Security posture

Built so we can't betray you.

AWOL's threat model assumes our servers are hostile and our employees can be subpoenaed. Every design choice flows from there.

SECURITY.md ↗ Source on GitHub ↗

Four principles

What 'self-custodial' actually means here.

#![forbid(unsafe_code)]

Every crate in the AWOL core forbids unsafe Rust at the compiler level. No raw pointers, no FFI tricks, no exceptions.

No I/O in core

Cryptographic primitives live in pure crates. Networking, storage, and time are pushed to the edges where they can be audited.

Zero-on-drop secrets

Every type that holds key material zeroizes its buffer when it goes out of scope — even on panic.

Client-side only

Keys are derived, stored, and used on your device. They never reach a server we control, in any form, ever.

The primitives

Battle-tested cryptography, no novel constructions.

Argon2id Password → device key (memory-hard KDF)

XChaCha20-Poly1305 Authenticated encryption for every drive chunk and the vault itself

BIP-39 / BIP-32 / SLIP-10 Deterministic key derivation across Secp256k1 and Ed25519

Reed-Solomon (10, 30) Erasure coding for drive shards — 99.99% durability target

What we can't do

Even if we wanted to.

🔒

Read your files

Drive chunks are ciphertext before they leave your device. The keys never touch our servers.

∞

Freeze your funds

AWOL never has custody. Every transaction signs locally with your seed.

🪪

Take your username

Names are ERC-721s in your wallet. We don't own the contract's admin keys; nobody does.

Disclosure

Found something? Tell us.

Responsible disclosure to [email protected]. PGP key and scope published in SECURITY.md. We acknowledge in 48 h; we publish a fix and credit you when it ships.