Store and share your secrets safely by splitting them into cryptographically-secure pieces. To reconstruct the original, combine a specific number of these pieces. It's simple, secure, and free. Get started

Security Notice All computations are performed in your browser. Your secret and the computed shares are never transmitted back to our servers.

Notice The number of generated shares is less than the threshold and will not be enough to reconstruct the secret.

This is the SHA3-512 hash of your secret. It can be used to verify that a reconstruction matches the original secret.

Security Notice A cryptographically-strong random number generator was not found in your browser. Consider switching to a new browser. The computed shares will not be as secure as possible.

In simple mode, the secret is always considered to be text. In advanced mode, the secret can be a number in hexadecimal format. You can also generate a random secret in hexadecimal form using the "Generate" button.

Security Notice All computations are performed in your browser. Your shares and the reconstructed secret are never transmitted back to our servers.

This is the SHA3-512 hash of the reconstructed secret. This hash should match the hash of the original secret.

The hash of the reconstructed secret does not match the entered hash. This could be because:

About Pass Guardian

Configurable levels of confidentiality and reliability

Secret sharing is a method for distributing a secret among participants or locations. A secret can consist of any data; for example, a password, a message, an account number, an ecnryption key, missile launch codes, or a Bitcoin private key all represent highly sensitive and important secrets. Traditionally, when guarding highly sensitive information, one would have to choose between keeping a single copy of the secret in one location for maximum secrecy, or keeping multiple copies of the secret in different locations for greater reliability. By increasing storage locations or entrusted parties, reliability is increased at the expense of secrecy. Secret sharing addresses this problem by allowing arbitrarily high levels of confidentiality and reliability.

The process of splitting a secret results in a specified number of shares of the secret. Each share is a random number that by itself provides no information about the secret. The secret can be reconstructed only when a sufficient number (threshold) of shares are combined. During the splitting process, one can select the number of shares to create and the threshold needed to reconstruct the secret.

Note that during the reconstruction process, a reconstruction is computed for any number of shares. If the number of shares is less than the threshold, this reconstruction of the secret will be INCORRECT.

During the share-creation process in advanced mode, PassGuardian also computes a SHA3-512 cryptographic hash of the secret. This is a unique hash that can be used to verify the authenticity of any reconstructed secret, as the hash of the reconstruction should match the hash of the secret. The secret cannot be derived from the hash. Distribution of this hash is optional, and should only be used to aid in verifying data integrity.

A proven cryptographic algorithm

The secret sharing method that PassGuardian employs is based on Shamir's threshold secret sharing scheme, named after its discoverer Adi Shamir. His 1979 landmark paper, "How to Share a Secret" [PDF, 70kb], provides the background for this threshold sharing scheme. One of the most useful properties of Shamir's sharing scheme is that it is "information-theoretically secure" and "perfectly secure", in that less than the requisite number of shares provide no information about the secret (i.e. knowing less than the requisite number of shares is the same as knowing none of the shares).

Open-source, verifiable implementation

PassGuardian is built on secrets.js, an open-source implementation of Shamir's sharing scheme. While secrets.js permits Galois Fields up to 20 bits in size, PassGuardian uses an 8-bit binary finite field for computations. The share format is described at the secrets.js page.

Privacy and security

All computations are done in your browser. No secrets or secret shares are ever transmitted back to our servers. Once the PassGuardian page is loaded in your browser, it can be run offline. For maximum security, it is recommended that you perform computations offline.

Like most website operators, PassGuardian collects non-personally-identifying analytics information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. PassGuardian's purpose in collecting non-personally identifying information is to better understand how visitors use its website.

PassGuardian requires the availability of a cryptographically-strong pseudo-random number generator (CSPRNG) during the secret splitting phase only. If a strong PRNG is not found during run-time, PassGuardian will use the built-in Math.random(), which is NOT cryptographically secure. Consider upgrading to a newer browser that supports crypto.getRandomValues() to take advantage of the increased security that this PRNG provides.