Passary Logo
Passary

Security Model & Architecture

This document provides a high-level description of Passary’s security model and system architecture. It explains how sensitive data is protected, which threats are addressed, and which trust assumptions remain.

For implementation-level details, algorithms, and parameters, refer to the Encryption Architecture specification.

Security Principles

Passary is designed to minimize required trust by reducing the amount of sensitive information that ever leaves the user’s device.

Client-side cryptography

All encryption and decryption occur locally.

Key exclusivity

Encryption keys are derived only from user-controlled inputs.

Data minimization

Only encrypted data is persisted or transmitted.

Security guarantees are provided by cryptographic construction and system design, not by policy or operational controls.

System Architecture Overview

Local-Only Data Storage

Vault data is stored locally on the user’s device. Persistent storage contains only encrypted vault data and non-secret metadata required for key derivation.

No plaintext vault contents are stored on Passary-operated infrastructure.

Client-Side Cryptography

All cryptographic operations—including key derivation, encryption, and decryption—execute within the browser environment.

Passwords, derived keys, and decrypted vault contents are never transmitted to remote endpoints.

Zero-Knowledge Design

Passary does not possess the information required to decrypt user vaults.

Even when server components are used (for example, for synchronization or hosting), they function solely as storage for encrypted data and have no access to cryptographic secrets.

Privacy by Design

Passary does not require accounts, analytics, telemetry, or identity-linked metadata for core functionality.

Vault operations do not generate network traffic and can be performed entirely offline.

Cryptographic Implementation Summary

Passary relies exclusively on standardized, widely reviewed cryptographic primitives.

PurposeAlgorithm
Password-based key derivationArgon2id
Key bindingHKDF-SHA256
Symmetric encryptionAES-256-GCM
RandomnessWeb Crypto API (CSPRNG)

Specific parameters, data flows, and implementation details are documented in the Encryption Architecture specification.

Threat Model & Protection

This section summarizes the threat scenarios addressed by Passary’s design, as well as conditions that are explicitly out of scope.

Threats Addressed

Server Compromise

If storage infrastructure is compromised, attackers obtain only encrypted vault data and non-secret metadata. No decryption keys are available.

Network Interception

Vault data is not transmitted in plaintext. Even if transport-layer security were compromised, vault contents remain encrypted.

Offline Attacks

Stolen vault files are protected by memory-hard key derivation and authenticated encryption, significantly increasing the cost of brute-force attempts.

Mass Collection

There is no centralized vault database or shared key material to aggregate or monitor.

Out-of-Scope Threats

Compromised Client Devices

Passary cannot protect against malware, keyloggers, or malicious browser extensions operating on an unlocked device.

Coercion

The system does not provide plausible deniability or mechanisms to resist forced disclosure.

Weak Credentials

Cryptography increases attack cost but cannot compensate for weak or reused passwords.

User Responsibilities

Security guarantees depend on several user-controlled factors:

  • Maintaining device security (OS updates, disk encryption)
  • Choosing a strong, unique master password
  • Protecting optional keyfiles if used
  • Avoiding untrusted browser extensions
  • Backing up vault files securely

Loss of credentials or keyfiles may result in permanent data loss.

Attack Resistance (Conceptual)

Password Guessing Resistance

Password-based attacks are mitigated through memory-hard key derivation, limiting the effectiveness of GPU and ASIC-based cracking.

Side-Channel Considerations

Cryptographic operations rely on browser-provided primitives designed to operate in constant time and within sandboxed execution environments.

Future Cryptanalysis

No claims are made regarding resistance to hypothetical future cryptographic breakthroughs beyond current best practices.

Trust Model

This section defines what components must be trusted and which do not require trust.

Components You Do Not Need to Trust

  • Passary-operated servers
  • Network transport infrastructure
  • Cloud storage providers
  • Administrative access to backend systems

Components You Must Trust

  • Your device hardware and operating system
  • Your browser runtime and Web Crypto implementation
  • The integrity of the client-side code delivered to your browser

Passary minimizes—but does not eliminate—these trust assumptions.

Verification & Transparency

Passary’s security model is designed to be observable rather than opaque. Users can independently verify key properties:

01

Vault functionality without network connectivity

02

Local persistence of encrypted vault data

03

Absence of vault-related network requests during operation

Detailed cryptographic design and parameters are published to allow independent evaluation.

Further Reading

Encryption Architecture →

Detailed cryptographic specification, algorithms, and data flows.

Responsible Disclosure →

Reporting security issues responsibly.