Elliott Sound Products

Encrypted Form
The encrypted order form (zipped archive) can be downloaded to your PC (about 13k - smaller than the HTML form). It includes a small user interface to generate and encrypt the order, which is assigned a random number, and may then safely be e-mailed. All data is heavily encrypted, and does not use a password - encryption is one-way only, and you cannot decrypt the order file. Decryption is only possible at my machine (I have the only copy of the decryption software in existence). No decrypted card data is maintained on my PC - the only copy of the form with that information is printed for my records. You must read and agree to the terms of use in the README.TXT file included in the zipped file.

The order program includes the facility to allow you to download the latest price list direct from the ESP website. Simply make sure you are connected to the Internet, and click the "Download" button. Make sure that your price list version matches that shown above.

Note that the use (and transmission to my e-mail address) of the encrypted form represents your digital signature, and is a binding contract for sale of goods. Use of the form indicates that you (or the cardholder where the buyer and cardholder are different persons) are authorised to use the card details supplied, and will not dispute the charges unless ESP has made a mistake in the transaction. In the latter case, you must contact ESP first, and it is almost certain that the dispute can be resolved to everyone's satisfaction.


Security
While no encryption program can claim to be unbreakable, the ESP order form is actually potentially more secure than even a fax transmission. While it would be possible for a determined hacker to decode the information, it is much more difficult than they might anticipate, and they are also left with the problem of intercepting e-mails. Neither task is trivial.

For example, the (dummy) record shown below shows the original text and the encrypted version (the upper case 'X' characters may be an upper case X or an unprintable character, outside the normal ASCII character range).

Original TextEncrypted Text
Fred Bloggs
1234 Drivel Drive
Sometown NSW 2445
Australia
f.bloggs@email.com.au
4556 1234 1234 1234 - 11/07
Frederick B Bloggs
P3A x 1, P88 x 2
T;a:K}"N8?0f;X.XXiDQy-3Ef/
;g^f4|4[XMjuXXV<XniB`vXpYY
XXxye_XLn;g19XmJ<X;zmB3XxH
zF:X|HoeX^ds%CX/`#})%*XXWK
GjX8XFC^b~@ykB6XXGXQ?XjSXa
;zExOXX%EqXCN.bX}X+UJ.X`<X
s"/,J8.jIGu:,bXX]G~BD&eQCX
`X5m}"7Yg-XXz! z]"Xdy~AO{4
v&XSH;XUmXrXK8i(L>XT#
Comparison Between Plain Text and Encrypted (Cipher) Text

As you can see, there is no correlation between the two. A character will usually not be encrypted to the same character twice, may be encrypted to itself (i.e. no change - the lack of this ability made the Enigma machine from WWII easier to 'crack' than would otherwise have been the case), and the cipher text isn't even text - it contains 'unprintable characters' such as line feeds, carriage returns and control codes.

Two identical orders will produce identical encrypted files, but if just one character is changed anywhere within the order, the file will be different.

Is the code unbreakable? ... no. The most sophisticated encryption currently available can be broken given enough time and a good enough reason (the reason has to be good, as the cost is huge!). However, it remains far more secure than most alternatives.