ASH Logo ASH
Security

What ASH Protects

Security isn't magic — it's a set of specific protections with clear boundaries. Here's exactly what ASH does and doesn't protect against.

The Short Version

ASH protects the content of your messages with mathematically proven security. No one — hackers, governments, future quantum computers, or us — can read your messages without your key.

However, ASH cannot protect you from a compromised phone, a partner who betrays you, or someone looking over your shoulder. No technology can do that.

What ASH Protects Against

These are the threats ASH is specifically designed to defend against. In each case, the protection is mathematically proven — not just "very strong."

Network Threats

Hackers, ISPs, Wi-Fi snoopers, government surveillance programs — anyone watching your internet traffic sees only random noise.

Why it works: Your message is encrypted before it leaves your phone. All anyone can intercept is encrypted data that's mathematically impossible to decode.

Server Compromise

Even if our servers are hacked, subpoenaed, or taken over by a malicious actor, your messages remain safe.

Why it works: Our servers never have your encryption keys. They only pass along encrypted data — they literally cannot read your messages.

Future Technology

Quantum computers, AI breakthroughs, new cryptanalysis methods — none of these can break ASH encryption.

Why it works: One-Time Pad security isn't based on "hard problems" that might be solved. It's based on information theory — mathematically impossible to break, period.

What ASH Does NOT Protect Against

These are fundamental limitations that apply to any messaging system — not flaws in ASH. Being honest about these helps you use ASH safely.

Important: No technology can protect you from a compromised device or a person who betrays your trust. ASH is honest about these boundaries.

Hacked Phone

If your phone has malware, spyware, or has been compromised, attackers can read messages before encryption or after decryption.

Protect yourself: Keep your phone updated, don't install apps from untrusted sources, use device encryption.

Partner Betrayal

The person you're messaging can screenshot conversations, record their screen, or simply tell others what you said.

Protect yourself: Only use ASH with people you genuinely trust. Trust is the foundation of secure communication.

Visual Observation

Someone looking at your screen, security cameras, or mirrors can see your messages and the QR codes during setup.

Protect yourself: Do the key ceremony in private. Don't read sensitive messages in public places.

Legal Demands

If you still have the key on your phone, you could be legally compelled to decrypt messages (laws vary by jurisdiction).

Protect yourself: Use the burn feature when you're done. Once the key is destroyed, decryption is physically impossible.

Metadata

An observer can see that you're using ASH and roughly when you send messages, even though they can't read the content.

Note: ASH pads messages to hide their size, but doesn't provide anonymity. This is a deliberate design choice.

Device Forensics

Advanced forensic analysis might recover deleted data from device memory, though ASH tries to securely erase sensitive data.

Note: This is a hardware/OS limitation. No app can guarantee forensic irrecoverability.

How to Use ASH Safely

ASH's security depends on you using it correctly. Follow these practices:

1

Do the ceremony in private

Find a place where no one can see your screens — no cameras, no mirrors, no people looking over your shoulder. A private room or quiet corner works well.

2

Share the passphrase verbally

The ceremony requires a passphrase. Speak it out loud to each other — don't text it, email it, or write it down anywhere digital.

3

Verify the 6-word checksum

After scanning, both phones show the same 6 words. Say them out loud to confirm they match — this proves the key exchange worked correctly.

4

Trust your partner completely

ASH protects your messages from outsiders, but your conversation partner can always share what you say. Only use ASH with people you fully trust.

5

Keep your phone secure

Use a strong passcode, keep your OS updated, and don't install apps from untrusted sources. A compromised phone compromises everything.

6

Burn when you're done

When your conversation is complete, use the burn feature. This destroys all key material, making it impossible for anyone to ever decrypt your messages — including you.

Security Properties (Technical)

For those who want the details, here are ASH's specific security guarantees:

Property What It Means
Perfect Secrecy Encrypted messages reveal zero information about the original content — proven by Shannon's theorem (1949)
Information-Theoretic Authentication 256-bit Wegman-Carter MAC with ~2^-128 forgery probability — mathematically unforgeable
Forward Secrecy Key bytes are destroyed after use — past messages stay secure even if your device is later compromised
Quantum Immunity Security doesn't depend on computational hardness — immune to all future computing advances
Traffic Analysis Protection All messages padded to minimum 32 bytes — short messages can't be identified by size
Zero-Trust Relay Server never has keys — even full server compromise reveals nothing

Who Do You Have to Trust?

ASH is designed to minimize trust requirements. Here's what you're trusting and what you're not:

Don't Need to Trust

  • Our servers — They never see your keys or unencrypted messages
  • The network — All data is encrypted before transmission
  • Future technology — OTP is provably unbreakable forever

Must Trust

  • Your device — A compromised phone compromises everything
  • Your operating system — iOS provides the secure storage and randomness
  • Your conversation partner — They can always share what you say

For technical specifications, see the Whitepaper. For our ethical position on privacy tools, see Ethics.