of all, sorry about your phone.

None of your recently sent messages
will be decrypted (the keys are
disposable and are destroyed
immediately after use).
If Vernam IM was turned off, then there
is no danger. To start talking on your
behalf, a thief must know your master key.

If Vernam IM was in background mode,
then a thief can start talking on your behalf.
To avoid this situation, we recommend
starting each talk with a password
phrase (you have to arrange this with your
partner in advance).

To restore your channels you have to install
Vernam IM on the new device and recreate
all your contacts manually.
Q: How can I move to another device?
You can't.

There is no way to transfer data from your
current device to the new device.
You have to recreate all channels on the
new device manually.