Two problems need to be solved when you are encrypting a file or folder to be sent to someone at a distant location.

(1) You need a strong password so as to make a "brute force attack" (an automated test of every possible password) on the encrypted file, impractical.

(2) You need the receiving party to get the password in a secure fashion.

There are some applications that can set up a secure file transfer medium, but at a price ($$$$$). Alternatively there are also excellent file and text encrypting application, some even free.

    The problem remains with these free or almost free applications is how to get the decrypting password to a distant associate. Password Pair can solve this problem.

   Short passwords are weak passwords. Password using words, names and numbers are the first to be looked for in a "brute force" attack. Not only do words and names follow rules of spelling but they also use a small portion of the available characters on the keyboard.

Example;

YellowFisherman560   (18 characters)
Can be found by "brute force" in under 1.8325271216103 E+32 attempts.

Only advantage of this password is that it would be easy to relay verbally to the receiving party for decryption. This example only use upper and lower case alphabet and 0 through 9. Thats only 62 characters out of a possible 224

You could make a password following a pattern on the keyboard (know as qwerty passwords). Holding down the option key when you type could make it even better.

Example;

§¶Ä©úÆûÂɾ½Å�ú÷µ²³Ö   (also 18 characters but using 224 possible characters)
That's   sdfghjkl;'zxcvbnm,   holding down the option key.
Can be found by "brute force" in under 2.01587839337011 E+42 attempts.

But all this is somewhat harder to relay to the receiving party.

Now this is a password;

]>WQ<·Ã›ëû2a¦ð[ûD‚cDiP1”Åû/"u!ešÅ$fúGŸÈYh“¯®H�új
êg‡˜ä“†B:‘2þÛëøKÔ6\`l��h9]îYqwSN‘á§@KÛ†:Y6pÇæt^¯q
Ä^ÆS¨q&Èü¹=]÷{‡Ã�µÄÒ1uõÉžtBM

(128 characters)

Can be found by "brute force" in under 6.78807054030824 E+300 attempts.

Problem is that relaying this password to someone without error is very difficult. Even typing this without error is a strain.

Getting any password to the receiving party securely is a challenge. EMail can be read. Phone lines can be tapped. Hand delivery is inconvenient and expensive.

   Password Pair allows you and a distant associate to establish a long and complex password that you can use to encrypt and decrypt files. You may then transfer the encrypted file securely over the Internet. Password Pair uses a "Handshake" technique similar to that used in your web application when you have a secure link to a bank, for example. Through an exchange of numeric messages (two each way) over an Instant Messaging program or eMail, you and an associate can produce a common password on your separate computers. Any third party recording the numeric traffic between you and your associate will not be able to deduce your password without massive computer help and know-how to reverse engineer Password Pair. It would not be as difficult as a "brute force" attack on your encrypted file's password itself, but. It would be dramatically more difficult than a "brute force" attack on passwords such as those in the first two examples above. My best estimate is a low end difficulty level of 1.36521010474993 E+138 attempts, or more, on a 128 character password generated by Password Pair.

(1) Both computers need to be free of spy-ware, especially those that look at the contents of your computer's clipboard.

(2) The encryption application you are using must be able to accept passwords pasted from your computer's clipboard. Apple's Disk Utility can create an encrypted archive and encrypt with a pasted password.

(3) Password Pair application must remain open on both computers throughout the entire "Handshake" process, so both parties should be ready.

(4) Password Pair is written in Applescript on Mac OS 10.3.9 . It should work on other Mac OS levels, but is untested on them. Any feedback on success or failure on other systems would be appreciated.

By default Password Pair creates a password of 128 characters in length. This length can be changed if you prefer by opening Password Pair from Apple's Script Editor and changing the value of "PassLength" at the beginning of the script. This feature is not available for the run-only version of Password Pair. Remember that the entered value for the password length must be an even number, then save and quit.

Start Password Pair by double click and follow the strait forward prompts.

If you would like to observe Password Pair's function on your computer before using it with an associate, do as follows;

Make a second copy of Password Pair. For example (Password Pair) and (Password Pair copy). Start up a text editor so you can paste and view the results of the intermediate steps. Start up (Password Pair) and choose "Initiate". Paste the result in your text editor. Now, start up (Password Pair copy) and choose "receive". Paste that result in your text editor. Keep doing the handshake back and forth again, viewing the results in your text editor. The final product from (Password Pair) and (Password Pair copy) will be an identical long and complex password.