Security

Encryption Standard

SafeDigits uses military-grade encryption to protect your phone numbers:

• Algorithm: AES-256-GCM (Authenticated Encryption)
• Key Derivation: HKDF-SHA256 from master secret
• IV: 12-byte cryptographically random per token
• Authentication: 16-byte GCM tag prevents tampering

Same standard used by banks & governments

Anti-Scraping Protection

Multiple layers prevent automated harvesting:

• Human Verification: Math-based challenge required before decode
• Proof-of-Work: Each decode requires computational puzzle (~200-600ms)
• Rate Limiting: Per-IP request limits prevent abuse
• Flexible Expiry: 30 days, one-time, or never expires
• One-Time Mode: Codes that self-destruct after use

What This Protects Against

• Automated scraping bots
• Mass phone number harvesting
• Token forgery and tampering
• Replay attacks (with one-time mode)

Honest Limitations

No system is perfect:

• Anyone with the code can decode it—that's intended
• Determined attackers can solve PoW (at cost)
• Server compromise would affect security

Best Practices

• Only share codes with intended recipients
• Use one-time codes for sensitive numbers
• Don't post codes publicly if you want privacy
• Generate new codes instead of reusing old ones