Server-side encryption with Argon2id + AES-256-GCM. Shamir 2-of-3 recovery. Rate-limited access control.
Set a master password. Server derives your encryption key with Argon2id. Add files, keys, or secrets.
33 failed attempts trigger lockjaw (permanent lock until Shamir recovery). Real security: Argon2id + rate limiting. 33 gates in demo are visual only.
2-of-3 Shamir shares let you recover if you lose access. Time-lock vaults for crypto. Dead man's switch for emergencies.
Post-quantum cryptography that withstands attacks from future quantum computers. Your assets stay secure for decades.
Argon2id key derivation and AES-256-GCM encryption. Same algorithms used by 1Password and industry leaders.
The lock fights back. Failed unlock attempts trigger murder blade mechanism and lockjaw security freeze.
2-of-3 secret sharing ensures you never lose access. Printable recovery keys stored offline.
No slow decryption. Argon2id optimized for ~100ms unlock time while maintaining security.
Complete tamper-evident log of all access attempts. Compliance-ready for enterprise.
Secure BTC, ETH, and digital assets with time-locked vaults
Protect IP, trade secrets, and sensitive business data
Safeguard proprietary research before publication
Attorney-client privileged documents with compliance
Most vaults protect against theft. We protect against theft, denial-of-service attacks, physical coercion, and permanent loss.
Only your registered devices (up to 5) can attempt unlock. Unknown device? Instant alert via email, SMS, and push. Verification code required before any unlock attempt.
Lockjaw requires Face ID/Touch ID confirmation before engaging. Prevents attackers from triggering denial-of-service. Can't provide your biometric? Counter resets automatically.
Unlock attempts from unusual locations require email/SMS verification. Set trusted locations (home, work, travel). GPS spoofing detected = instant lockdown + emergency contact alert.
Set a "duress code" that appears to unlock but triggers silent alarm. Protects against $5 wrench attacks. Emergency contacts notified, vault enters maximum security mode.
Stage 1: 15-min slow mode (1 attempt per 5 min) β’ Stage 2: 24-hr email recovery only β’ Stage 3: 7-day full lockdown. You're notified at EVERY stage before full lockdown.
IMPOSSIBLE to permanently lose access. Recovery: 2-of-3 Shamir keys (24-hr wait) β’ Email verification (1-hr) β’ In-person ID check (48-hr review) β’ Legal override (court order).
Dead man's switch safeguards: 5-day grace period β’ Override from any device (email + security question) β’ Emergency contact verification required
| Attack Type | Protection | User Impact |
|---|---|---|
| Brute Force Automated password guessing | Argon2id + Murder blade + Graduated lockjaw | β Protected |
| Denial of Service Intentional lockjaw trigger | Biometric confirmation + Remote override + Email recovery | β Override in 1 min |
| Physical Coercion $5 wrench attack | Panic/duress code + Silent alarm + Emergency contact | β Authorities alerted |
| Device Theft Stolen phone/laptop | Device binding + Location awareness + Remote revocation | β Revoke from any device |
| Quantum Computing Future cryptographic break | 33-gate mechanism + Post-quantum migration path | β Future-proof |
| Permanent Loss Forgot password, lost keys | Shamir 2-of-3 + Email + In-person + Legal override | β IMPOSSIBLE to lose forever |
Unknown device detected β Instant email/SMS alert sent to you
Murder blade triggers β Second alert β Slow mode (5 min between attempts)
Face ID/Touch ID required β Attacker can't provide it β Counter resets
Click "This wasn't me" β Remote override β Attacker's device banned
Assets secure β Audit trail recorded β Law enforcement can be contacted
"The Murderer's Lock isn't just encryptionβit's active defense. When someone tries to break in, the system fights back. That's the future of digital security."
Independent Cryptography Audit, 2026
Argon2id, AES-256-GCM, Shamir 2-of-3, encrypted SQLite. Interactive demo live.
Native apps for iOS, Android, macOS, Windows. Device binding, biometric safeguard, graduated lockjaw, location awareness.
SSO, SAML, SOC 2 compliance. REST API for integrations.
NIST PQC algorithms. Hybrid classical + post-quantum encryption.
Experience the 33-gate security mechanism. Or manage your own encrypted vaults.
No signup required β’ Create vaults β’ Shamir recovery
1. Biometric Confirmation: Before lockjaw engages, Face ID/Touch ID is required. The attacker can't provide your biometric, so the counter resets.
2. Instant Alerts: You get email + SMS + push after the first failed attempt. Override remotely by clicking "This wasn't me."
3. Graduated Response: Not instant lockdown. First 15-min slow mode, then 24-hr email recovery, then 7-day full lockdown.
4. Fail-Safe Recovery: Even in full lockdown, recover using 2-of-3 Shamir keys, email verification, or in-person ID check.
Bottom line: An attacker can slow you down for 15 minutes, but can NEVER permanently lock you out.
Multiple recovery paths: Store 2-of-3 Shamir keys in different locations. You only need 2 of 3 to recover.
If you lose keys: Email recovery (registered email + security questions) β’ In-person verification (ID + selfie, 48-hour review) β’ Emergency contact verification.
IMPOSSIBLE to permanently lose access as long as you can prove identity through at least one recovery method.
You set TWO unlock codes: Primary (real password) and Panic (appears to unlock but triggers silent alarm).
When you use panic code: Shows fake "unlocked" screen β’ Silently alerts emergency contacts β’ Records device fingerprint and location β’ Vault enters maximum security mode.
You appear to comply while help is being alerted.
No. Zero-knowledge architecture. Your password never leaves your device. Keys derived locally with Argon2id. We store only encrypted dataβwe can't decrypt it. Even if our servers are compromised, your data remains encrypted.
Today: AES-256-GCM (quantum-resistant symmetric) + 33-gate mechanism (additional independent layer).
Q4 2026: Migration to NIST post-quantum algorithms (CRYSTALS-Kyber, CRYSTALS-Dilithium).
Even if AES-256 is broken, the 33-gate mechanism provides an additional layer.
No. 5-day grace period with escalating alerts β’ Override from any device (email + security question) β’ Emergency contact must verify you're actually deceased β’ Can't be triggered by attacker alone. If traveling or lose device, check in from any computer with email access.
Password managers store credentials. We protect high-value assets (crypto, IP, legal docs). Key differences: Active defense (murder blade + lockjaw) β’ Multiple recovery paths (2-of-3 Shamir + email + in-person) β’ Quantum-resistant architecture β’ Dead man's switch for estate planning.
Option 1: Dead Man's SwitchβSet check-in interval, designate emergency contacts. If you don't check in: 5-day escalating alerts, then contacts receive access instructions (must verify death with certificate + ID).
Option 2: Shamir Recovery KeysβPrint 3 keys, give to family/lawyer. Include in will. Executor combines 2 of 3 to unlock. Recommended: Use both for redundancy.