Key takeaways
- Your password is stretched on-device with Argon2id into a 256-bit vault key
- Inktally never receives your password or the key derived from it, in any form
- Losing your password loses access — recovery contacts are the designed safety net
- The same password always produces the same key, making derivation deterministic and portable
Most services that protect your data encrypt it and hold the key themselves. If you forget your password, they reset it — because they can always unwrap your data using the key they control. Inktally is different: we cannot unwrap your data, ever. Here is exactly why, and exactly what that costs you.
How the key is derived
When you create an account, your password is put through Argon2id — a memory-hard key derivation function — in your browser. Argon2id is deliberately expensive to compute: it uses 64 MB of memory and takes several hundred milliseconds, making mass brute-force attacks impractical even with fast hardware.
The result of that computation is your master key. It never leaves your device. Your documents, notes, and credentials are all encrypted with keys wrapped by the master key.
Technical detail
We use Argon2id with 64 MB memory, 3 iterations, and a 32-byte output. The salt is randomly generated per account and stored on our servers. Changing the salt without your password would make your vault unrecoverable — so we keep it, but it is useless without the password.
What we store and why it is safe
Alongside the salt, we store an auth verifier — a further hash derived from the master key. When you sign in, your browser derives the master key, derives the verifier from it, and sends only the verifier to our server. We check the verifier against what we stored. If they match, you're in.
The auth verifier cannot be reversed back to the master key. Our server learns only that you proved you know the correct password — nothing more.
See this in practice.
Your vault is encrypted before it leaves your device. Inktally never sees your keys.
Try Inktally freeThe real trade-off
This architecture gives you something most products cannot: if Inktally is breached, subpoenaed, or compromised at the server layer, your data is still safe. We have nothing to hand over except ciphertext and a verifier that proves nothing about the plaintext.
But it means one thing: we cannot help you if you forget your password. There is no “forgot password” that lets you back in without proving you know the secret. There is no back door. The math does not allow it.
If you forget your password
This is not a dead end — it is a designed trade-off with a designed solution. Recovery contacts are the way back in: you nominate trusted people who each hold a cryptographic share of your recovery key. When you lose your password, they collectively approve a recovery request and you regain access.
We strongly recommend setting up recovery contacts before you need them. One missed holiday check-in should not be an irreversible loss.
