ProtonBlog(new window)

The Proton Pass security model

Share this page

Proton Pass is an end-to-end encrypted(new window) password manager based on the same well-tested encryption that secures the rest of the Proton ecosystem. Proton Pass is unique in that it was designed from the ground up to have a strong focus on privacy and security. It therefore has a more complete encryption model than most other password managers.

Read more about the launch of Proton Pass beta(new window)

Proton Pass doesn’t just encrypt the password field but applies end-to-end encryption to all fields, including usernames, web addresses, and all data contained in the encrypted notes section. 

This means Proton Pass prevents anyone, including Proton itself, from knowing which online services you subscribe to or have accounts with. This information, much like your emails or your browsing history, can reveal a lot about you and must be protected if you want to maintain your privacy.

The design of Proton Pass uses end-to-end encryption, guaranteeing that all cryptographic operations, including key generation and data encryption, are performed locally on your device. This means that your unencrypted data cannot be accessed by Proton or shared with any third parties. Proton servers never have access to your unencrypted keys, data, or credentials, including your Proton Account password.

Data model

Proton Pass enables you to store various types of information securely, including:

  • Credentials: You can store access credentials to websites or apps, which may include a username or email, a password, and a second-factor authentication code (TOTP).
  • Notes: You can securely store any information that doesn’t fit in a credential field in this free-form text field, including license numbers, codes, or simple text notes.
  • Aliases: You can also create email aliases with Proton Pass. This feature enables you to create randomly generated email addresses that you can use in place of your real email addresses for online accounts. This makes it easy to shut down an alias that’s linked to a service that’s breached or begins sending you spam without affecting your other accounts. 

Proton Pass stores all these items within a secure vault. Vaults provide a convenient way for you to organize and (in the future) securely share your data. 

Encryption model

Proton Pass takes a comprehensive approach to ensuring maximum security and privacy for all user data. All cryptographic operations occur locally on your device, and any data transmitted to the server is always encrypted. Proton never has access to the plaintext keys required to decrypt user data, making it impossible for Proton to decrypt stored data, even if requested by third parties.

Proton Pass also benefits from the same advanced encryption we utilize for authentication in Proton Mail. This includes using a hardened version of the Secure Remote Password (SRP) protocol that offers stronger security guarantees against man-in-the-middle (MITM) attacks. Our implementation means that even an attacker who can arbitrarily read, modify, delay, destroy, repeat, or fabricate messages between Proton and a user in an undetectable fashion is limited to checking only a single password guess per login attempt, which is equivalent to just trying to log in directly. This way, even if Proton is compromised and acts maliciously, password-equivalent information is never revealed. 

Read more about Proton’s authentication encryption(new window) 

Vault encryption

Each Proton Pass user has an asymmetric user key. Proton Pass encrypts this user key as follows:

  • Accounts that use a single account password: Proton Pass encrypts the user key with a bcrypt hash of the account password and the account salt.
  • Accounts that use our multiple account passwords feature: Proton Pass encrypts the user key with a bcrypt hash of the key password and the account salt.

The user key is used to open all shares you can access, meaning it must be secured. The bcrypt password hashing implementation used by Proton Pass is more robust and secure than PBKDF2, which has led to breaches in other password managers.

When you create a vault, Proton Pass generates a 32-byte random vault key. This key is encrypted and signed with your user key, ensuring only you can decrypt the vault key and nobody (not even Proton) can read or create new vault keys. If several users have access to the same vault, Proton Pass will encrypt the vault key with each user’s public user key. This makes it easy to securely share access to vaults.

Once you have access to the vault key, all items in Proton Pass are encrypted using 256-bit AES-GCM.

Item encryption

Each vault can contain multiple items, such as logins, notes, and aliases. When you create a new item, Proton Pass generates a 32-byte random item key. Proton Pass encrypts that item using the newly generated item key, which itself is then encrypted with your vault key. Both the item key and the item data are encrypted using 256-bit AES-GCM.

Whenever you update an item, Proton Pass encrypts the new data using the previously generated corresponding item key. By using individual item keys for each item, Proton Pass lets you share specific items with other users without sharing the vault key, allowing for more fine-tuned access control. 

This approach enables Proton Pass to respect the security principle of least privilege by providing the minimum number of cryptographic keys necessary to access only the data shared.

Sharing

The Proton ecosystem already has open-source, publicly audited, and battle-tested secure sharing encryption models for Proton Drive and Proton Calendar, and we’ve leveraged this experience to design Proton Pass. The Proton Pass encryption model enables you to share your vaults with others, and we plan on adding more sophisticated sharing functionalities as Proton Pass evolves. Currently, you must be a vault administrator to share your vault keys. 

Sharing encrypted information requires sharing and distributing public keys, which creates the potential for man-in-the-middle (MITM) attacks, specifically the distribution of fake public keys. In addition to user keys, each Proton user has one or more address keys for each email address associated with their account. This address key is a public key linked to a verifiable identity and published in Proton’s Key Transparency system, ensuring they can’t be maliciously modified by an attacker. We’ll share more information about Proton’s Key Transparency system in the future.

If you’re the vault administrator, you can share your vault key and Proton Pass will encrypt it with your recipient’s address key, ensuring only they can access it.

After your intended recipient receives your encrypted vault key, they will validate its signature using your address key. This step verifies that the invitation legitimately came from you. Once the signature has been validated, Proton Pass will encrypt the vault key using your recipient’s user key and store it securely.

Conclusion

Like all Proton services, Proton Pass will be open source upon release. Anyone will be able to consult the source code to verify our security model. As with our other services, Proton Pass will also undergo regular independent security audits and these audit reports will be shared publicly as soon as they are available. 

Finally, for interested security researchers, Proton Pass is eligible for Proton’s Bug Bounty program(new window) that offers awards of up to $10,000 for the discovery of bugs in Proton’s software. 

This work was conducted by Adrià Casajús, Son Nguyen Kim, Carlos Quintana, Daniel Huigens, and Lara Bruseghini from the Proton identity and cryptography teams.

Protect your privacy with Proton
Create a free account

Share this page

Adrià Casajús(new window)

Adri is a senior engineering manager on the Proton Pass team who is passionate about privacy and open source. Before joining Proton, he spent multiple years working for CERN, designing and building distributed computing systems to accelerate research and innovation.

Related articles

Most of us probably wouldn’t consent to sharing photos of our family and friends with random strangers on the internet. But that’s exactly what we do when we automatically sync our pictures to the non-private servers of Big Tech companies, which can
Google Drive is the world’s most popular cloud storage service by far, with over 3 billion people using Google Workspace (which includes Google Drive, Google Calendar, Gmail, and more). But this ubiquity has recently caused concern following several
Your passwords are some of your most sensitive personal information. They’re the keys that allow you to access your online accounts, be it your cloud storage, email inbox, or banking accounts. Proton Pass helps millions of people safeguard their pass
In recent months, we’ve brought a lot of big additions to the Proton ecosystem, such as Proton VPN for Business, Proton Sentinel, Password Sharing in Proton Pass, and Proton Drive photo backups in beta. By comparison, we haven’t said a lot about Prot
Most email addresses use the default domain provided by their email service. For Proton Mail accounts, it’s proton.me. For Gmail, it’s gmail.com. These are usually free and work just fine for most people. But there are situations where it makes sens
Proton Drive MacOS launch
Cloud storage is a critical piece of our mission to build an internet that protects your privacy and secures your data. It’s where you keep your most sensitive files, from personal photos to identity documents. Unfortunately, the leading cloud storag