Technical Security Implementation

Zero-Knowledge Architecture

VaultPass implements a true zero-knowledge architecture where user passwords and vault data are never accessible to our servers in plaintext.

Key Derivation Functions (KDF)
Client-Side Authentication Hash
Algorithm: scrypt
Parameters: N=65536 (2^16), r=8, p=1
Salt Length: 256 bits (32 bytes)
Output Format: 64-character hexadecimal string

The client generates a unique salt and derives an authentication hash using scrypt. This hash is transmitted to the server for login verification, but the original password never leaves the client.

Server-Side Authentication Storage
Algorithm: PBKDF2-HMAC-SHA256
Iterations: 600,000
Salt: Per-user random 256-bit salt
Output Format: Base64-encoded string

Server applies additional PBKDF2 hashing to the client-provided auth hash before database storage, providing defense-in-depth against potential server compromise.

Data Encryption Key Derivation
Algorithm: scrypt (separate from authentication)
Parameters: N=65536, r=8, p=1
Purpose: Derives master key for user data encryption
Security: Uses different salt from authentication hash
Data Encryption
Vault Entry Encryption
Algorithm: Fernet (AES-128 in CBC mode with HMAC-SHA256)
Key Management: Per-user random data encryption key
Storage: Data key encrypted with user's master key
Authentication: Built-in HMAC prevents tampering
Key Hierarchy
  1. User enters master password (client-side only)
  2. scrypt derives user's master key from password + salt
  3. Random data encryption key generated per user
  4. Data key encrypted with master key, stored in database
  5. Individual vault entries encrypted with data key
Authentication Flow
Login Process
  1. Salt Retrieval: Client requests user's salt from server
  2. Hash Generation: Client derives authentication hash using scrypt
  3. Secure Transmission: Hash sent to server over TLS 1.3
  4. Server Verification: Server validates against stored PBKDF2 hash
  5. Session Creation: Temporary session token issued upon success
Data Access
  1. Key Derivation: Client re-derives master key from password
  2. Data Key Decryption: Master key decrypts stored data key
  3. Vault Decryption: Data key decrypts individual vault entries
  4. Client-Side Only: All decryption happens in browser memory
Security Properties
Zero-Knowledge
  • ✓ Master passwords never transmitted
  • ✓ Server cannot decrypt user data
  • ✓ Client-side key derivation only
  • ✓ Encrypted data keys in database
Defense in Depth
  • ✓ Multiple KDF layers
  • ✓ Separate auth and encryption salts
  • ✓ HMAC authentication on all encrypted data
  • ✓ TLS 1.3 for transport security
Implementation Notes
Migration Support

The system supports automatic migration from legacy authentication methods to zero-knowledge architecture during login, ensuring seamless user experience while upgrading security.

Browser Compatibility

Client-side cryptography implemented using Web Crypto API with fallbacks for maximum browser compatibility.

Performance Considerations

scrypt parameters chosen to balance security and performance on typical client devices (approximately 100-200ms key derivation time).

Security Contact

For questions about our security implementation or responsible disclosure of vulnerabilities, contact: support@vaultpass.org