# "If you want to keep a secret, you must also hide it from yourself." I've spent 20 years building backup and data protection systems — the kind organizations rely on when everything else has failed. I've seen what happens when people trust someone else to hold their critical data. The pattern is always the same: the math was fine, the architecture was wrong. Password managers have a version of this problem that nobody wants to say out loud. --- ## "Zero-knowledge" is a legal term, not a security property Every major password manager claims zero-knowledge. One of the largest did too — until 2022, when attackers stole their entire vault database. Four years later, researchers are still tracing active crypto theft back to that breach. Accounts are still being drained. The encryption worked exactly as designed. That wasn't the failure. The failure was that tens of millions of encrypted blobs were in one place, and once stolen, the attackers had unlimited time to crack them offline. The industry's response has been to increase iteration counts — more rounds of hashing to slow down guessing. The current recommendation is 600,000, and probably next year a million. But that's the wrong solution to the right problem. Hardware gets faster every year. What takes a month today takes a week next year. Iteration counts are a rearguard action against an attacker who has already won. The correct answer isn't to make the vault harder to crack — it's to make the vault worthless to steal. This isn't a problem specific to one provider. It's structural. Whoever holds the largest encrypted vault database is the highest-value target. Those conditions exist at every SaaS password manager operating today. The only question is timing. --- ## The incumbents can't fix this without destroying their business The enterprise players need server authority — their admin controls, visibility features, and AI integrations require it. The cloud providers have revenue to protect; seamless self-hosting cannibalizes it. The breached provider is still running the same architecture. They are all trapped. Not by laziness — by their business models. --- ## What actually prevents the attack There's one architectural principle that makes the stolen-blob attack impossible: the decryption key never touches the server. If you breach the server, you get ciphertext that cannot be read without something that was never there. That's not a difficult concept. It's just a difficult business model to build around — unless you start from scratch. --- ## vault1984 So I built it. Self-hosted, open source, one Docker command. If someone breaches a vault1984 instance, they get ciphertext. That's it. "Breach us. You'll get nothing" isn't a marketing line — it's a description of the math. The name is the thesis. And the design follows from a single principle: if you want to keep a secret, you must also hide it from yourself. [GitHub link] *Happy to go deep on the threat model, or why the SaaS password manager category has a structural problem that can't be fixed incrementally.*