FortKnoxster is a cyber-security company offering private and secure messaging, calling and cloud storage worldwide for everyone including businesses. FortKnoxster uses strong end-to-end encryption with advanced blockchain technology and zero-knowledge principals to protect its user’s online privacy. In short, privacy is our business and our privacy by design principals help make the world a safer place and enforces people’s human right to privacy.

End-to-end encryption ensures that any messages and files you send and receive, can only be read by you and the person you are communicating with, and nobody else, not even FortKnoxster.
Any security system is only as secure as its weakest link. This article explains the most important key points in a secure communication system like FortKnoxster.

Personal Password

A personal password is a text phrase that you choose when creating an online account and is the most critical point in any authentication system, meaning every online site you log on to daily. The “personal” part really cannot be emphasized enough and means that your password is private and should only be known to you. The moment your personal password is transmitted or stored in plain text; it is no longer private to you. Unfortunately, most popular online sites, like Google, Twitter and many others, do not take this seriously at all. Any security researcher and skilled technical can verify this in the browser. You must therefore in general assume that the password you use on these sites is compromised, known to others and no longer private.

YES, THIS IS QUITE EYE-OPENING, BUT IT IS THE PURE REALITY.

Unlike most other popular messaging apps, FortKnoxster enforces a strong password. This strong password is never ever transmitted or stored in plain text on FortKnoxster’s servers and is only known to the user. Instead the password is transformed to an irreversible encrypted string using cryptographic hashing algorithms before transmission. The encrypted outcome string becomes your actual password and is transmitted during authentication. Therefore, your personal password is never known to anyone besides you.

FortKnoxster password tips – each point must be taken extremely seriously.

  1. Never use any identifiable information in your password, like birthdays, names, address etc. a clever hacker can find out this information from other sites.
  2. Always use a unique password. FortKnoxster enforces the best possible security measures to prevent its users’ passwords from being brute forced and hacked, however we cannot prevent other sites from being hacked. Your password from another site may have been stolen and/or leaked. Most popular sites transmit your password in plaintext and believe it or not many sites still store your password as plain text in their databases.
  3. Fulfill the password criteria in our “How to choose a password?” guide. We recommend you choose a password that is at least 12 characters long.
  4. Avoid weak and commonly used passwords, instead use a password generator.
  5. Never share your password with anyone via email, text message or other media.
  6. Don’t forget or lose your password. FortKnoxster cannot reset your password nor recover access to your encrypted data, as we don’t have access to your private encryption keys. Therefore, make sure to generate your FortKnoxster account recovery key (coming soon) to regain full access to your data and reset your password. Always make sure to keep your password and account recovery key in a safe place. We recommend using a password manager such as LastPass.

Your personal password is also used to protect the private keys of the cryptographic key material you generated during the registration as it derives secure keys for both authentication and for protection of the users’ private encryption keys. For more details, please check out How are my private keys protected?

Decentralized Trust Is A Must

Trust is of vital importance and is the most important elements in any crypto infrastructure. A centralized trust model is a common challenge today, as it becomes a single point of failure.

FortKnoxster is built using advanced end-to-end encryption with strong public key cryptography and symmetric encryption using RSA, Elliptic Curve and AES cipher suites, and blockchain technology. Any system can enable end-to-end encryption, but if the private key material is purely managed, the end-to-end encryption is useless. Examples of such purely designed systems are messaging apps that do not protect the private key material properly like with a personal password and enables account access and recovery using SMS codes which are vulnerable to the well-known SS7 attack.

FortKnoxster takes care of key management for its users, where only the user can access its private keys, using a derived key from the user’s personal password. Different private keys are used for decryption and signing based on the appropriate algorithm for the various crypto operations. FortKnoxster’s end-to-end encryption covers confidentiality, message integrity and authenticity and sender identity by signing each encrypted message before sent to the receiver, which can then be verified by the receiver and decrypted only by the receiver. Furthermore we use the Ethereum blockchain and IPFS to store each user’s identity, which is a self-signed object containing the user ID and the user’s public identity key, which are inserted into a Merkle-tree, who’s root hash is finally stored in a smart contract on the Ethereum blockchain.

When FortKnoxster’s users connect with each other, they cryptographically sign each other as contacts, so they establish a trusted communication link between them, which can finally be verified through the blockchain guaranteeing, that any user’s public keys in fact come from the claimed user and therefore prevent MITM attacks. This is a common cryptographic problem, to trust that the public keys belonging to a specific person. Most available solutions consist of a centralized approach, such as Certificate Authorities, but FortKnoxster uses a decentralized approach, using the Ethereum blockchain, IPFS and self-signed contacts to solve this problem.

 

Join FortKnoxster and start protecting your online privacy.

 

Please also join our Telegram group and visit our Facebook page and Twitter page for more inspiration.