To all Labs projects
Arcanum
A zero-knowledge password manager with vault functionality and AI-assisted risk analysis. Developed as an alternative to existing solutions — with the ambition of a more stable architecture, stricter encryption and more intelligent usability.
Prototype
Problem
Established password managers make structural compromises. Cloud-based solutions store secrets on servers that, if master logic is compromised, see plaintext — an attack surface that can't be designed away. Local alternatives in return forgo intelligent analysis, which limits automatic strength evaluation, breach detection and data-driven generation.
Solution
A zero-knowledge security vault with full client-side encryption and AI-assisted analysis directly on the device. Password strength evaluation, breach matching and credential rotation run locally — the backend processes only encrypted blobs and never has plaintext access.
Target audience
Security-aware teams and individuals who reject cloud-based password managers on structural grounds. Particularly relevant for regulated environments — healthcare, legal, finance — with strict data-protection requirements and audit obligations.
Tech Stack
Compliance
Roadmap
Current state — Functional zero-knowledge core with client-side encryption and AI-based strength analysis. In active development. Next steps — browser extension, team sharing with end-to-end encryption, SOC 2 audit.
Screenshots
FAQ
Is Arcanum suitable for productive password management?
Not at this time. Arcanum is a functional prototype without an external security audit. Without an independent audit we give no productive security assurance.
How does the zero-knowledge principle work?
All secrets are encrypted client-side only with AES-256-GCM. The master password is derived into a key with Argon2id and never leaves the device. The server stores only encrypted blobs and never has plaintext access — even the operator cannot read the data.
What happens if I forget my master password?
By the zero-knowledge principle there is no server-side recovery. The only option is a recovery code you note down during setup. Without that code the encrypted data is not recoverable — this is a deliberate architectural choice.
Request a demo or partnership.
As a development project every integration is individual. Write to us and we will respond with a tailored assessment.