What is URSA?
URSA is a symmetric encryption program written in JavaScript language. Its main encryption engine is XSalsa20, a fast, well-vetted stream cipher by Bernstein and others. You can use URSA with pretty much any other program in order to secure text-based content so that only those possessing the encryption Key can read it.
URSA is self-contained. It does not need to be connected to the Internet in order to do its job. It does not send anything out, either.
How much does it cost?
Well, that depends on whether you have it for private use, for business, or for education. . . . Just kiddin'! Other programs that supposedly enhance your privacy may talk like this, but not URSA. This is the URSA price chart:
- Private use: free
- Education: free
- For Business: free
Always free, because it costs us almost nothing to provide the service, why shouldn't we just give it away for free? The best things in life are all free, my friend: air, love, freedom, and now URSA.
URSA says my Key is Terrible!
This is probably because it is terrible, and will give you no real security. Hackers guess users' keys and passwords by trying words contained in special dictionaries. If your Key is made from those, they'll guess it very quickly. URSA contains dictionaries of the 10,000 most common English words and the 1,000 most common English passwords, and will give you a reduced score if you use those. To compensate, URSA adds extra computations for weaker Keys, and tells you approximately how long it will take to compute the Key you have just entered. If you want URSA to be snappy, get a Key score above Medium.
You can memorize the Key, or you can use as Key a piece of text that you can retrieve easily, such as an electronic book. If the Key is five times as long as the message, URSA switches automatically to Pad mode, which is provably unbreakable.
Can I use multiple devices?
Yes. URSA stores nothing, so there is nothing keeping you from using a different device. The code runs identically on any device.
Can I change the Key?
Sure, but then you must deliver this new Key to those you wish to communicate with, which can be really tricky. This is why URSA is most useful when you actually meet in person with your correspondents from time to time.
What is Pad mode?
If you enter a Key that is at least five times as long as the message, URSA switches automatically to Pad mode. In this mode, the locked message can never be unlocked by anyone who does not possess the Key, regardless of computing power at his/her/its disposal, present or future, including quantum machines. Good sources for long Keys are: books in your library, online books, images (after turning them into text by loading them into the main box). The recipient, needless to say, must possess the same long Key.
What is Human mode?
Sometimes you just can't trust the machine. For this scenario, URSA includes an encryption algorithm that can be performed by hand, with just the help of paper and pencil. URSA shifts into Human mode whenever you supply a shared Key that consists of three strings separated by tildes "~" (or two tildes after a single string). Type your message in Latin characters, then press Encrypt normally. Bear in mind that all punctuation will be represented as periods upon decryption.
To do the algorithm by hand, follow the instructions in this link.
What is Chat?
Let's say you find yourself exchanging URSA-locked emails with someone every few minutes. Since both of you are currently online, wouldn't it be more effective to have a real-time chat session? URSA has a button for that. When you click Chat, a special chat invitation is generated, which you can email just like any other locked message. When you are ready to begin the session, unlock the invitation as you would unlock any other locked message. A chat window opens on a browser tab (sorry, not on Internet Explorer, Safari, or anything under iOS, since they don't yet support the WebRTC protocol that the chat needs). You'll be asked to supply a name to identify yourself on the chat and click a Start button.
When a recipient of your invitation unlocks it, a similar chat window opens on his/her side, and then you're both connected in real time. The chat session can involve just text and files, or you can add audio, or even video. The sender decides the type of chat when making the invitation.
Negotiating the chat connection does require an outside server, which is Firebase.io, but after the connection is made the server is no longer contacted and sees none of the data exchanged between the participants. That data is encrypted and sent directly from one machine to the other. A third party can join only if it is given the exact URL of the chat, which not even Firebase.io saw in its entirety.
What is the Hide button for?
Sometimes just sending or receiving an obviously encrypted message can be too risky. This is why URSA has a Hide button, which appears when a locked message is produced. When you click it, URSA asks you for a cover text. A cover text is what you want your message to look like; it can be a piece of literature, technical writing, or just spam. It must be sufficiently long. After you supply it, URSA encodes the locked message into letters and spaces of the cover text, so the result looks like the cover text. Since the last sentence is likely incomplete, you can complete it by typing some more without altering the encoding. Then go ahead and email it.
