Skip to content

Zero-Knowledge Encryption

TorrinPass is built on a zero-knowledge architecture, meaning we have absolutely no way to access your passwords or personal data.

What is Zero-Knowledge?

Zero-knowledge means:

Your master password never leaves your device
All encryption happens locally on your iPhone/iPad
We only store encrypted data that we cannot decrypt
Even we can’t access your passwords

How It Works

The Encryption Flow

You enter Master Password
        ↓
PBKDF2 derives Master Encryption Key (MEK)
        ↓
MEK encrypts your passwords with AES-256-GCM
        ↓
Only encrypted data is stored/synced
        ↓
MEK is kept in memory only (never saved)

Key Points

Master Password — Only you know it. Never transmitted anywhere.
MEK (Master Encryption Key) — Derived from your password using PBKDF2 with 210,000 iterations.
Encrypted Data — What we store. Completely unreadable without your MEK.

Why Zero-Knowledge Matters

Protection Against Data Breaches

If TorrinPass servers were ever breached, attackers would only get encrypted blobs of data—nothing usable.

Protection Against Insider Threats

Even TorrinPass employees cannot view your passwords, reset your master password, or access your 2FA secrets.

Protection Against Government Requests

If we received a legal request for your data, we could only provide encrypted data that we cannot decrypt.

Technical Implementation

PBKDF2 Key Derivation

Master Password + Salt → PBKDF2 (210,000 iterations) → 256-bit MEK

210,000 iterations — More than most competitors
Unique salt per user — Prevents rainbow table attacks
SHA-256 hash function — Cryptographically secure

AES-256-GCM Encryption

AES-256 — Military-grade encryption (2^256 possible keys)
GCM mode — Provides both confidentiality AND authenticity
Unique nonce — Every encryption uses a random 12-byte nonce

What This Means for You

Get Started

Experience true zero-knowledge security. Download TorrinPass today.

Download on App Store