Blog : Security & Encryption
Practical notes on zero-knowledge encryption, client-side crypto, and building secure products. From the team behind Inkrypt—no fluff, just how we think about security and what we build.
Featured article
Zero-knowledge encryption: what it actually means when we can't see your data
We literally cannot read your notes. Here's what that implies for you and for us.
All articles
Opening the same note on multiple devices without sync hell
No account means no “sync.” So how do you use the same note from your phone and laptop?
When to use a shared note vs separate encrypted notes
One note with one password shared with the team, or one note per person? It depends what you’re trying to protect.
Threat model basics: who can't read your note (and who could)
Zero-knowledge protects you from us and from server compromise. It doesn’t protect you from everything.
Building trust in a zero-knowledge app: what to look for
You can’t verify our code from the app alone. Here’s what we do (and what to look for in any zero-knowledge product).
Why your note URL isn't a secret (and what actually is)
The link to your note is guessable. The password is what keeps it private. Here’s how to think about it.
AES-256-GCM in the browser: a quick tour of our crypto stack
We use the Web Crypto API with AES-GCM. Here’s what that means and why we chose it.
PBKDF2 and why we use 310,000 iterations
Slowing down key derivation protects you from brute force. Here’s how we picked the number.
What we store on the server (and what we never see)
A transparent look at the exact fields we persist and why we never see your plaintext.
Choosing a password for encrypted notes: length vs complexity
For AES-256, the weak point isn’t the algorithm—it’s your password. Here’s how we think about it.
No password recovery isn't a bug—here's why we can't help if you forget
If you lose the password, the note is gone. That’s not a design oversight; it’s the only way zero-knowledge can work.
How we built an encrypted notepad and how it compares
We wanted something like ProtectedText but with a stack we could maintain and a UX we could improve. Here’s where we landed.
Why we encrypt in the browser (and what happens to your password)
Client-side encryption isn’t just a feature—it’s the only way we can promise we never see your data.
Sharing encrypted notes without leaking the key: what we learned
Sharing a note means sharing the link and the password. Sounds simple until you think about how that password travels.
Ready to write secure notes?
No signup, no tracking. Encrypt in your browser and share with a link and password.
Create a note