A Safer Way

Crosspass is a mobile app for sending passwords and text notes.

Crosspass functions peer-to-peer and encrypts end-to-end. It authenticates communicating parties by using the OPAQUE cryptographic protocol.

How It Works

Every shared password has a Lookup ID and a single-use PIN. These must be communicated to the recipient by email or IM.

Think of the PIN as a debit card ATM PIN.
A thief would have only three attempts to guess it until he is locked out.

Example

Step 1

Alice wants to send a password Qwerty123 to Bob.
She creates a password share in Crosspass and receives a Lookup ID of YNMK and a PIN of 9038.

Step 2

The password has not been sent to a server but remains on Alice’s phone only.
She must keep her phone online for Bob to retrieve the password.

Step 3

She emails YNMK 9038 to Bob and he enters it into his Crosspass app.
His phone retrieves the password Qwerty123 from her phone, encrypted end to end.

Step 4

The password gets deleted from Alice’s phone.
The password remains on Bob’s phone for a day.

Features

End-to-end encryption

One end is the sender’s mobile phone, and the other end is the recipient’s mobile phone.

The encryption scheme is based on the OPAQUE protocol. See the white paper for details.

Text notes

When you need to send more than just a password, use the text note option. For instance, use it for sending credit cards or bank account information.

Brute force attacks

The API server does not keep any hashed passwords and the app limits attempts to retrieve the password. Therefore, a MITM could not brute-force the PIN.

Impersonation attacks

The app does not rely on receiving a recipient’s public key from the server. Therefore, a MITM who does not know the PIN cannot impersonate the recipient.

Free to receive

It is always free to receive the passwords and notes which you send, so that the process has no barriers for your recipients.

You can send three passwords for free. After that there is a one-time fee of $1 to continue sending.

Anonymity

Crosspass does not ask users for their phone numbers or email addresses.

Crosspass uses Push Notifications and has in-app purchases via App Store on iOS and Google Play on Android.

Not Only for Passwords

Credit card numbers

Bank account numbers

Driving License numbers

Social Security numbers

PGP fingerprints

API credentials

Frequently Asked Questions

Why would I ever need to share my own password?
Examples:
- Encrypt a ZIP file and send the password by Crosspass
- Send your gate code to your AirBnb cleaner
- Let your mom watch your Netflix
- Send a password or an API token to your client
- Access the same encrypted drive (Veracrypt, BitLocker, DMG, Cryptomator)
More use cases
Why should I trust Crosspass?
Your secrets are stored on your mobile phone and are shared in encrypted form.
- The Crosspass server never sees your passwords or private notes.
- It relays blobs of data between two phones, but it cannot decrypt them.
- It does not hold any encryption keys of users (no public, private, symmetric, or Diffie-Hellman shares).
If the Crosspass server is compromised, the perpetrator must guess an equivalent of 11 coin flips in sequence in order to MITM a single exchange. Other server-based encryption apps can MITM without difficulty by giving out rogue cryptographic keys.
Learn more
What happens if the PIN is intercepted?

Whoever gets to use the PIN first is the winner. However, a theft would be hard to conceal. If a thief uses the PIN first but cannot be a MITM, then the real recipient will complain to the sender that he cannot access the share. (The share can be accessed only once.)
Learn more
Do I need to send the PIN by another channel?

You can send both the Lookup ID and PIN together. However, if you are communicating over an insecure channel and you need to refer to the share without mentioning the PIN, then you can refer to it by the Lookup ID.
Learn more
Why not use Signal or WhatsApp to send a password?

First, the sender cannot compose a message by IM unless the recipient already has the same IM and the sender knows recipient’s phone number.

Second, the Signal server keeps track of “who is who,” namely it proxies public keys and Diffie-Hellman shares. Therefore, the server can MITM any conversation. Preventing this requires verifying “Safety Numbers”, which are 60 digits long, before texting. Use Crosspass to exchange and verify them conveniently.

Ditto for WhatsApp where the “Safety Numbers” are called “Security Code”.
Learn more
Why not share a password via a Password Manager?

If they rely on asymmetric encryption, then they have the same MITM issue as Signal and WhatsApp.

If they rely on symmetric encryption, then the password manager stores a first part of cryptographic data on the server and a second part in a shared code or web link. However, the assumption is that no thief can collect these two parts, neither immediately nor at any future time. But this cannot be guarranteed because no one can guarrantee the deletion of data.
Learn more
Why not use PGP to share a password?

There are usability problems with PGP which is the reason for its small adoption since it was invented in 1991. However, if you already use PGP with success, then you can still benefit from using Crosspass to exchange PGP public keys or fingerprints.
Learn more
What information is observed on the Crosspass API server?
From the perspective of the Crosspass server the user is anonymous. Only Apple or Google can map the collected information to the identity of the owner of the iOS or Android device respectively.

The Crosspass API server observes the following information:
- Device ID of the sender’s device.
- IP addresses of both sender and recipient.
- The date and time when requests are made.
- App Store or Play Store payment receipt of the sender.
- Device Check (for iOS only).
- Attestation that the requests to the server originate from authentic Crosspass app running on a real device.
What information is stored on the device?
The Crosspass app stores the following on the device:
- The outbound password is stored on sender’s device until it is retrieved by recipient.
  Then it is deleted on the sender’s device.
- Cryptographic keys that can decode ciphertext are stored on the sender’s device until the password is retrieved by the recipient. Then all cryptographic keys pertaining to this password are deleted on the sender’s device.
- If the recipient has not retrieved the password, the password will remain on the sender’s device for two weeks, then will be deleted.
- Received password is stored on the recipient’s device for 24 hours, then it is deleted.
Note that data on either device is not backed up in iCloud.
Can I use Crosspass on Desktop or Web?

The short answer is no, however a desktop version is planned in the future. Until then, use Crosspass in conjunction with a password manager to copy-paste text between your desktop and your phone.

Communication web apps by their nature are subject to JavaScript Backdoor attacks, thus they cannot provide an end-to-end encryption guarantee. For this reason a web app for Crosspass will not be available.
Can I share files with Crosspass?

Crosspass is designed to complement existing workflows. For example, use WinZip to create an AES-encrypted ZIP archive and transfer it by Dropbox. Then, use Crosspass to send the encryption password.