Interactive SRP-6a flow illustration: your password never leaves your device.
Mathematical proof that we cannot access your data, even if we wanted to.
Data encrypted locally with your password. Keys never leave your browser.
Only encrypted blobs. No keys, no access, no backdoors. Mathematically impossible to decrypt.
Decryption happens locally with the shared key. Server never involved in crypto operations.
A = gα΅ mod N
B = kΒ·v + gα΅ mod N
K = H((B β kΒ·gΛ£)^(a + uΒ·x) mod N)
M1 = H(β¦, A, B, K)
M2 = H(A, M1, K)
π Starting SRP-6a loginβ¦ π‘ Requesting challengeβ¦ β A = 611dde12β¦ β Challenge received π Generating client proofβ¦ β M1 = 5f968510β¦ β Proof sent (password never left your device) π‘ Verifying server responseβ¦ β Mutual authentication successful π Login complete β your password was never transmitted
The same algorithms protecting classified government communications.
Secure Remote Password protocol ensures your password never leaves your device. Even network traffic interception cannot reveal authentication credentials.
Winner of the Password Hashing Competition. Memory-hard function that makes brute-force attacks computationally infeasible even with specialized hardware.
State-of-the-art authenticated encryption. Used by Signal, WireGuard, and TLS 1.3. Provides both confidentiality and authenticity with quantum-resistant properties.
Comprehensive protection against all known attack vectors.
End-to-end encryption + TLS 1.3
Client-side encryption before transmission
Cryptographic nonces + timestamps
Zero-knowledge architecture
No employee access to user data
Encrypted data without keys
256-bit entropy + Argon2id
Memory-hard KDF + unique salts
Constant-time implementations
No RSA/ECC dependencies
256-bit symmetric keys
Post-quantum ready architecture
To prevent abuse and enforce fair usage, ZeroNote stores only cryptographically hashed IP addresses and device fingerprints. These hashes cannot be used to identify individuals and are never used for tracking or profiling. This enables effective rate limiting and anti-abuse protection, while maintaining zero-knowledge privacy for all users.
Open source code, independent audits, and transparent security practices.
Complete source code available for inspection. No security through obscurity.
Regular security assessments by independent security researchers.
Incentivizing security researchers to find and report vulnerabilities.
Adherence to industry security standards and best practices.
Found a security issue? We appreciate responsible disclosure and reward security researchers.
Send details to security@zeronote.de using our PGP key.
48-hour acknowledgment, thorough investigation within 7 days.
Issue fixed, researcher credited, bounty paid if applicable.
Coordinated public disclosure after fix deployment.
security@zeronote.de
EBA3 07F1 64F6 CFFD 0B38 3DBC DCC5 56E0 A0EA 30C7
For security researchers who want to encrypt their reports