Security

How SandPass protects your data

Zero-Knowledge Architecture

SandPass is designed so that we cannot read your data — by design, not by policy. All encryption and decryption happens exclusively on your device. Our servers only store encrypted blobs that are computationally impossible to decrypt without your master password.

Authentication — OPAQUE (RFC 9807)

Unlike traditional login systems where a hash of your password is sent to the server, SandPass uses the OPAQUE protocol — a password-authenticated key exchange where your password is never transmitted in any form. Not even hashed. The server proves it knows your registration data, and you prove you know the password, without either side revealing secrets.

Encryption — AES-256-GCM

Every vault item (password, note, card, identity) is individually encrypted using AES-256-GCM with a unique random 96-bit IV per operation. This is authenticated encryption — any tampering with the ciphertext is detected and rejected.

Key Derivation — Argon2id

Your master password is transformed into an encryption key using Argon2id with 64 MiB memory and 3 iterations. Argon2id is a memory-hard key derivation function that makes brute-force attacks with GPUs or ASICs prohibitively expensive. It is the winner of the Password Hashing Competition and the current state of the art.

6 Layers of Defense

1

OPAQUE (RFC 9807)

Password never transmitted — not even hashed.

2

AES-256-GCM

Authenticated encryption with unique IV per operation.

3

Argon2id KDF

Memory-hard derivation (64 MiB) resists GPU/ASIC attacks.

4

Dual-Wrap Keys

Symmetric key encrypted under both device key and account key.

5

HMAC-SHA256 Sessions

Sessions signed server-side. Redis compromise cannot forge sessions.

6

Replay Protection

Monotonic counter per session prevents replay attacks.

Browser Extension Security

  • Content Security Policy: Strict CSP (script-src 'self' 'wasm-unsafe-eval'; object-src 'none') blocks all inline scripts and plugins.
  • Closed Shadow DOM: Autofill dropdowns are rendered inside a closed Shadow DOM, preventing malicious websites from reading credentials via DOM observation. No other major password manager does this.
  • Phishing protection: Autofill verifies that the website domain matches the stored credential's domain (eTLD+1 matching) before filling.
  • Non-extractable keys: Cryptographic keys use Web Crypto API with extractable: false — they cannot be exported from the browser's internal key store.

Two-Factor Authentication

SandPass supports TOTP-based 2FA (RFC 6238) with backup codes. TOTP secrets are encrypted server-side with AES-256-GCM using a dedicated HKDF-derived key. Trusted devices can skip 2FA for 30 days using CAS-atomic token rotation that detects concurrent use.

Testing & Auditing

SandPass has 287 automated tests covering:

  • 161 backend tests (auth, sessions, vault CRUD, security, pentest scenarios)
  • 126 extension tests (crypto, TOTP, password generator, import/export)
  • Penetration testing: IDOR, SQL injection, rate limiting, CORS, session security
  • 0 known vulnerabilities in dependencies (pip-audit + npm audit)

Responsible Disclosure

If you discover a security vulnerability, please report it to support@sandpass.io. We take all reports seriously and will respond within 48 hours.