PicoPouch
Sign in

Security & Math

Local-first cryptography. Empower AI agents to handle your life admin without ever exposing your keys.

Encryption Workflow Diagram

The architecture below shows how your master password is used to derive a local key and never leaves your device.

USER DEVICE (Local Execution)SECURE CLOUDMaster PasswordPBKDF2 Engine600,000 IterationsDerived 256-bit KeyRaw EssentialsAES-GCMEncryptionEncrypted Pouch

Whitepaper Summary

  • Key Derivation: We usePBKDF2 with600,000hashing iterations to resist brute-force attacks.
  • Zero-Knowledge Storage:Your Master Password is never transmitted to our servers and is used only for local key derivation.
  • Encryption Standard:All pouch items are protected withAES-256-GCMfor confidentiality and integrity.
  • Local-First Architecture:Encryption and decryption execute in browser memory; only ciphertext is stored remotely.