Fortified by Mathematics.
Shade relies on proven cryptographic primitives, not proprietary "magic." Here is exactly how we secure your data.
Cryptography Specification
SYMMETRIC ENCRYPTION
AES-256-GCM
All user data is encrypted using Advanced Encryption Standard (AES) with a 256-bit key in Galois/Counter Mode (GCM). This provides both confidentiality and data integrity.
KEY DERIVATION
PBKDF2-SHA256
Your master password is converted into an encryption key using PBKDF2 with 100,000 iterations and a rigorous salt. This makes brute-force attacks computationally prohibitive.
Zero-Knowledge Architecture
Most services encrypt data at rest (on their servers). This means they hold the keys and can decrypt your data if compelled by law enforcement or hackers.
Shade is different. Encryption happens on your device (in the browser) before data is ever transmitted.
- USER DEVICE:Input Data ➔ Encrypt(Data, Key) ➔ Ciphertext
- NETWORK:Transmits Ciphertext Only
- SHADE SERVER:Stores Ciphertext (Cannot Decrypt)
The Recovery Trade-off
Because we do not have your keys, we cannot reset your password.
If you lose your Master Password, your data is mathematically unrecoverable. This is a feature, not a bug. It ensures that no one—not even us—can access your vault.