Skip to content
TorrinPass

Zero-Knowledge Architecture

TorrinPass implements a true zero-knowledge architecture, meaning we mathematically cannot access your passwords or personal data.

The Zero-Knowledge Promise

Section titled “The Zero-Knowledge Promise”
  1. Your master password never leaves your device
  2. Encryption keys are derived locally
  3. We only store encrypted data we cannot decrypt
  4. No backdoors, no exceptions

Architecture Diagram

Section titled “Architecture Diagram”
┌─────────────────────────────────────────────────────────┐
│                     YOUR DEVICE                          │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐  │
│  │   Master    │───▶│   PBKDF2    │───▶│     MEK     │  │
│  │  Password   │    │  210,000    │    │  (256-bit)  │  │
│  └─────────────┘    │ iterations  │    └──────┬──────┘  │
│                     └─────────────┘           │         │
│                                               ▼         │
│  ┌─────────────┐                     ┌─────────────┐   │
│  │  Plaintext  │────────────────────▶│  AES-256    │   │
│  │  Passwords  │                     │    GCM      │   │
│  └─────────────┘                     └──────┬──────┘   │
│                                              │          │
└──────────────────────────────────────────────┼──────────┘
                                               
                                               
┌─────────────────────────────────────────────────────────┐
│                   TORRINPASS SERVERS                     │
│                                                          │
│  ┌─────────────────────────────────────────────────┐    │
│  │              ENCRYPTED BLOBS ONLY                │    │
│  │         (We cannot decrypt these)                │    │
│  └─────────────────────────────────────────────────┘    │
│                                                          │
└─────────────────────────────────────────────────────────┘

What Stays on Your Device

Section titled “What Stays on Your Device”
  • ✅ Master password
  • ✅ Master Encryption Key (MEK)
  • ✅ Decrypted passwords (in memory only)
  • ✅ Biometric-protected credentials

What Goes to Our Servers

Section titled “What Goes to Our Servers”
  • 📦 Encrypted password blobs
  • 📦 Encrypted 2FA secrets
  • 📦 Encrypted notes
  • 📧 Your email (for account identification only)

Why This Matters

Section titled “Why This Matters”

Data Breach Protection

Section titled “Data Breach Protection”

If our servers are breached, attackers get only encrypted data they cannot decrypt.

Insider Threat Protection

Section titled “Insider Threat Protection”

TorrinPass employees cannot access your passwords—we don’t have the keys.

Section titled “Legal Protection”

We cannot comply with requests for your passwords because we don’t have them.

The Trade-off

Section titled “The Trade-off”

Learn More

Section titled “Learn More”