Skip to main content
Security Model · Guide 02

The security model

AES-256-GCM deep dive, zero-knowledge guarantees, full threat model, and an honest answer to: what happens if VaultPass is breached?

Zero-Knowledge Guarantee

“Zero-knowledge” means VaultPass has zero knowledgeof your plaintext data. Your vault is encrypted before it leaves your browser. We receive, store, and transmit only ciphertext. While you are checking in, your key is never assembled on our servers. Because delivery to your heir is automated, we hold the encrypted heir and sentinel shards and combine them only when the dead man's switch fires — a database-only breach yields ciphertext, not a usable key.

Prove it yourself →
Cryptographic Primitives
AES-256-GCMVault encryption

256-bit symmetric cipher in Galois/Counter Mode. Provides confidentiality via CTR mode and integrity via a 128-bit authentication tag. A single bit flip in the ciphertext causes decryption to fail entirely — tampering is cryptographically detectable.

CSPRNG + Shamir SSSVault key generation & sharding

Each vault key is a fresh random 256-bit key from the Web Crypto CSPRNG — not derived from a password — then split via Shamir's Secret Sharing (2-of-3). Any single shard reveals zero bits of the key.

Random IV / NonceSemantic security

A fresh 96-bit random IV is generated for every encryption operation. Reusing an IV with the same key would be catastrophic for GCM — we generate a new one every time your vault is saved.

CSPRNGRandomness

All random values (salt, IV) are generated using the browser's built-in crypto.getRandomValues() — a cryptographically secure pseudo-random number generator backed by the OS entropy pool.

Threat Model

An honest assessment of what can and cannot go wrong.

VaultPass is breachedlow risk
IMPACT

Attacker obtains encrypted blobs, salts, IVs, and heir emails.

MITIGATION

Without your master password, the blobs are computationally unrecoverable. AES-256 has never been broken. Brute-forcing 256-bit keys is physically impossible with any conceivable hardware.

VaultPass employee turns maliciouslow risk
IMPACT

Employee can see the same data as a breach: encrypted blobs and metadata.

MITIGATION

Zero-knowledge architecture means employees have no elevated access. The encryption key never reaches our servers. Trust in VaultPass employees is not a security requirement.

Your account login password is weakmedium risk
IMPACT

A weak or reused login password risks account takeover via Supabase auth.

MITIGATION

Use a unique, long passphrase and enable 2FA. Note: your vault key is a random key, not derived from your password — so a cracked login password alone does not decrypt vault ciphertext without your separately-held owner shard.

Heir email is interceptedlow risk
IMPACT

Attacker receives the encrypted vault email intended for your heir.

MITIGATION

The vault is encrypted — the email alone is useless without the password you shared with your heir out-of-band (not via email). Interception exposes only ciphertext.

Device compromise (malware/keylogger)high risk
IMPACT

Malware on your device could capture your password during entry.

MITIGATION

Client-side encryption cannot protect against a compromised device. Use a secure, trusted device. Consider a hardware security key for your master password storage.

Man-in-the-middle on HTTPSlow risk
IMPACT

Network attacker could intercept traffic.

MITIGATION

All traffic is TLS 1.3. Encryption happens before the data leaves your browser — even a successful TLS interception yields only ciphertext.

If VaultPass Were Breached Tomorrow

An attacker with database-only access would obtain: encrypted vault blobs, encrypted heir + sentinel shards, IVs, heir email addresses, and check-in timestamps.

The heir and sentinel shards are themselves encrypted at rest with secrets held outside the database, so database-only access yields ciphertext that cannot be reconstructed or decrypted — and the underlying AES-256 would need more energy to brute-force than the sun produces in its lifetime. Your crypto remains safe.

← Guide 01
Architecture & How It Works
NEXT → Guide 03
Heir Access Guide
VaultPass · Zero-knowledge crypto inheritance
DocsFAQStatusTermsPrivacy