Blog : Security & Encryption

AES vs RSA: how symmetric and asymmetric encryption differ, when to use each, and how they combine in real systems.

Client-side vs server-side encryption: who holds the keys, who can read your data, and what a zero-knowledge architecture changes.

What actually happens in a data breach, and how strong encryption changes impact, notification, and recovery.

What a practical encryption policy should contain, from algorithms and key management to ownership and auditing responsibilities.

What end-to-end encryption for teams really means, how it differs from TLS, and where it fits in secure collaboration without marketing noise.

Is encryption required by GDPR, and what does compliant encryption actually look like in practice for SaaS and internal systems?

How HIPAA and PCI-DSS treat encryption, what is actually required, and where zero-knowledge and client-side encryption fit.

How Inkrypt compares to other encrypted note apps, from architecture to threat models, without marketing gloss.

How to manage encryption keys safely across their lifecycle, from generation and storage to rotation and destruction.

Is your phone actually encrypted, and what does that mean for secure notes, stolen devices, and zero-knowledge apps like Inkrypt?

Why multi-factor authentication matters, how it works under the hood, and how it interacts with encrypted, zero-knowledge systems.

When should you use a password manager and when does a zero-knowledge encrypted note app make more sense? A technical comparison without fluff.

Learn how secure self-destructing messages work with real client-side encryption, AES-256-GCM, and zero-knowledge design—beyond marketing claims.

You can’t verify our code from the app alone. Here’s what we do (and what to look for in any zero-knowledge product).

The link to your note is guessable. The password is what keeps it private. Here’s how to think about it.

No account means no “sync.” So how do you use the same note from your phone and laptop?

One note with one password shared with the team, or one note per person? It depends what you’re trying to protect.

Zero-knowledge protects you from us and from server compromise. It doesn’t protect you from everything.

We use the Web Crypto API with AES-GCM. Here’s what that means and why we chose it.

Slowing down key derivation protects you from brute force. Here’s how we picked the number.

A transparent look at the exact fields we persist and why we never see your plaintext.

For AES-256, the weak point isn’t the algorithm—it’s your password. Here’s how we think about it.

If you lose the password, the note is gone. That’s not a design oversight; it’s the only way zero-knowledge can work.

We wanted something like ProtectedText but with a stack we could maintain and a UX we could improve. Here’s where we landed.

Client-side encryption isn’t just a feature—it’s the only way we can promise we never see your data.

Sharing a note means sharing the link and the password. Sounds simple until you think about how that password travels.