The Vault – Security Made Easy

OS X 10.11
==[ Want to give The Vault a try for free? The Vault for iOS is a free download! ]== Do you... ... have trouble remembering tens or hundreds of online passwords? ... write passwords down somewhere, even though you know this is not the safest thing to do? ... use the same ("cleverly" modified) password in multiple places, instead of using properly randomized passwords that offer the best security? ... sometimes wish you had a photo of a creditcard, passport or other document handy? ... want to securely store lots of other confidential information, photos, animated GIFs, office documents, you name it? ... want all this to be secure, but still very simple to use? Then ◆The Vault◆ is for you! The Vault provides straightforward, easy to use, secure storage for all your documents and other data, such as passwords, login credentials and any other confidential information. It can securely store any number of documents, images, screenshots or photos along with your confidential information. * 256-bit AES encryption * While storage and access is simple, The Vault uses rock-solid, industry standard encryption. [technical details below] ◆ ◆ ◆ WHY IS IT BETTER ? ◆ ◆ ◆ ▸ The Vault is very simple to use, yet it employs industry-standard encryption to keep your data safe. (Some other payed apps do too, but some apps advertised as "secure" really do not, and for example save your data using a simple base-64 encoding: your information looks scrambled, but is as readable as plain text when you know how). ▸ The Vault can securely store photos and pictures; for example a scan of your passport, a photo of your credit card, or just the serial numbers of some equipment you own. Anything. ▸ The Vault can securely store *any* office or other document. ▸ The Vault can securely store - and play - animated GIFs. ▸ Securely storing photos and documents is as easy as drag-and-dropping them on an open Note. ▸ Proper random password generation ▸ Auto-shields sensitive information ▸ Securely synchronizes with The Vault for iOS! Please note that you need to have the SecureSync feature installed on your iOS devices for them to be able to SecureSync with The Vault for Mac. ◆ ◆ ◆ TECHNICAL DETAILS ◆ ◆ ◆ This is the part that matters. This is the part that is hard to get right. This is the part that makes the difference between actual security and insecurity. Claiming “military-grade” (or “industry standard”) encryption is meaningless. Even claiming “256-bit AES encryption”, in itself is not very meaningful. Example: Claiming “military-grade” encryption and subsequently simply hashing a master passcode - e.g. using SHA, MD5, or, god forbid, nothing at all (!) - is NOT good. What ís good is to use a proper key derivation algorithm such as PBKDF2, scrypt or bcrypt. Another example: AES is better than ancient algorithms such as Blowfish, Twofish or 3DES. But even for AES: an app that does not combine encryption with authentication... is doing it wrong. Currently there is some consensus that the best construct is to first encrypt a message and then calculate a message-authentication code, instead of the other way around. These things matter. ◆ ◆ ◆ The Vault uses PBKDF2 key derivation with an HMAC-SHA512 PRF, and HMAC-SHA256 Encrypt-then-MAC authenticated 256-bit AES encryption, using CommonCrypto functionality only. All cipher and MAC worker keys, as well as all salts and IVs, are purely random data. Keys and IVs are never reused. Each singular piece of data is encrypted with a unique random encryption key, and authenticated with a unique random HMAC key. Your Master Passcode is never stored; and neither are the derived cipher keys. ◆ ◆ ◆ THE ONLY THING ●YOU● HAVE TO DO? Choose a long master passcode. Make it long, and make it random! Read more about why and how inside the app.