Skip to main content
Thanks to its Zero-Knowledge architecture, even if Locker’s servers are attacked, intruders cannot read your data.

How Locker protects your data

  1. Client-side encryption: All data is encrypted on your device before being sent to the server. The server only stores encrypted data.
  2. Master Password never leaves your device: The encryption key is generated from your Master Password on your device and is never sent to the server.
  3. AES-256-CBC encryption: The strongest encryption standard available today — it would take billions of years to crack using brute-force methods.
  4. PBKDF2 hashing: Your Master Password is hashed through multiple iterations before use, protecting against dictionary attacks and rainbow tables.

If the server is compromised

An attacker would only obtain encrypted data — essentially a meaningless string of characters. Without the Master Password, the data cannot be decrypted.