Encryption & Secret Sharing Security Guides
How the encryption works. What the architecture protects. What it doesn't.
Encryption & architecture
- The zero-knowledge encryption protocol Full walkthrough of the encryption stack: XChaCha20-Poly1305, Argon2id, domain binding, payload format.
- Zero-knowledge encryption explained What it means when the server can't read your data. Architecture vs proofs.
- XChaCha20-Poly1305 explained The cipher behind the encryption. Nonce size, misuse resistance, AES-GCM comparison, libsodium.
- Client-side vs server-side encryption Why where encryption happens changes everything. Trust models compared.
- URL fragment security How the decryption key stays out of server logs, referrer headers, and browser history.
Security topics
- Privnote phishing: how fake clone sites steal secrets The documented phishing pattern, how it works, and what client-side encryption prevents.
- Secrets management vs secret sharing Vaults store credentials long-term. Secret sharing transmits them once. Different tools, different jobs.
Messaging risks
- Why not Slack Slack messages are searchable, logged, and retained. What that means for secrets.
- Why not email Email is stored in plain text across multiple servers. Why it's the wrong channel for credentials.
Looking for step-by-step instructions? See the guides. Comparing tools? See the alternatives.