Every password manager claims to be secure, but the real test is how they derive your encryption keys. At Zero Lock, we utilize PBKDF2 (Password-Based Key Derivation Function 2) with a specific, high-intensity configuration.
The 100,000 Iteration Standard
Standard hashing is fast—too fast. Modern GPUs can guess millions of passwords per second if the hash isn't "hardened." By using 100,000 iterations, we force the computer to perform a complex mathematical operation 100,000 times for every single login attempt.
The UX/Security Balance
While this process takes a fraction of a second for a human, it creates a massive "computational tax" for hackers. A brute-force attack that might have taken days now takes centuries.
We combine this with a unique salt based on your UID, ensuring that no two keys are ever the same, even if two users share the same master password.