{ "tm_meta_title": { "en": "Threat Model — ChromVoid" }, "tm_meta_description": { "en": "ChromVoid security threat model: assets, trust boundaries, STRIDE analysis, attack scenarios, and honest limitations." }, "tm_breadcrumb_home": { "en": "ChromVoid" }, "tm_breadcrumb_threat": { "en": "Threat Model" }, "tm_hero_label": { "en": "Threat Model" }, "tm_hero_title": { "en": "Security through honesty" }, "tm_hero_subtitle": { "en": "What ChromVoid protects, what it doesn't, and why we publish limitations." }, "tm_nav_assets": { "en": "Assets" }, "tm_nav_trust": { "en": "Trust Boundaries" }, "tm_nav_crypto": { "en": "Cryptography" }, "tm_nav_storage": { "en": "Storage" }, "tm_nav_offline": { "en": "Offline-hardening" }, "tm_nav_deniability": { "en": "Deniability" }, "tm_nav_threats": { "en": "Threat Actors" }, "tm_nav_scenarios": { "en": "Attack Scenarios" }, "tm_nav_limitations": { "en": "Limitations" }, "tm_nav_recommendations": { "en": "Recommendations" }, "tm_nav_audit": { "en": "Auditability" }, "tm_nav_disclosure": { "en": "Disclosure" }, "tm_back_to_main": { "en": "← Back to main" }, "tm_assets_title": { "en": "What ChromVoid protects" }, "tm_assets_overview": { "en": "ChromVoid is designed for storing passwords, OTP, notes and other secrets with a threat model where physical access, coercion, network attacks, and offline analysis are possible." }, "tm_assets_no_promise": { "en": "ChromVoid does not promise \"unhackability\" and does not replace basic security hygiene." }, "tm_assets_detail_title": { "en": "Critical assets and metadata" }, "tm_assets_col_asset": { "en": "Asset" }, "tm_assets_col_desc": { "en": "Description" }, "tm_assets_col_impact": { "en": "Impact if compromised" }, "tm_assets_secrets": { "en": "Secrets in vault" }, "tm_assets_secrets_desc": { "en": "Passwords, keys, TOTP seeds, files" }, "tm_assets_secrets_impact": { "en": "Full account compromise" }, "tm_assets_vault_pw": { "en": "Vault password" }, "tm_assets_vault_pw_desc": { "en": "Password to open a vault" }, "tm_assets_vault_pw_impact": { "en": "Access to all secrets in that vault" }, "tm_assets_master_key": { "en": "Master key" }, "tm_assets_master_key_desc": { "en": "Root of trust for storage" }, "tm_assets_master_key_impact": { "en": "Backup/restore, pairing, erase — but NOT data access" }, "tm_assets_device_key": { "en": "Device private key" }, "tm_assets_device_key_desc": { "en": "Noise Protocol key for the current host" }, "tm_assets_device_key_impact": { "en": "Transport channel compromise" }, "tm_assets_session_keys": { "en": "Session keys" }, "tm_assets_session_keys_desc": { "en": "Active Noise session keys" }, "tm_assets_session_keys_impact": { "en": "Current traffic decryption" }, "tm_assets_meta_title": { "en": "Sensitive metadata" }, "tm_assets_meta_col_data": { "en": "Metadata" }, "tm_assets_meta_col_protection": { "en": "Protection" }, "tm_assets_meta_vault_count": { "en": "Vault count" }, "tm_assets_meta_vault_count_prot": { "en": "Hidden (Plausible Deniability)" }, "tm_assets_meta_record_count": { "en": "Records per vault" }, "tm_assets_meta_record_count_prot": { "en": "Hidden until unlock (encrypted catalog)" }, "tm_assets_meta_timestamps": { "en": "Last access time" }, "tm_assets_meta_timestamps_prot": { "en": "Partially — FS timestamps visible" }, "tm_assets_meta_size": { "en": "Storage size" }, "tm_assets_meta_size_prot": { "en": "Visible (total chunk size)" }, "tm_assets_meta_dirs": { "en": "Directory structure" }, "tm_assets_meta_dirs_prot": { "en": "Hidden (flat chunk structure)" }, "tm_trust_title": { "en": "Trust boundaries" }, "tm_trust_overview": { "en": "ChromVoid is built as a zero-trust system. No component is \"trusted by default\". Access is granted through capability grants. All communication is encrypted end-to-end: Noise over USB/WebRTC DataChannel/WSS via Relay." }, "tm_trust_detail_title": { "en": "Trust zones and levels" }, "tm_trust_col_zone": { "en": "Zone" }, "tm_trust_col_level": { "en": "Trust level" }, "tm_trust_col_reason": { "en": "Rationale" }, "tm_trust_core": { "en": "Core Zone" }, "tm_trust_core_level": { "en": "Full" }, "tm_trust_core_reason": { "en": "Rust code, verified cryptography" }, "tm_trust_client": { "en": "Client Zone (Tauri)" }, "tm_trust_client_level": { "en": "High" }, "tm_trust_client_reason": { "en": "Controlled code, but vulnerable to host malware" }, "tm_trust_extension": { "en": "Browser Extension" }, "tm_trust_extension_level": { "en": "Medium" }, "tm_trust_extension_reason": { "en": "Isolated context, but less