Zero-Knowledge Auth Across 7 Platforms

Evidence & Data Points

• Products that run across multiple platforms (web, desktop, mobile, extensions, plugins) typically implement authentication differently on each platform. Web uses session cookies, desktop uses stored tokens, extensions use OAuth, plugins use API keys. Each implementation has different security proper

Solution

The Solution: How anonym.legal Addresses This Argon2id Key Derivation All platforms use identical parameters: 64MB memory, 3 iterations, 1 parallelism, 16-byte salt, 32-byte output. HKDF-SHA256 derives two keys: Auth Key (sent to server) and Encryption Key (stays on device). The password never leaves the device on any platform. XChaCha20-Poly1305 AEAD All platforms use XChaCha20-Poly1305 for data-at-rest encryption with 256-bit keys and 24-byte random nonce per operation. The same cipher suite on web (libsodium.js WebAssembly), desktop (Rust native), Office Add-in (JavaScript), Chrome Extension (JavaScript), and LibreOffice (PyNaCl). 24-Word BIP39 Recovery All platforms use the same 24-word BIP39 recovery phrase (256-bit entropy). A recovery phrase generated on the web app works on the des

Try Free

Compliance Context

Compliance Mapping This architecture supports GDPR Article 32 (security of processing — consistent security across all access points), ISO 27001 Annex A.9 (access control — unified authentication policy), and simplifies security audits by requiring one protocol review instead of seven. anonym.legal's GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 hosting, provides documented technical measures organizations can reference in their compliance documentation.