Technology & Security

Safeinity employs industry-standard cryptographic techniques and mandatory server-side encryption to ensure your digital assets remain secure and protected.

AES-256 Encryption
Military-grade security
TOTP 2FA
Two-factor authentication
GCM File Encryption
Authenticated encryption
Core Principle

Server-Side Encryption Architecture

Files can optionally be encrypted using your brower - before Safeinity can even see them.
All sensitive data is encrypted with AES-256 before storage.
Passwords are hashed using industry-standard algorithms with unique salts per user.
Files use AES-256-GCM authenticated encryption with unique initialization vectors.
Application secrets are stored securely in AWS Secrets Manager.

AES-256 Encryption

Industry-standard symmetric encryption

All sensitive data is encrypted using AES-256 encryption with non-deterministic IV control for secure data storage and retrieval.

Algorithm: AES-256-GCM

Advanced Encryption Standard with 256-bit keys

Password Hashing: Industry-standard hashing algorithms

Unique salt per user, deterministic encryption for login validation

Implementation: Java Cryptography Architecture (JCA)

Server-side cryptographic operations via javax.crypto

User Encryption Keys: Master Encryption Key (MEK) per user

Each user has unique encryption keys with key versioning for enhanced security

Multi-Layer Security

Defense in depth approach

Multiple security layers ensure comprehensive protection against various attack vectors.

Transport Security: TLS 1.3

End-to-end encrypted communications

Server Security: Encrypted at Rest

Database-level encryption for stored ciphertext

Session Management: HttpOnly Cookies

Session timeout with secure cookie configuration

Attack Prevention: CSRF tokens on all forms

SQL injection prevention via parameterized queries, XSS protection via output encoding

Implemented

TOTP Two-Factor Authentication

Time-based One-Time Password (TOTP) implementation

Multi-factor authentication using TOTP (RFC 6238) with HMAC-SHA1, providing an additional layer of security for account access.

Technical Implementation:
  • Algorithm: HMAC-SHA1 (HOTP/TOTP)
  • Encoding: Base32 secret decoding
  • Code Length: 6-digit OTP
  • Time Window: 30-second intervals
  • Implementation: Java javax.crypto.Mac
Security Features:
  • Dynamic Truncation: RFC 4226 compliant
  • Counter-based: Time-synchronized generation
  • Backup Codes: Available for account recovery
  • Standard Compatible: Works with Google Authenticator, Authy
  • Server Validation: Encrypted secret storage
Cryptographic Innovation

Shamir's Secret Sharing (Secure Shared Keys)

Mathematical key splitting for distributed trust

Our implementation of Adi Shamir's secret sharing algorithm allows your master encryption key to be mathematically split into multiple shares, requiring a threshold number of shares to reconstruct the original key.

Technical Implementation:
  • Algorithm: Shamir's (t,n) threshold scheme
  • Field: Galois Field GF(2^256) operations
  • Polynomial: Random coefficients over finite field
  • Shares: Points on polynomial curve
  • Reconstruction: Lagrange interpolation
Security Properties:
  • Perfect Secrecy: t-1 shares reveal no information
  • Information Theoretic: Unconditionally secure
  • Threshold Control: Customizable quorum requirements
  • Share Independence: Each share is cryptographically unique
  • Fault Tolerance: System remains secure if shares are lost

Industry Standards & Best Practices

Safeinity leverages industry-leading infrastructure and follows security best practices to protect your digital assets.

Infrastructure Compliance:
  • AWS Infrastructure: SOC 2 Type II certified data centers and services
  • Document Storage: AWS S3 with AES-GCM encrypted files and access controls
  • Secrets Management: AWS Secrets Manager for secure credential storage
  • Payment Processing: Stripe PCI DSS Level 1 certified payment handling
  • DDoS Protection: Cloudflare Turnstile CAPTCHA and CDN services
Security Standards:
  • Encryption: AES-256-GCM encryption for data at rest with per-user keys
  • Transport Security: TLS 1.3 for data in transit
  • Authentication: TOTP-based two-factor authentication (RFC 6238)
  • Password Security: Industry-standard hashing with unique salts per user
  • Session Management: Secure session handling with HttpOnly cookies
  • CSRF Protection: One-time tokens on all state-changing operations
  • Input Validation: Parameterized queries, output encoding for XSS prevention

Security Through Design

Industry-standard cryptographic implementations

Safeinity uses well-established cryptographic libraries and algorithms including Java Cryptography Architecture (JCA), industry-standard encryption protocols, and proven authentication mechanisms to ensure your data remains secure.

Java Cryptography

Industry-standard javax.crypto implementation with AES-256 encryption

Non-deterministic Encryption

Each user has a unique key

Multi-Factor Authentication

TOTP-based 2FA with backup codes and multiple delivery methods

Our advanced cryptographic systems ensure your digital legacy remains secure while being accessible to your chosen beneficiaries when needed.

Your Data Remains Encrypted

All sensitive data is encrypted using AES-256 encryption before storage.
We implement strong cryptographic security ensuring your privacy is always protected.

View Privacy Policy
NOT AUTHORIZED
Contact Shane or Rodney.