Security Model

Scope

✓ Protected

  • Data at rest (stored in browser)
  • Cryptographic keys in memory
  • Unauthorized access to your secrets
  • Tampering with encrypted data

⚠ Out of scope

  • Keyloggers on your device
  • Weak passwords (use 12+ characters)
  • Compromised device
  • Social engineering

Layers of protection

1. Key derivation

Your password is transformed into a cryptographic key using Argon2id. This algorithm consumes 64 MB of memory and multiple CPU iterations, resisting brute-force attacks even with GPUs or specialized hardware.

  1. Authenticated encryption

Each secret is encrypted with XChaCha20-Poly1305. The Poly1305 component verifies integrity: if someone modifies the encrypted data, decryption fails. Data cannot be read or altered without the correct key.

3. Memory isolation

Cryptographic keys live in WebAssembly memory, inaccessible from JavaScript. This protects against malicious extensions and XSS attacks. When locking the vault, memory is overwritten with zeros (zeroize).

Libraries used

We don’t roll our own crypto. We use audited Rust crates:

  • argon2 — Key derivation (Password Hashing Competition)

  • chacha20poly1305 — Authenticated encryption (RFC 8439)

  • ed25519-dalek — Digital signatures