The Most Secure Password Vault Ever Built
Every major password manager stores your passwords on a server. That server is a target. The Z-Text Password Vault removes that central vault risk — your passwords are encrypted on your device, then stored on the BitcoinZ blockchain using AES-256-GCM encryption and zero-knowledge proofs.
When Other Vaults Get Breached, Yours Can't
LastPass
2022–2023Hackers stole encrypted vaults of 25+ million users. Over $150M in crypto theft linked to cracked vaults.
Why it happened
LastPass stored all user vaults on their servers. One breach exposed every customer.
Why it can't happen here
There is no server. Your encrypted data lives on a decentralized blockchain, wrapped in zero-knowledge proofs. An attacker would not even know your vault exists.
Norton LifeLock
2023Credential-stuffing attacks compromised ~925,000 accounts and their built-in password manager data.
Why it happened
Users had Norton accounts with reused passwords. Once the account was compromised, the vault was exposed.
Why it can't happen here
There is no account. No email. No username. No password to reuse. Access requires your wallet seed phrase and master password — neither is ever transmitted or stored anywhere.
OneLogin
2017Attackers gained the ability to decrypt customer data from this enterprise password manager.
Why it happened
OneLogin held decryption keys on their infrastructure.
Why it can't happen here
We never hold your keys. Your decryption keys are derived from your master password on your device and never leave it.
Every major password manager breach shares the same root cause: a centralized server holding user data. Remove the server, and you remove the attack surface.
How Your Passwords Are Protected
Think of your vault as a safe, inside a safe, inside an invisible room that nobody knows exists.
AES-256-GCM Encryption
AES-256-GCMEach vault entry uses AES-256-GCM authenticated encryption with a unique random salt and initialization vector. Your master password is hardened through 100,000 rounds of PBKDF2-SHA256 before keys are used locally on your device.
Wallet-Bound Encryption
Seed-Derived KeysYour vault is cryptographically bound to your wallet's private key. Even if someone obtained your master password, they would also need your wallet seed phrase. Two independent keys. Two independent barriers.
zk-SNARKs Privacy
Zero-Knowledge ProofsYour encrypted vault is wrapped in a zero-knowledge proof on the blockchain. The network can verify the transaction is valid without ever seeing what is inside. The sender, receiver, and contents are all hidden. Your vault is not just encrypted — it is invisible.
What Happens When Things Go Wrong
What if my phone is stolen?
The vault is locked separately with its own master password. Even if a thief extracts raw data, they need both your master password AND your seed phrase. And if you set up the Panic PIN, entering it silently wipes everything — to an observer, it looks like a normal unlock to an empty app.
What if a hacker gets the blockchain data?
They get nothing useful. Your data is triple-encrypted and wrapped in zk-SNARKs proofs. A hacker looking at the blockchain cannot even tell that password vault data exists. Even if they could isolate your transaction, they face two layers of AES-256 encryption requiring both your master password and seed phrase.
What if Z-Text shuts down?
Your passwords survive. The BitcoinZ blockchain is a decentralized network of thousands of nodes. No entity can shut it down. All you need is the app (open source, rebuildable), your seed phrase, and your master password. No company required.
What if quantum computers arrive?
AES-256 is quantum-resistant — Grover's algorithm reduces it to 128-bit effective, still computationally infeasible. Shielded z-addresses don't expose public keys, defeating Shor's algorithm. The encryption layer is upgradeable to post-quantum algorithms without losing existing data.
What if I'm forced to unlock my vault?
Enter your Panic PIN. It looks identical to a normal unlock — no warning, no confirmation. But it silently destroys everything. Later, restore on a new device using your seed phrase and master password — your encrypted vault still exists safely on the blockchain.
What if I lose my phone?
Get a new phone. Install Z-Text. Enter your 24-word seed phrase. Enter your master password. Every password is restored from the blockchain. No cloud backup. No recovery email. No support ticket.
TOTP Authenticator Included
Two-factor authentication without a second app — at no additional cost.
- RFC 6238 compliant — works with every TOTP-compatible service
- Live codes displayed directly in your password list
- Codes auto-refresh every 30 seconds with visual countdown
- 2FA secrets encrypted with the same triple-layer protection
- Backed up on the blockchain — lose your phone, restore your 2FA codes
We Cannot See Your Data — Even If We Wanted To
No account exists
No email, no username, no phone number, no identity of any kind.
No server exists
Your data is never transmitted to or stored on any company server.
No analytics or telemetry
The app does not phone home. Zero tracking.
Master password never leaves your device
Used locally to derive encryption keys, then discarded from memory.
Encryption happens entirely on-device
At no point does unencrypted data exist anywhere else.
Z-Text Vault vs. The Competition
| Feature | Z-Text Vault | LastPass | 1Password | Bitwarden |
|---|---|---|---|---|
| No server to breach | ||||
| No account required | ||||
| Blockchain-backed storage | ||||
| zk-SNARKs privacy | ||||
| Triple encryption layers | ||||
| Panic PIN / Kill switch | ||||
| Survives company shutdown | ||||
| Built-in 2FA authenticator | ||||
| 2FA codes recoverable | ||||
| Open source | ||||
| No cloud dependency | ||||
| True zero-knowledge | ||||
| Quantum-resistant design | ||||
| Recovery from seed phrase alone |
For Security Researchers & Reviewers
| Component | Specification |
|---|---|
| Primary encryption | AES-256-GCM (authenticated encryption with associated data) |
| Key derivation | PBKDF2-HMAC-SHA256, 100,000 iterations |
| Salt | 256-bit cryptographically secure random, unique per entry |
| Initialization vector | 96-bit cryptographically secure random, unique per operation |
| TOTP implementation | RFC 6238, HMAC-SHA1, 6-digit codes, 30-second period |
| Privacy layer | zk-SNARKs shielded transactions (z-to-z) |
| Storage layer | BitcoinZ blockchain (decentralized, immutable) |
| Quantum resistance | AES-256 (Grover-safe at 128-bit effective), no public key exposure |
| Auto-lock | 5-minute inactivity timeout, full memory wipe |
| Brute-force protection | 3 attempts max, 5-minute lockout (persists across restarts) |
| Memory handling | All secrets cleared from memory on lock (zero retention) |
| Password comparison | Constant-time algorithm (timing-attack resistant) |
| Cryptographic library | cryptography v2.7.0 (Dart) |
| Audit trail | Immutable blockchain timestamps for all vault operations |
Your Passwords. Your Keys. Your Blockchain.
Traditional password managers ask you to trust a company. The Z-Text Password Vault asks you to trust mathematics.
Learn more: Deep dive blog post | Vault documentation