STEALTH VAULT

AES‑256 Zero‑Knowledge · Local Only · Web Crypto
Click Generate
Click the password to copy instantly
Strength
Save to Vault
Click Generate
Click to copy the full passphrase
Strength
Save to Vault
Strength Score
Length
Entropy
Charset
Unique
Score
Combinations
⏱ Crack Time:
Vault data is encrypted with AES-256-GCM and stored in your browser's localStorage.
🔍
0 entries
🔐
Your vault is empty.
Strength
EncryptionAES‑256
Key DerivationPBKDF2
Entropy SourceWeb Crypto
NetworkZero
🔒

AES‑256‑GCM Encryption

Your passwords are encrypted with AES‑256‑GCM before they ever touch localStorage. The encryption key is derived locally via PBKDF2 with 100,000 iterations — the same standard used by financial institutions.

🧠

True Cryptographic Entropy

Generated passwords use crypto.getRandomValues() — a hardware‑backed CSPRNG built into every modern browser. Unpredictable and non‑reproducible, making brute‑force attacks statistically impossible for passwords above 20 characters.

Fully Offline — No Server

No network requests. No databases. No accounts. The entire password manager runs inside your browser tab. You can disconnect your internet and it still works perfectly. There is no server to hack.

Security Questions

Everything about your vault

Q01Is my vault data stored on your servers?
+

Absolutely not. All vault data is stored exclusively in your browser's localStorage on your own device. Zlvox servers never see your passwords, encryption keys, or any credential data. We are technically incapable of accessing your vault.

Q02What happens if I clear my browser data?
+

Your vault will be permanently erased. Always use the Backup (JSON) feature to export your encrypted vault before clearing browser data. The backup file is also AES‑256 encrypted.

Q03How strong are passphrases vs random passwords?
+

A 4‑word passphrase from a 1,024‑word list has ~40 bits of entropy. A 12‑character random password using all character types has ~78 bits. For equivalent security, use at least 5‑6 words for passphrases. The advantage is human memorability.

Q04What does the crack time estimate measure?
+

The estimate assumes an offline attack using high‑end GPU hardware (~10 billion attempts per second). It calculates total possible combinations from your password's character space and length, then divides by attack rate.

Q05Can I use my vault across multiple devices?
+

Yes — use the Export (Backup JSON) function to download your encrypted vault file, then Import it on another device. The encrypted JSON file contains no plaintext credentials.

Q06What is PBKDF2 and why does it matter?
+

PBKDF2 is a key‑stretching algorithm that runs your master key through SHA‑256 hashing 100,000 times. This makes brute‑forcing the master key computationally expensive — an attacker testing 1 billion guesses per second would need 100,000x more time.

Copied!