Frequently Asked
Questions
Everything you need to know about quantum-safe encryption and CQRIT.
Hacking Methods CQRIT Protects Against
In addition to Man-in-the-Middle (MITM) and screen recording techniques, hackers use several other methods to steal passwords, encryption keys, and session tokens. These methods can generally be categorized based on whether they target the user, the network, or the system itself.
🛡️ CQRIT Was Specifically Designed to Defeat These Attacks
Unlike traditional encryption solutions, CQRIT employs a multi-layered defense strategy implemented in Rust for maximum performance and security. This makes it virtually impossible for attackers to steal your keys or decrypt your data:
Offline Operation
By working completely offline, CQRIT eliminates all network-based attack vectors including MITM, packet sniffing, and session hijacking.
Black Box Approach
The encryption engine operates as a complete black box, making reverse engineering and memory extraction virtually impossible.
AI-Driven Obfuscation
Advanced obfuscation techniques randomize memory patterns and execution flows, defeating keyloggers, memory scrapers, and forensic analysis.
UI Obfuscation with HTML5 Canvas
Critical input fields are rendered using HTML5 canvas drawing techniques, preventing screen capture malware from reading the displayed content.
Security Camera Obfuscation
Visual distortion and pattern randomization protect against physical surveillance and shoulder surfing attacks.
Keystroke Redefinition & Encoding
Rust-powered keystroke redefinition and encoding techniques transform input at the lowest level, making keylogger output meaningless even if captured.
💡 Result: This comprehensive approach, built with Rust for performance and memory safety, means that even if an attacker compromises your device, intercepts your network traffic, or physically observes your screen, they still cannot access your encrypted data or steal your encryption keys.
Methods Targeting the User's System/Device
These attacks focus on getting malicious software onto your computer or physical access to the device.
Keystroke Recording
Keylogging (or Keystroke Logging)
Malware installed on the target device records every key pressed on the keyboard, capturing usernames, passwords, and other sensitive information as they are typed. Keyloggers can be software-based (malware) or hardware-based (a small device plugged between the keyboard and the computer).
Screen Capture
Screen Scraping or Screen Logging
Malware that periodically captures images or video of the user's screen. This is used to bypass detection mechanisms that might only look for keyloggers, capturing passwords entered via virtual keyboards or displayed on the screen.
Memory Extraction
Memory Scraping or RAM Scraping
Malware that scans the computer's memory (RAM) for sensitive data, such as decrypted passwords, credit card numbers, or encryption keys that are temporarily loaded into memory by legitimate applications (like web browsers or point-of-sale systems).
Password File Theft
Local Discovery
Malicious software locates and steals locally stored credentials, such as saved passwords in web browser profiles, configuration files, or the SAM (Security Account Manager) file on Windows, which holds hashed local passwords.
Methods Targeting the Network/Connection
These methods focus on intercepting the data as it travels between your device and the server.
Traffic Eavesdropping
Packet Sniffing
Using tools to intercept and analyze data packets traveling over a network (especially unsecured Wi-Fi). If the data is not properly encrypted (e.g., if a site uses HTTP instead of HTTPS), the data, including passwords and cookies, can be read directly.
Connection Hijack
Session Hijacking or Sidejacking
An attacker steals the session cookie or authentication token after the user has logged in. By injecting this stolen token into their own browser, the attacker can impersonate the legitimate user and take over the active session without needing the password.
Browser Injection
Man-in-the-Browser (MitB)
Malware or a script is injected directly into the user's web browser process. This allows the attacker to view, modify, and steal data (like credentials) before it is encrypted and sent to the website, or after it is decrypted and displayed on the screen.
Methods Targeting the Human User (Social Engineering)
These attacks rely on tricking the user into revealing their credentials, which is often the simplest and most successful method.
Deceptive Websites/Emails
Phishing (or Spear Phishing)
The attacker uses fraudulent emails, text messages, or websites that appear to be from a legitimate source (like a bank or a work service) to trick the user into voluntarily entering and submitting their credentials on a fake login page.
Observation
Shoulder Surfing
The simplest form of surveillance, where the attacker physically looks over the victim's shoulder to observe them typing a password, PIN, or key.
Methods Targeting Password Storage/Guessing
These methods are used against stolen password files or login portals to "crack" the password offline or guess it repeatedly online.
Systematic Guessing
Brute Force Attack
Using automated tools to try every possible combination of characters until the correct password is found. This is only practical for very short or simple passwords.
List-Based Guessing
Dictionary Attack
A form of brute force that uses pre-compiled lists of common words, phrases, and leaked passwords (the "dictionary") to guess the password.
Reused Credentials
Credential Stuffing
The attacker takes a large list of usernames and passwords (stolen from a previous data breach) and automatically tries them against other websites/services, exploiting the common practice of password reuse.
Hash Reversal
Rainbow Table Attack
If an attacker steals a database of password hashes (the encrypted representation of a password), they use pre-computed tables of hashes to quickly find the original plaintext password. This is typically mitigated by using password salting.
Still Have Questions?
Our team is here to help. Get in touch or try CQRIT for yourself.