control" }, "tm_trust_network": { "en": "Network" }, "tm_trust_network_level": { "en": "Zero" }, "tm_trust_network_reason": { "en": "Always considered compromised" }, "tm_trust_physical": { "en": "Physical device access" }, "tm_trust_physical_level": { "en": "Accepted risk" }, "tm_trust_physical_reason": { "en": "Not protected from physical access" }, "tm_trust_modes_title": { "en": "Operating modes" }, "tm_trust_mode_local": { "en": "Local mode: Rust Core built into Desktop/Mobile" }, "tm_trust_mode_mobile": { "en": "Mobile host: Phone is source of truth (Secure Enclave/TEE), Desktop connects via USB or WebRTC/WSS" }, "tm_trust_mode_core": { "en": "Desktop + Extension: the browser extension connects through Desktop Gateway on localhost; secrets stay in the Desktop app" }, "tm_trust_mode_chain": { "en": "Relay path: paired clients can communicate over WebRTC/WSS with end-to-end encrypted transport" }, "tm_crypto_title": { "en": "Cryptography" }, "tm_crypto_overview": { "en": "Standard cryptographic primitives with no proprietary algorithms. Everything is documented and verifiable." }, "tm_crypto_detail_title": { "en": "Primitives and usage" }, "tm_crypto_col_primitive": { "en": "Primitive" }, "tm_crypto_col_usage": { "en": "Usage" }, "tm_crypto_col_context": { "en": "Context" }, "tm_crypto_chacha": { "en": "ChaCha20-Poly1305" }, "tm_crypto_chacha_usage": { "en": "AEAD data encryption" }, "tm_crypto_chacha_ctx": { "en": "At rest" }, "tm_crypto_argon": { "en": "Argon2id" }, "tm_crypto_argon_usage": { "en": "Memory-hard KDF for password-based key derivation" }, "tm_crypto_argon_ctx": { "en": "At rest" }, "tm_crypto_blake": { "en": "BLAKE3" }, "tm_crypto_blake_usage": { "en": "Hashing and auxiliary material derivation" }, "tm_crypto_blake_ctx": { "en": "At rest" }, "tm_crypto_noise": { "en": "Noise Protocol (XX/IK/XXpsk0)" }, "tm_crypto_noise_usage": { "en": "End-to-end encryption over all channels" }, "tm_crypto_noise_ctx": { "en": "In transit (USB / WebRTC / WSS)" }, "tm_crypto_x25519": { "en": "X25519" }, "tm_crypto_x25519_usage": { "en": "Key exchange within Noise" }, "tm_crypto_x25519_ctx": { "en": "In transit" }, "tm_storage_title": { "en": "Storage architecture" }, "tm_storage_overview": { "en": "ChromVoid uses chunk-based storage. Data is stored as encrypted chunks (~16KB). Each chunk is encrypted separately. Writes are atomic (write-temp-rename) + fsync." }, "tm_storage_detail_title": { "en": "Storage security properties" }, "tm_storage_chunk": { "en": "Each chunk encrypted independently — simplifies sync, reduces structure \"chattiness\"" }, "tm_storage_aad": { "en": "AAD = chunk name — protection against swap/chunk substitution attacks" }, "tm_storage_atomic": { "en": "Atomic writes (write-temp-rename) + fsync for crash resilience" }, "tm_storage_catalog": { "en": "Sharded catalog — domains separated (.passmanager, .wallet, .files)" }, "tm_storage_delta": { "en": "Delta sync — only changed chunks are transferred" }, "tm_offline_title": { "en": "Offline-hardening" }, "tm_offline_overview": { "en": "When an attacker has a copy of your files, ChromVoid applies a \"separate data and hardening material\" approach. Storage data (chunks) is in the filesystem. An additional secret (storage pepper) is stored separately (e.g., in OS keystore) and participates in key derivation." }, "tm_offline_idea": { "en": "Idea: \"just copying the folder\" is not enough to conveniently run offline brute-force." }, "tm_offline_warning": { "en": "Important: this does not replace a strong passphrase. Argon2id + pepper = delay and complication of offline attack, but not an absolute guarantee." }, "tm_deniability_title": { "en": "Plausible Deniability" }, "tm_deniability_overview": { "en": "ChromVoid supports a decoy vault + hidden vaults model: no obvious \"wrong password\" signal, minimal metadata about vault count, hidden data boundaries at storage level (flat chunk approach)." }, "tm_deniability_detail_title": { "en": "Limitations (important to read)" }, "tm_deniability_limit_1": { "en": "Depends on attack class: single-snapshot vs multi-snapshot analysis" }, "tm_deniability_limit_2": { "en": "Storage medium properties may leave write traces/remnants" }, "tm_deniability_limit_3": { "en": "Your habits (OPSEC): decoy plausibility, usage regularity, structure \"explainability\"" }, "tm_deniability_limit_4": { "en": "Does not hide that ChromVoid is installed or the total data size" }, "tm_deniability_honest": { "en": "ChromVoid publishes these limitations because honesty is part of