Whitepaper
A comprehensive technical specification of Privault's zero-knowledge encryption architecture, threat model, and cryptographic design principles.
Table of Contents
Abstract
Privault is a zero-knowledge password manager engineered around the principle of absolute cryptographic isolation. This document defines the security architecture, threat model, and implementation specifications that ensure user data remains mathematically inaccessible to any party other than the data owner — including Privault's own infrastructure operators.
Threat Model
Privault's threat model assumes a fully compromised server. Even in the event of a complete database breach, an attacker obtains only AES-256-GCM ciphertexts, PBKDF2-derived salt values, and per-item initialization vectors (IVs). Without the user's master password — which never leaves the client — these artifacts are computationally infeasible to decrypt. The system is designed to withstand insider threats, supply-chain attacks on the backend, and state-level adversaries targeting the server infrastructure.
Key Derivation
The user's master password is processed through PBKDF2-HMAC-SHA256 with 100,000 iterations and a cryptographically random 128-bit salt unique to each user. This produces a 256-bit derived key used exclusively for AES-256-GCM encryption. The high iteration count ensures that brute-force and dictionary attacks against the derived key require an infeasible amount of computational resources, even with modern GPU clusters.
Encryption Pipeline
All encryption and decryption operations execute exclusively within the user's browser using the Web Crypto API. Each vault item is encrypted with a unique 96-bit Initialization Vector (IV) generated via crypto.getRandomValues(). The AES-256-GCM authenticated encryption mode provides both confidentiality and integrity verification — any tampering with ciphertext is detected and rejected during decryption. The server receives, stores, and returns only opaque ciphertext blobs.
Client-Server Segregation
The Privault server is architecturally a "blind vault." It performs no cryptographic operations on user data — its sole responsibility is authenticated CRUD operations on encrypted payloads. Row-Level Security (RLS) policies in the PostgreSQL layer enforce per-user data isolation. The server cannot distinguish between a vault containing one item and one containing thousands; it sees only uniformly structured ciphertext envelopes.
Entropy & Password Generation
Privault's built-in password generator utilizes the browser's cryptographically secure pseudo-random number generator (CSPRNG) via the Web Crypto API. Generated passwords satisfy configurable entropy requirements including length, character class composition (uppercase, lowercase, digits, symbols), and minimum entropy bits. This ensures generated credentials are resistant to both online and offline dictionary attacks.
Conclusion
Privault's architecture is built on the principle that security through design is superior to security through policy. By ensuring that unencrypted user data never exists outside the client's volatile memory, we eliminate entire categories of attack vectors. The server is mathematically blind — it cannot be compelled, coerced, or compromised into revealing what it does not possess.