L·03 Labs project

Arcanum

A zero-knowledge password manager with vault functionality and AI-assisted risk analysis. Developed as an alternative to existing solutions — with the ambition of a more stable architecture, stricter encryption and more intelligent usability.

Concept
Arcanum — Mockup preview
Design mockup · not final

Problem

Established password managers make structural compromises. Cloud-based solutions store secrets on servers that, if master logic is compromised, see plaintext — an attack surface that can't be designed away. Local alternatives in return forgo intelligent analysis, which limits automatic strength evaluation, breach detection and data-driven generation.

Solution

A zero-knowledge security vault with full client-side encryption and AI-assisted analysis directly on the device. Password strength evaluation, breach matching and credential rotation run locally — the backend processes only encrypted blobs and never has plaintext access.

Target audience

Security-aware teams and individuals who reject cloud-based password managers on structural grounds. Particularly relevant for regulated environments — healthcare, legal, finance — with strict data-protection requirements and audit obligations.

Tech Stack

Rust WebAssembly AES-256-GCM Argon2id Zero-Knowledge

Compliance

SOC 2 GDPR DSGVO

Roadmap

Current state — Functional zero-knowledge core with client-side encryption and AI-based strength analysis. In active development. Next steps — browser extension, team sharing with end-to-end encryption, SOC 2 audit.

FAQ

Is Arcanum suitable for productive password management?
Not at this time. Arcanum is a functional prototype without an external security audit. Without an independent audit we give no productive security assurance.
How does the zero-knowledge principle work?
All secrets are encrypted client-side only with AES-256-GCM. The master password is derived into a key with Argon2id and never leaves the device. The server stores only encrypted blobs and never has plaintext access — even the operator cannot read the data.
What happens if I forget my master password?
By the zero-knowledge principle there is no server-side recovery. The only option is a recovery code you note down during setup. Without that code the encrypted data is not recoverable — this is a deliberate architectural choice.

More projects

Hüni — KI-Gemeindeassistent
L-01 Concept

Hüni — KI-Gemeindeassistent

AI Municipal Assistant for Hünenberg. RAG-powered chat with verifiable sources, transparent response generation, and Swiss data sovereignty.
Sonder
L·02 Concept

Sonder

Rethinking artist discovery: curated setcards for independent musicians — without algorithms, charts, or like-driven visibility.
Clarivio
L·04 Concept

Clarivio

Dashboard prototype for the visual representation of cognitive diagnostics, biomarker tracking and clinical workflows. React-based, visually guided by publications such as SMC 2024 and NIA-AA 2024.
epiLoom
L·05 Concept

epiLoom

Prototype of an ILAE-2017-oriented epilepsy monitoring platform, conceived as a proof of concept for Swiss neurology departments. The project demonstrates real-time patient monitoring, AI-assisted seizure prediction and alignment with Swiss medical standards (ICD-10-GM, Swissmedic, EPD).

What should we build together?

This project is part of our lab research. If you need something similar — your own AI tool, dashboard, custom workflow — talk to us. Every engagement starts with an honest assessment, not a sales pitch.

Talk to us about your project