Skip to content
Torminal
Security

The math is the part nobody brute-forces

Only standard, well-reviewed primitives — composed so the only way in is your password or your security key.

How a secret becomes ciphertext

  1. Your secret password · FIDO2 key
  2. Key derivation Argon2id
  3. Master key derived in memory
  4. Inner cipher XChaCha20-Poly1305
  5. Outer cipher AES-256-GCM
  6. On disk opaque ciphertext

What a vault looks like on disk

vault.torminal v3 
{
  "version": 3,
  "keyslots": [
    { "kind": "password", "kdf": { "memKib": 262144 } },
    { "kind": "passkey",  "credentialId": "…" }
  ],
  "payload": {
    "nonce":  "…",   // AES-256-GCM  (outer)
    "nonce2": "…",   // XChaCha20    (inner)
    "ciphertext": "…opaque random bytes…"
  }
}
  • The master key is derived in memory and zeroized on lock — never written to disk.
  • One vault, multiple ways in: a password slot plus optional security keys, with the password always kept as recovery.
  • A wrong password fails the auth tag cleanly. No partial decrypt, no garbage.
  • Self-describing KDF parameters; older vaults migrate forward on unlock.
  • On disk it's opaque bytes — no plaintext, ever.

What it protects against

A stolen laptop

Disk-level theft yields opaque bytes. Without your password or security key, there's nothing to read.

A network watching you

Tor routing hides where you connect, and DNS never leaks outside the circuit — not to your ISP, not to the resolver.

A swapped server key

Host keys are pinned. A changed fingerprint stops the connection before a byte of your session is sent.

Ready when you are

Free, no sign-up, no telemetry. Your servers, your machine, your keys.