Zero-knowledge secret transfer · encrypted entirely in your browser · the server never sees your passphrase, PIN, or text.
Checking vault…
🔒 Held in memory only — never sent or saved. Use something long; it's your main protection.
A second factor. Both passphrase + PIN are required to unlock.
Encrypted right here in your browser. The server only ever receives unreadable ciphertext.
Stops automated bots from spamming the vault. Press ↻ for a new code.
Two-layer encryption: a random 1024-bit key + a randomly chosen cipher (1 of 10) encrypt your text; that bundle is then sealed with a key derived from passphrase + PIN (PBKDF2, 600k iterations). Only one secret is stored at a time — saving replaces any existing one.
Enter the exact passphrase + PIN used when storing. Decryption happens in your browser.
Both the passphrase and the PIN must be correct. After 5 failed attempts this machine is locked out for 30 minutes. Click the revealed text (or the delete button) to wipe it from the server permanently.