security." }, "tm_threats_title": { "en": "Threat actors" }, "tm_threats_overview": { "en": "ChromVoid defends against a range of adversaries — from opportunistic thieves to nation-state actors. Different threat levels require different operating modes." }, "tm_threats_detail_title": { "en": "Attacker profiles" }, "tm_threats_col_actor": { "en": "Actor" }, "tm_threats_col_resources": { "en": "Resources" }, "tm_threats_col_motivation": { "en": "Motivation" }, "tm_threats_col_attacks": { "en": "Typical attacks" }, "tm_threats_script": { "en": "Script kiddie" }, "tm_threats_script_res": { "en": "Low" }, "tm_threats_script_mot": { "en": "Curiosity" }, "tm_threats_script_att": { "en": "Public exploits, phishing" }, "tm_threats_criminal": { "en": "Cybercriminal" }, "tm_threats_criminal_res": { "en": "Medium" }, "tm_threats_criminal_mot": { "en": "Financial" }, "tm_threats_criminal_att": { "en": "Malware, credential theft" }, "tm_threats_state": { "en": "Nation-state" }, "tm_threats_state_res": { "en": "High" }, "tm_threats_state_mot": { "en": "Intelligence" }, "tm_threats_state_att": { "en": "0-day, supply chain, rubber hose" }, "tm_threats_insider": { "en": "Insider" }, "tm_threats_insider_res": { "en": "Medium" }, "tm_threats_insider_mot": { "en": "Various" }, "tm_threats_insider_att": { "en": "Social engineering, physical access" }, "tm_scenarios_title": { "en": "Attack scenarios" }, "tm_scenarios_overview": { "en": "Concrete scenarios help understand how ChromVoid's defenses work in practice. Each scenario describes the attacker, their goal, the attack vector, and the protection outcome." }, "tm_scenario_col_attacker": { "en": "Attacker" }, "tm_scenario_col_goal": { "en": "Goal" }, "tm_scenario_col_vector": { "en": "Attack vector" }, "tm_scenario_col_defense": { "en": "Defense" }, "tm_limits_title": { "en": "What we don't protect" }, "tm_limits_overview": { "en": "Honest disclosure of limitations is part of our security approach. These are accepted risks." }, "tm_limits_host": { "en": "Host compromise during unlock: if the OS is infected and reads screen/keyboard/memory while the vault is open, the risk is high for any password manager." }, "tm_limits_weak_pw": { "en": "Weak passwords: KDF slows down brute-force but doesn't make the password strong." }, "tm_limits_social": { "en": "Social engineering and user errors: transferring secrets to notes/screenshots/chat." }, "tm_limits_physical_opi": { "en": "Physical access to an unlocked host device: software-only protection does not stop direct inspection or memory extraction." }, "tm_limits_supply_chain": { "en": "Supply-chain compromise of the host OS, firmware, or device hardware is outside the scope of this threat model." }, "tm_recommendations_title": { "en": "Recommendations" }, "tm_recommendations_overview": { "en": "Practical guidance to maximize ChromVoid's protection." }, "tm_rec_1": { "en": "Use a strong passphrase (4-5 words or ≥12 characters)" }, "tm_rec_2": { "en": "Keep decoy vault plausible and \"explainable\"" }, "tm_rec_3": { "en": "Prefer localhost or direct cable paths when they are available" }, "tm_rec_4": { "en": "Enable auto-lock and lock on sleep" }, "tm_rec_5": { "en": "Store master_password on paper in a secure place" }, "tm_rec_6": { "en": "Make regular encrypted backups" }, "tm_rec_7": { "en": "Keep the application updated" }, "tm_rec_priority_critical": { "en": "Critical" }, "tm_rec_priority_important": { "en": "Important" }, "tm_rec_priority_recommended": { "en": "Recommended" }, "tm_audit_title": { "en": "Auditability" }, "tm_audit_overview": { "en": "ChromVoid's architecture is open and documented. You can verify the security claims yourself." }, "tm_audit_c4": { "en": "Architecture diagrams for core, transport, and trust boundaries" }, "tm_audit_adr": { "en": "Public repo and protocol specs" }, "tm_audit_api": { "en": "API specification (OpenAPI)" }, "tm_audit_cta_arch": { "en": "Architecture" }, "tm_audit_cta_github": { "en": "Source Code ↗" }, "tm_disclosure_title": { "en": "Responsible Disclosure" }, "tm_disclosure_overview": { "en": "If you find a vulnerability, please report it responsibly." }, "tm_disclosure_rule_1": { "en": "Do not publish PoC publicly before the fix" }, "tm_disclosure_rule_2": { "en": "Write to security@chromvoid.com or via GitHub Security Advisories" }, "tm_disclosure_rule_3": { "en": "We will confirm receipt and provide status updates" }, "tm_disclosure_email": { "en": "security@chromvoid.com" }, "tm_show_details": { "en": "Show details" }, "tm_hide_details": { "en": "Hide details" } }