A common question here at CRIP.TO is, "Why did you decide to avoid NIST approved algorithms like SHA256 or AES when you built your solution?"
The answer is simple, these encryption methodologies could be issued with vulnerabilities built in that could compromise them, the information they protect, and the identity of the user in the future. The National Institute for Standards and Technology (NIST) is a US agency. So it makes sense for other US agencies to encourage the use of encryption they know how to compromise.
These vulnerabilities could include backdoors, sloppy coding, or other exploits that could be used to surveil individual users, entire groups, and companies. The CRIP.TO approach means its encryption algorithms are safe from these built in vulnerabilities. And as a result, so are CRIP.TO users.
A recent article posted on Bitcoin.com underscores the wisdom of avoiding these sources of encryption algorithms and methodologies. According to this article, a picture of an official letter from the US Army’s Cyber Protection Brigade has provided information that this unit working with the NSA and other agencies has been able to infiltrate and compromise various aspects of the Onion Router (Tor), Invisible Internet Project (IP2), Virtual Private Networks (VPNs), and other methods used to cloak the identity and online activities of users. Also mentioned is the need for additional resources to address the Crypto Note code used in some anonymous cryptocurrencies.
Whether the picture is legitimate or not is up for debate. Sources in the encryption and cryptocurrency community have attested to its authenticity. Still, it is uncommon for intelligence agencies to divulge the fact that they have compromised security measures as it leads their users to strengthening their systems. The article further speculates it is a ruse to prey upon fears of being compromised that exist in these communities.
Real or not, it is clear that there are active efforts to crack all forms of encryption in use and to crack the cryptocurrency field. The American FBI stated publically a few weeks ago that use of strong encryption should be viewed as a threat to national security.
CRIP.TO is dedicated to keeping its users’ identities and the content of their communications safe and resistant to decryption. By avoiding the use of NIST approved encryption and offering a passive (non-internet connected) hardware device to hold encryption keys and processes, we know there are no backdoors or vulnerabilities in code or hardware. That is something that can’t be verified when using large company or governmental agency produced alternatives.
The CRIP.TO solution extends to cryptocurrency coin and transaction protection as well. The integrated crypto wallet will protect its contents like any other communication a user sends. By comparison, Bitcoin and other cryptocurrencies use NIST approved encryption. Perhaps, if the letter in the article is legitimate, this is the area the US agencies referencing as targets for further compromise.
The CRIP.TO end-to-end encryption solution is perhaps the most secure available anywhere. It doesn’t make sense to trust your identity and information to anything less.