Skip to main content
← All posts
July 10, 20267 min read

I Audited My Own Password Manager and Deleted My Best Marketing Claims

A self-audit of VaultPass found marketing that described cryptography the code never implemented. Here is what was wrong, what was removed, and what is still not proven.

In June 2026 I ran a Cure53-style grey-box audit against my own product. No Criticals, no Highs. The crypto core held up. What did not hold up was the marketing copy sitting on top of it.

The site described a system the code did not implement. Nobody had complained. No user would ever have checked. I deleted the claims anyway, and this post shows the diffs.

Claim 1: a master password that was never there

The site said your vault key was stretched from your master password with PBKDF2-SHA-256 at 310,000 iterations. One page walked through it step by step: "You type your master password" → "PBKDF2 derives an AES-256 key."

The web vault does no such thing. In lib/crypto.ts the vault key comes from crypto.subtle.generateKey — it is random, generated in your browser, never derived from anything you type. That random key is what Shamir's Secret Sharing splits.

The architecture is defensible, and arguably better: a password-derived key would require your heir to know your password, which defeats the point of inheritance. But it was not what the site said. A security product that misdescribes its own key management has no business asking for your seed phrase.

Claim 2: "mathematically impossible"

Removed verbatim: "Mathematically impossible for us to read your seed phrase." And: "We mathematically prove we never see your data. No trust required — it's in the math." And, across four competitor comparison pages, "a key we mathematically cannot read."

Encryption is not a mathematical impossibility proof. It is a computational cost argument resting on an implementation, a build pipeline, and a browser — each a place the guarantee can fail. "Impossible" is not a stronger claim than "AES-256-GCM, client-side, here is the source." It is a weaker one, because it cannot be checked.

Claim 3: the court order line

Removed: "a court order cannot compel us to produce data we mathematically cannot access." Also removed: "A full breach would expose scrambled data and at most one shard."

That last one was the worst, because it was specific and it was false. VaultPass servers hold the heir shard and the sentinel shard. Two of three. The honest description is envelope encryption with automated delivery, and a server that holds more than it should.

The fix did not fully hold

The correction shipped in commit fb5e472 across fifteen files. Writing this post, I checked whether it survived. One file had been missed: an earlier article on this very blog still instructed readers to derive their key from a master password with PBKDF2 at 310,000 iterations. It was corrected today, a month late.

The claim did not come back because anyone lied a second time. It came back because the truth lived in fifteen places and only fourteen were corrected. Scattered truth drifts. Consolidating every trust claim onto one canonical, dated page — so the rest of the site links to it rather than restating it — is the next thing I owe you.

The open items, stated plainly

  • The server holds the heir shard and the sentinel shard — two of three. Roadmap: the server should never hold a reconstructing quorum.
  • The sentinel is not an independent validator. It is 1-of-2 under the same operator.
  • There is no external audit. Cure53 quoted €13,000 for the crypto phase. VaultPass is pre-revenue and has not paid it. There is no PDF and I will not pretend otherwise.

Why publish this

Every product in this category claims zero-knowledge. The claim is unfalsifiable from the outside, which is exactly why it is worthless as a signal. What is falsifiable is whether a founder will publish the findings against himself, dated, with the unfixed items still open.

The internal audit is published in full — including the header where I originally instructed myself to keep it off the public site. If you are considering trusting VaultPass with the keys to your estate, read it before you read anything else here.

If something in it is wrong, tell me, and I will publish the correction the same way. [email protected]

Protect your crypto legacy

VaultPass is a zero-knowledge inheritance protocol. Your seed phrases are encrypted in your browser — we never see them.

Get StartedVerify encryption →

More articles

How to Leave Cryptocurrency to Your HeirsWhat is a Dead Man's Switch for Crypto?Seed Phrase Storage: The Right Way to Prepare for Heirs