Zero-Knowledge Security
Vault implements a zero-knowledge architecture where your data remains encrypted end-to-end. The server never has access to your plaintext passwords.
What is Zero-Knowledge?
Zero-knowledge means the server:
- Never sees your master password
- Never sees your vault key
- Never sees your decrypted entries
- Cannot decrypt your data even if compromised
┌─────────────────────────────────────────────────────────────────┐
│ Your Device │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Master │──▶│ Derive │──▶│ Decrypt │──▶ Plaintext │
│ │ Password │ │ Keys │ │ Entries │ Passwords │
│ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────────────────┘
│ │
│ Never transmitted │ Never transmitted
▼ ▼
┌─────────────────────────────────────────────────────────────────┐
│ Vault Server │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Wrapped │ │ Encrypted │ │ WebAuthn │ │
│ │ Vault Key│ │ Vault │ │ Credential│ │
│ └──────────┘ └──────────┘ └──────────┘ │
└─────────────────────────────────────────────────────────────────┘Security Model
Client-Side Encryption
All encryption and decryption happens on your device:
- Master Password → Never leaves your device
- Key Derivation → PBKDF2 runs locally
- Vault Encryption → AES-GCM encryption runs locally
- Vault Decryption → Only your device can decrypt
What the Server Stores
| Data | Encryption | Server Access |
|---|---|---|
| Plaintext | ✅ Required for login | |
| WebAuthn Credential | Signed | ✅ Required for passkey auth |
| Wrapped Vault Key | Encrypted | ❌ Cannot decrypt |
| Encrypted Vault | AES-GCM | ❌ Cannot decrypt |
| PBKDF2 Salt | Plaintext | ⚠️ Useless without password |
What Stays Local
| Data | Storage | Persisted |
|---|---|---|
| Master Password | Memory only | Never |
| Vault Key | Memory only | Never |
| Decrypted Entries | Memory only | Never |
| Derived KEK | Memory only | Never |
Threat Model
What We Protect Against
✅ Server Breach - Attacker gets database dump
- All vault data is encrypted
- No master passwords stored
- WebAuthn credentials require physical authenticator
✅ Man-in-the-Middle - Attacker intercepts traffic
- HTTPS/TLS encryption in transit
- Data already encrypted before transmission
- WebAuthn prevents phishing
✅ Malicious Server - Server operator turns evil
- Cannot decrypt vault data
- Cannot derive master passwords from salts
- Cannot forge WebAuthn authentication
What Requires User Vigilance
⚠️ Weak Master Password - Brute-force attack on wrapped key
- Use strong, unique master password
- Salt + PBKDF2 provides some protection
⚠️ Compromised Device - Malware on your machine
- Master password exposed in memory
- Use device security features
- Enable biometric unlock to avoid typing password
⚠️ Social Engineering - Tricked into revealing credentials
- Never share your master password
- Verify you're on the real Vault domain
Cryptographic Primitives
| Purpose | Algorithm | Key Size |
|---|---|---|
| Key Derivation | PBKDF2-SHA256 | 256-bit |
| Vault Encryption | AES-256-GCM | 256-bit |
| Key Wrapping | AES-256-GCM | 256-bit |
| Authentication | WebAuthn ECDSA | P-256 |
| Sharing | ECDH P-256 | 256-bit |
Security Sections
Encryption
How vault encryption works with AES-GCM and key derivation.
Passkeys
WebAuthn/Passkey authentication and why it's phishing-resistant.
ECDH Sharing
How vault sharing maintains zero-knowledge properties.
Audit Status
| Component | Status | Notes |
|---|---|---|
| Crypto Library | ✅ Web Crypto API | Browser-native, FIPS-validated |
| Server Code | 🔄 Pending | Community review welcome |
| Client Code | 🔄 Pending | Open source on GitHub |
Best Practices
Master Password
- Use 12+ characters with mixed case, numbers, symbols
- Or use a 5+ word passphrase
- Never reuse across services
- Consider writing down and storing securely
Biometrics
- Enable Touch ID / Face ID when available
- Reduces keyboard exposure of master password
- Still requires master password as fallback
Backup
- Test that you can unlock with master password
- Store master password backup securely offline
- Recovery without master password is impossible