## Author's subjective opinion

Output of the program is as safe as possible and is by far one of the most secure encryption programs in the world. Only criteria during the development was maximum security.

Every single encryption or hashing algorithm was judged only based on it's quality with speed being irrelevant. Maximum emphasis was also placed on implementation and use of individual cryptographic functions and software as whole.

Only way to decode original content is by using correct password. Successful attack on two 4096 bit keys and 256 bit encrypted salt with using 6 respected symmetrical ciphers in safe cascade belongs to the realm of fantasy.

Program doesn't include any backdoors and design itself doesn't allow hiding them.

It's designed for absolute security of stored information. This first published version will also serve as reference to the future. It's prepared to decode and check future version of SafeNotes standard.

Whole logic of Safe Notes format is designed to be impenetrable even in future. It could be said that it's in its nature unique. It's completely documented and it can be assumed that excellent programmers will find reasons why it's been created the way it is.

**Instead of an epilogue**

Publishing of this program was initially not even planned. It is a result of two decades of step by step development of safe algorithms and a product which quality is hidden deep inside instead of outside visual look what in today’s world is not as much appreciated. My aim was to reveal the informations in such safe way, that the key to read them will appear later on. Initial idea was to create a simple reader without possibility of writing with it. At the end from my program used by many of my friends I have created this final version with complete description of algorithms.

## Safe Notes encryption

The only weak point is your password. Using purely random alphanumerically characters (a-z, A-Z, 0-9) as your passphrase, you need to specify 11 unique characters for 64-bit security. More characters: 24 total characters (16 unique) has about a 128-bit security, and 50 characters (22 unique) has about a 256-bit security. Using special characters from full unicode range, you become for 8 characters about 128-bit security! And 20 characters (15 unique) has about a 256-bit secutity.

Ciphers for encryption are AES, Blowfish, Twofish, IDEA, CAST6 and Serpent. They are used one after another in cascade with separate cipher keys and separate initialization vectors. This requires a "master" key with a 2240-bit length. SafeNotes uses three independent keys, one for head, one for salt and one for data encryption. This will increase the need for keys to 6720-bit. Much more than the most commonly used 128-bit or 256-bit keys. The NSA requires 128-bit keys for data marked SECRET, while it requires 256-bit keys for data marked TOP SECRET.

The cascade encryption is often represented as a matryoshka doll, but it is not accurate. You can not decode keys one by one, but only together as a whole. This is a very big difference, like when four 256-bit ciphers together have 258-bit instead of the 1024-bit security!

## Freeware version

The free distributed unregistered version (5.0.1) use subkeys (Key2/Key2salt) with reduced length. Subkeys safety in unregistered version is 128-bit. The initial 128-bit subkeys can be increased to 160-bit or more (up to 2240-bit). To use this, you must be a student or poor-man or you must have a personal license. Subkey Key2head has always full 4096-bit.

**Technical information**

Cost for hack 64-bit subkey has price significantly exceeds 100 billion dollars. Note that the subkey Key2head has always full 4096-bit (6-ciphers use 2240-bit from this) and there is no chance to break the key. Reduced subkey that the attacker had successfully cracked must be identified only by a decoded text analysis. Checksum hash is not available. That can do only the best of the best programmers with very high computerpower because computation time is much more longer than the times for checksum comparison.

Supercomputer with 50 petaFLOPS will be need 292 years for attack to 64-bit subkey in Safe Notes.
It would be cost* hundreds of billions dollars!*

Attack to a 128-bit or larger subkey in SafeNotes is only a fantasy realm. *It is simply impossible!*

The table below uses a value $0.068 per teraFLOPShour. For cracking of one safenotes-key you need 500 MegaFLOPS. One teraFLOPShour is 3600 teraFLOPS.

Note that the password needs 24 times more crack-time as the key, 12 GigaFLOPS. So, for example, breaking 48-bit password will cost $63 801 000 US dollars.

**Performance trend**

When we compare highest performance from 1990 to 2016, we can see that doubling time of performance is 1.1 year. So, after 22 years will increase performance a million times. This is equivalent to 20 bits in the security. Simplified, for every year you can count on increased performance of one bit. In other words, after 32 years, a 96-bit key will be as safe as today's 64-bit (and a 128-bit as today's 96-bit).

Top supercomputer speeds from wikipedia.

Estimated crack costs over time for 80/96/128 bit sub-keys. Simplified, you can count on a double increase in performance each year.

