Architecture
6 min read
Why offline-first password managers beat cloud alternatives
Cloud syncing introduces an attack surface that simply doesn't need to exist. A full breakdown of the trade-offs.
Read more100% Offline · Open Source · Free Forever
Uncompromising Security.
Absolute Privacy.
The offline-first digital vault that keeps your passwords, cards, and identity strictly on your device. No cloud. No breach risk. No compromise.
A
B
C
D
Everything you need.Nothing you don't.
Purpose-built for people who refuse to compromise on security.
Military-Grade AES-256 Encryption
Every byte is encrypted before it touches storage. NeuroKey uses AES-256 with a PBKDF2-derived key (5,000 iterations) bound to your biometrics. No server holds your key. Ever.
vault/crypto.ts
// Derive 256-bit key via PBKDF2 (5,000 iterations) const aesKey = await crypto.subtle.deriveKey({ name: "PBKDF2", salt, iterations: 5_000 }, ...); const ciphertext = await crypto.subtle.encrypt({ name: "AES", iv }, key, data); // ✓ zero network calls
Biometric Lockdown
Unlock with Face ID, fingerprint, or your Master Password fallback. Your biometric handle stays in the Secure Enclave — NeuroKey never sees it.
Face IDTouch ID
Zero Cloud Sync. Zero Risk.
Your data lives only on your device. A server that can't be breached won't be.
Breach Radar
Checks passwords against known breaches using thek-anonymity model— only the first 5 characters of a SHA-1 hash ever leave your device. Your actual password ismathematically impossible to derivefrom what's transmitted.
Monitoring Active
Security Architecture
Built differently.Built safely.
No shortcuts. NeuroKey uses Native Hardware Cryptography directly — the same primitives trusted by banks and governments.
PBKDF2 (5k iterations) — Makes brute-force ~3 billion× harder
AES-256 — Authenticated encryption — detects tampering
Secure Enclave binding — Key derivation anchored to biometrics
Zero network calls — Fully offline encryption and decryption
vault/encryption.ts
// ① Require Biometrics to unlock Hardware Secure Module const masterKey = await SecureStore.getItemAsync("ENCRYPTED_VAULT_KEY", { requireAuthentication: true, authenticationPrompt: "Unlock NeuroKey Vault" }); // ② Decrypt Vault Data locally via AES-256 const decryptedVault = AES.decrypt(encryptedBlob, masterKey); // ✓ Data never leaves the device's memory
Learn about Cybersecurity
Deep dives into the cryptography and architecture that keeps your data safe.
Cryptography
8 min read
The math behind AES-256: Why it can't be cracked
2²⁵⁶ possible keys. At a trillion guesses per second, that's longer than the age of the universe. Here's the full picture.
Read morePasswords
5 min read
Password vs Passphrase: What the data says
Passphrases are 2× more memorable and exponentially harder to crack. The research is conclusive.
Read moreFrequently asked questions
Everything you need to know before you trust us with your trust.
Join the waitlist — free forever
Take back control of your digital identity.
Be first to hear about updates, security audits, and new features. No spam — only signal.
Ordownload the APK directly— no signup needed.