The Vault - Version 5 Encryption Protocol

The Vault uses PBKDF2 key derivation with an HMAC-SHA512 PRF, and HMAC-SHA256 Encrypt-then-MAC authenticated 256-bit AES encryption, using CommonCrypto functionality only. All cipher and MAC worker keys, as well as all salts and IVs, are purely random data, generated by SecRandomCopyBytes. Keys and IVs are never reused. Each singular piece of data in the app is encrypted with a unique random encryption key, and authenticated with a unique random HMAC key.
Your Master Passcode is never stored; and neither are the derived cipher keys.





Open-sourced, human-readable, pseudocode of the encryption core of The Vault for iOS and The Vault for Mac.