To ensure the keys stored on the Locker servers can be used only by their owners, Locker applies the two-secret key derivation in symmetric key generation for encryption and decryption of data stored on the servers.

A cryptographic hash function is an algorithm that maps data of an arbitrary size to a bit array of a fixed size.

The Master Password is an important secret component in Locker’s Two-secret Key Derivation process, and is the only item a user needs to memorize for data encryption and decryption.

The other component of the Two-secret Key Derivation is the Encryption Keys, generated when a user registers a Locker account.

A system with End-To-End Encryption is a communication system in which all data can be read and modified only by the conversation participants.

Zero-Knowledge Proof is a method for one party (the prover) to prove to another party (the verifier) that a statement of the prover is true without telling the verifier that statement.

AES-256-CBC (Cipher Block Chaining), the algorithm used to encrypt Vault, is a standard cryptographic algorithm and is used by the US government and other government agencies worldwide.

The PBKDF2 (Password-based Key Derivation Function 2) SHA-256 algorithm is for generating Encryption Keys from a user’s Master Password.

An RSA key pair consists of a Private Key and a Public Key. The RSA algorithm is often used for digital signature verification and key exchange problems.

The secret data storage or Vault is where all encrypted data of users is stored on the Locker servers. All of the Vault data cannot be decrypted or read without the Vault owner’s Master Password.

A pseudorandom number generator (PRNG) is an algorithm for generating a sequence of numbers whose properties approximate those of a sequence of random numbers.