**Quantum cryptography and the exponential increase in computer performance**

SafeNotes use cryptographic algorithm system that are absolutely secure against an attack by a quantum computer in the future. More dangerous threat is the increase in the performance of computers. It is not linear but exponential. This increase in time stop, but we do not know when. For our application SafeNotes this is not a problem, but as has been written many times,

__.__

*the only weak point is your password*In the table above is in the third column the number of years needed for today's supercomputer ( 50 petaflops ) and in the fourth column (NSA-NotSecureAfter) is the year after which it will be possible to break the password using future theoretical supercomputers without limits. Very theoretically. For an estimate of the real future, see the charts in the next section.

Performance of today's (2017) Supercomputer with a capacity of 50 petaflops cost 596,088,000 USD/year.

Future supercomputers are defined by the exponential increase in performance. Each year, the power doubles. The probability that overcome this definition is close to zero. Financial costs per year will be approximately the same.

**Encryption security and the future**

You can create various security graphs in SafeNotes application: Tools / Password checker and Generator

This tool supports not only SafeNotes but also many popular encryption tools such as TrueCrypt, Keepass, VeraCrypt, PasswordSafe, or 7zip, Wifi-WPA2, etc.

A few examples:

Note that the SafeNotes password needs 24 times more crack-time as the SafeNotes key. Therefore has password about 4.6-bit bigger security.

## Registered personal non-commercial version

The registration can change safety to more bits. Typicaly to 384-bits, but theoretical can by 128, 160, 192, 256, 384, 512, 768, 1024 or so. Value 1024 or higher has no limitation and use full 4096-bit subkeys (notice: 6-ciphers use 2240-bit from 4096-bit key).

All over 64-bit is very very safe and over 96-bit there is no chance to break the key. Further increasing of the keysize is only a matter of prestige and psychical feeling. Of course we are talking about safenotes-subkey not the general strength of other encryption keys.

This registration is free but donation is very welcome.

## Registered commercial version

Personal commercial version costs 49 eur. Keysize is unlimited, 2240 bits. License is fixed to a single computer. No time limit. Update license to another computer cost 15 eur.

Company comercial version has other license. Here is price individually negotiated with each partner. Keysize is 2240 bits. Each license is fixed to a single computer and is non-transferable. The total cost must not be high, summarily prices start from €140.

## National patriot version

If you are a patriot, you can buy a complete language version with defined higher security for an unregistered version of your compatriots. This language version will then be free for all non-commercial users. For example: Danish-136bit-version sponsored by iGolem Bank, or Norwegian-144bit-version sponsored by IT-com Soft and so on. At this time the highest patriot version is Slovak-160bit-version. Sponsor does not want to be published.

## Cryptographic Postulates from Author of Safe Notes

*§1. Password Security - First Postulate*Let P be a password, key or hash, which will be used as input to one- way cryptographic function. Sequence of any characters of any non- zero size is described as A. Then it applies that if you supplement P by adding A, security will increase. (*)

*§2. Hash Security - Second Postulate*Let H1 be a one way hash function of original text T. Next we'll label as H2,H3...Hn various other one way hash functions of text T. Then it applies that if we replace H1 by function H = H1^H2[^H3^...^Hn] made of H1 a one or more functions, security will increase.

*§3. Cipher security - Third Postulate*Let T be the original text. Let's label C1 as encrypted T by algoritm A1 and key K1. Next we'll create C2 by encrypting C1 with different algoritm A2 a key K2. Then it applies, that if instead of C1 we use C2 created from it, security will increase.

*Notice:*(*) This applies also when we add A, which is some function P. Also bigger the input is in comparison to output, the lesser is it's influence of additional increases.

(**) Operator ^ describes function of xor bytes on same position in output of one-way functions. Parentheses [ and ] describe optional values.

(***) This applies in similar method to following C3(K3),... Cn(Kn) while input is always previous output.

Necessary requirement of one-way cryptographic function is that during calculations it uses equivalent of original uncut input without loss of information. HMAC and PBKDF2 functions do not fulfill this under certain conditions! Which is why SafeNotes always securely treats input parameters before using these functions.

*Symbolically we can record/express postulates like this, while < marks lower security:*__§ 1. Password Security__

P < P+A < P+A+A2 < ...

P < P+f(P)

P < P+P [example of use of very simple function f]

__§ 2. Hash Security__

H1(T) < H1(T)^H2(T) < H1(T)^H2(T)^H3(T) < ...

H1(T) < H1(T)^H2(T) < H1(T)^H2(T+H1(T)) [§2 and §1]

__§ 3. Cipher security__

A1(T,K1) < A2(A1(T,K1),K2) < A3(A2(A1(T,K1),K2),K3) < ...

SafeNotes encryption is designed in line with these postulates.