Security Overview

Security is the foundation of XianVault. We employ state-of-the-art encryption protocols to ensure that your data remains strictly yours.

Client-Side Encryption

All encryption and decryption happens exclusively on your device within your browser. Your plaintext data and your raw Master Password are never transmitted to our servers.

Cryptographic Algorithms

• Key Derivation: We use Argon2id with memory-hard parameters to derive your encryption keys from your Master Password, making brute-force attacks computationally infeasible.
• Encryption: Data is encrypted using AES-256-GCM and ChaCha20-Poly1305, ensuring both confidentiality and authenticity.
• Authentication: Your login authentication is handled via HMAC-SHA256, proving you have the correct key without revealing it.

Plausible Deniability (Duress Mode)

XianVault supports a unique Duress Mode. You can configure a secondary "fake" password that unlocks a completely separate, clean vault. If you are ever forced to surrender your password, you can provide the decoy password, keeping your real vault completely hidden and cryptographically indistinguishable from random noise.

Data Integrity

Before decrypting any data, XianVault verifies its integrity using cryptographic signatures. If even a single byte of your encrypted vault is modified in transit or at rest, the decryption process will safely abort, preventing malicious tampering.