Security Architecture

How We Protect Your Data

A technical deep-dive into Locke's cryptographic architecture, designed for security professionals and technical decision-makers.

verified Zero-Knowledge | verified Post-Quantum | verified Open Standards

Core Principle

Zero-Knowledge Architecture

Locke is built on a fundamental principle: we cannot access your data. All encryption and decryption happens exclusively in your browser or device. Our servers only store encrypted blobs that are meaningless without your keys.

laptop

Client-Side Encryption

All cryptographic operations happen on your device before any data leaves it.

visibility_off

Zero Plaintext Access

We never see your master password, vault contents, or recovery keys.

gavel

Subpoena-Resistant

Even under legal compulsion, we can only provide encrypted data we cannot decrypt.

Cryptographic Stack

Our Algorithms

Every algorithm is chosen for a specific reason. We use industry-standard, peer-reviewed cryptographic primitives.

Key Derivation Double-Hashed

Argon2id (×2)

Winner of the Password Hashing Competition (2015). Argon2id combines the side-channel resistance of Argon2i with the GPU/ASIC resistance of Argon2d. Locke runs Argon2id twice—first client-side for key derivation, then again server-side before storage—providing defense in depth.

check Double-hashed: client + server stretching
check Memory-hard: resistant to GPU/ASIC attacks
check Time-hard: configurable iteration count
check OWASP recommended for password storage

// Client-side

iterations: 3

memory: 8192 // 8 MB

parallelism: 1

outputLength: 32 // 256 bits

// Server-side (password hash)

iterations: 1

memory: 65536 // 64 MB

parallelism: 4

outputLength: 32 // 256 bits

Symmetric Encryption

ChaCha20-Poly1305

AEAD (Authenticated Encryption with Associated Data) construction combining the ChaCha20 stream cipher with Poly1305 MAC. RFC 8439 standardized, widely deployed in TLS 1.3 and WireGuard.

check No timing side-channels (constant-time by design)
check No padding oracle attacks (stream cipher)
check Fast in software without hardware acceleration

// Why not AES-GCM?

AES-GCM requires hardware AES-NI for secure constant-time operation. ChaCha20 is constant-time in pure software, making it safer across all devices.

Key Encapsulation Post-Quantum

X25519Kyber768 (Hybrid HPKE)

Hybrid Post-Quantum Key Encapsulation combining classical X25519 (Curve25519 ECDH) with CRYSTALS-Kyber768, a NIST-selected post-quantum algorithm. Used for secure sharing and Trusted Circle recovery.

check Hybrid: secure even if one algorithm breaks
check NIST PQC Level 3 security (Kyber768)
check Forward secrecy through ephemeral keys

// HPKE CipherSuite

export const hpke_suite = CipherSuite({

kem: HybridkemX25519Kyber768(),

kdf: HkdfSha256(),

aead: Chacha20Poly1305(),

})

Threshold Cryptography

Shamir's Secret Sharing

Polynomial interpolation-based secret sharing scheme. Splits a secret into n shares where any k shares can reconstruct it, but k-1 shares reveal nothing.

check Information-theoretic security (not computational)
check Configurable threshold (e.g., 3-of-5)
check No single point of failure

// Trusted Circle example

threshold: 3

totalShares: 5

Any 3 circle members can initiate recovery. 2 members learn nothing about the secret.

verified_user

Powered by libsodium

All cryptographic operations use libsodium, the industry-standard encryption library with zero serious CVEs in over a decade of production use. Used by Discord, Keybase, and thousands of security-critical applications.

Security Model

How Your Vault is Encrypted

Locke implements a security model inspired from and improved upon that of Bitwarden. All passwords are encrypted client-side using a symmetric key. Instead of AES we use ChaCha20-Poly1305 for its constant-time guarantees.

Setting Your Master Password

When you create your account, your master password is used to derive keys client-side. The password hash is then stretched again server-side before storage.

1

Master password is stretched client-side using Argon2id (3 iterations, 8MB) to derive master key and password hash

2

A random symmetric key is generated and encrypted with the master key using ChaCha20-Poly1305

3

Server stretches the password hash again with Argon2id (1 iteration, 64MB, 4 parallelism) using a random salt

4

Encrypted symmetric key is stored server-side, encrypted again with AES-256

Set Master Password security flow diagram

Account Recovery

End-to-End Encrypted Recovery

The only password manager with cloud-based recovery that maintains zero-knowledge. No recovery files to lose.

How It Works

1

You designate trusted people as recovery guardians and set a threshold (e.g., 3-of-5).

2

Your master key is split via Shamir's Secret Sharing. Each share is encrypted with the guardian's public key (X25519Kyber768).

3

Encrypted shares are stored server-side. No single share (or server) can reconstruct the key.

4

During recovery, threshold guardians approve after out-of-band verification and the client reconstructs the master key.

Available For

business

Trusted Circle

For businesses & teams

Business continuity when employees leave, lose access, or are unavailable. Admins and designated team members can recover organization vaults.

Learn more arrow_forward
people

Social Recovery

For individuals & families

Designate family or friends as guardians. Perfect for password inheritance, forgotten passwords, or lost devices without backup.

Learn more arrow_forward
check_circle No recovery file to lose check_circle Servers never see plaintext shares check_circle Out-of-band verification required

Threat Model

What We Protect Against

shield Protected

  • check Server breach: Encrypted data is useless without user keys
  • check Insider threat: Locke employees cannot access your data
  • check Legal compulsion: We can only provide encrypted blobs
  • check Network eavesdropping: TLS + application-layer encryption
  • check Future quantum computers: Hybrid post-quantum encryption
  • check Single guardian collusion: Threshold prevents lone actors

warning User Responsibility

  • info Weak master password: Use Fuzzypass or a strong passphrase
  • info Device compromise: Malware on your device can capture input
  • info Phishing: Use Secure Inbox to prevent credential phishing
  • info Social engineering: Verify recovery requests out-of-band
  • info Threshold collusion: Choose guardians you truly trust

How We Compare

Feature 1Password Bitwarden Locke
Zero-knowledge architecture check check check
Post-quantum encryption close close check
E2E encrypted cloud recovery close close check
Threshold-based recovery close close check
No recovery file required Emergency Kit PDF Recovery code check
Free tier close check check
Built-in phishing protection close close check