The recipient only needs to copy this text into URSA, and it will decode and unlock automatically if the Key is already entered, just like the original random-looking locked message.
Encrypt to Image?
Another way to hide the very existence of a secret message is to put it inside an image. URSA does this with a state of the art algorithm based on F5, which changes the least significant data of an image in order to encode the message, which is encrypted and then hidden with a single click. The resulting image can be either in PNG or JPG format. Decryption involves writing the key and then loading the image. For the super-paranoid, there is the possibility of adding a second message in addition to the main message, which is encrypted under a different key.
What are URSA's weaknesses, and how do I protect against them?
One obvious problem is how to get the Key to the recipient. Just locking it with an old Key does not solve the problem because if that Key is compromised, then the new Key is compromised as well. If there is not way to get the parties involved in one room so they can exchange Keys securely, then you may have to use an asymmetric encryption program like PassLok or SeeOnce in order to deliver the new Keys.
The second weakness is that the source code may have been tampered with if hackers gain access to the URSA web server. URSA's help page also contains instructions on how to authenticate the code, which involves taking the SHA256 hash of the code with a local or online utility, and comparing the result with what the developer has published and watching a one-minute video (see the Get URSA tab). This is not a problem with the native app versions, which are code-signed by the respective app stores.
Incidentally, every encryption app out there has these same weaknesses. They just don't tell their users about them, or how to protect against them.
But URSA is written in JavaScript, which makes it inherently unsafe, right?
Not necessarily. JavaScript code is liable to be replaced by malicious code by a method called code injection, but this is only triggered if the original code calls an outside resource or if the user clicks a link within the page. URSA does all its work client-side, without ever calling an outside resource. Chat does connect to Firebase.io, but it does so on a separate browser tab without contact with the URSA code. If you are concerned about code injection, go ahead and turn off all browser extensions before running URSA.
But isn't it better to do encryption on the server, so the code is safe from prying eyes?
Oh, really? And then how do you know the code is genuine and it's doing what it says it does? By having the code run on the client, you can actually read the code before you execute it and take its SHA256 digital fingerprint. If the code runs on a server, you just have to trust. What's more, you have to send the plaintext out of your machine, trusting that SSL/TLS, if used, is doing its job. But since Heartbleed and the NSA revelations, we know this is not necessarily true.
Just about every other security app out there uses some sort of server intervention, but they are not doing it to help you. They are doing it so they can have something yours to make money. URSA needs very few resources and therefore we are not trying to make money, which frees us from servers and from holding any sort of private data. Our Privacy Policy is real simple: we have nothing from you. On the contrary, you have our complete code to use as you see fit, except making money from it.
Is there more?
URSA does only symmetric encryption but yes, there is way more that you can do, using PassLok. This is URSA's big sibling, and it can do three kinds of asymmetric encryption (including self-destruct messaging) as well as hide its output within text in four different ways and also inside images. PassLok can unlock URSA-locked messages, and can lock short messages that URSA can then unlock. You can read all about it at the PassLok Weebly site.
And then, there is SeeOnce, which involves only the self-destruct encryption methods of PassLok. SeeOnce uses only asymmetric encryption. If you want to learn about cryptography, you may want to start with URSA, then check out SeeOnce, and finally tackle PassLok.
Why are you doing this?
Because we love people, and we believe their ability to communicate privately is a God-given right. When they exercise it, they are supporting innovation, free exchange of ideas, better government, and then everyone benefits. It's the bad, tyrannical governments throughout history that fear ironclad private communications, because they see enemies everywhere.
Will terrorists and pedophiles be able to use URSA? Sure, as they also use roads, electricity, and indoor plumbing. But likely they are already using something heavier than URSA in order to protect their online communications. It's the little guy on the street who is having his privacy trampled on these days, and this is the guy we are trying to serve.
Who are you?
My name is Francisco Ruiz and I am the leader of the URSA/PassLok/SeeOnce project. I have been a professor at the Illinois Institute of Technology, in Chicago, since 1987. In addition to cryptography, I have interests in energy, transportation, literature, music, photography, and theology. Our previous cryptography app, PassLok, also has a page on Weebly , as well as SeeOnce. You can read some more about all these projects at my page at IIT, or my personal page at prgomez.com. Drop me a line at [email protected]