Security & zero-knowledge.

Cryptographic primitives

• Key derivation: Argon2id with m = 64 MB, t = 3 iterations, p = 4.
• Symmetric encryption: AES-256-GCM with random 96-bit IVs per payload.
• Key stretching: HKDF-SHA256 to derive separate encryption and MAC subkeys.
• Authenticator for cloud sessions: PBKDF2-SHA256 (100 000 iterations) salted with the normalized email.
• Transport: TLS 1.3 with HSTS for all cloud requests.

Threat model

We assume the following attackers may exist, and we design against them:

• A malicious cloud operator with full database access.
• A passive network attacker observing every request.
• A compromised third-party dependency, detected by integrity checks.
• An attacker with physical access to a locked device. (Against a fully compromised unlocked device, no encryption can help.)

For each of these, the attacker cannot decrypt your vault contents without your master password, which is never transmitted, logged, or stored anywhere but your device memory.

What the server sees

• Your email address (used to route authentication).
• An Argon2id-derived authentication hash — never the master password itself.
• Opaque ciphertext blobs representing your encrypted vault, plus a monotonic version.
• Coarse audit metadata: who, what, when — never the command output or the credential used.

Recovery

Because we do not have your master password, we cannot reset it for you. If you lose both your master password and your recovery kit, your data is permanently unrecoverable. This is the consequence of true zero-knowledge and it is stated explicitly at account creation.

Responsible disclosure

Found a vulnerability? Email security@sshcontrolcenter.com with a clear description and reproduction steps. We acknowledge within 72 hours.

Roadmap

• WebAuthn / passkeys for primary authentication.
• Independent security audit by a reputable firm.
• SOC 2 Type 1 within 12 months of commercial launch.
• Private bug bounty program.