Zero-Knowledge Architecture: how OneckPass protects your passwords
Understand why even the OneckPass team cannot see your passwords and how this protects you.
What is Zero-Knowledge?
Zero-Knowledge is a security architecture where the service provider has no access to your data. In OneckPass's case, this means:
- Your master password is never transmitted to our servers
- Your data is encrypted on your device before being sent
- Only you have the key to decrypt your information
How does it work in practice?
1. Key derivation
When you enter your master password, it goes through the Argon2id algorithm along with your email (used as salt). This generates two 32-byte keys:
- Authentication Key: Used to prove your identity to the server
- Encryption Key: Used to encrypt/decrypt your data
2. AES-256-GCM Encryption
All your data (passwords, notes, cards) is encrypted using AES-256-GCM, the same standard used by governments and militaries.
What if OneckPass is hacked?
This is the great advantage of Zero-Knowledge. Even in case of server invasion:
- Attackers would only see encrypted data
- To decrypt, they would need your master password
- Your master password is never on our servers
Summary
Zero-Knowledge is not just marketing — it's a fundamentally different architecture that puts you in total control of your data. Even if you don't trust us, you can trust the math.