Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal International Journal Software Engineering and Computer Science (IJSECS)
Darmawan, R. Krisviarno
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Implementation of Zero-Knowledge Encryption in a Web-Based Password Manager Darmawan, R. Krisviarno; Cahyono, Ariya Dwika
International Journal Software Engineering and Computer Science (IJSECS) Vol. 5 No. 2 (2025): AUGUST 2025
Publisher : Lembaga Komunitas Informasi Teknologi Aceh (KITA)

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.35870/ijsecs.v5i2.4207

Abstract

-The secure management of account credentials presents a considerable challenge in the digital era, as many users continue to engage in unsafe practices such as password reuse. Conventional password managers typically store encrypted data on servers, which introduces risks if those servers are compromised. This study develops a web-based password manager that implements Zero-Knowledge Encryption (ZKE), ensuring that all essential cryptographic operations are executed exclusively on the client side (browser). Employing a client-server architecture (React frontend, Python/FastAPI backend), the system derives encryption keys from the user’s master password using Argon2id (4 iterations, 64 MB memory, 1 parallelism), and performs credential data encryption and decryption with AES-GCM entirely on the client side. The server is limited to receiving and storing encrypted data (verifier, salt, data blobs), without ever accessing the master password or plaintext credentials. Network payload analysis conducted with Chrome DevTools confirms that the ZKE implementation effectively prevents the exposure of sensitive data to the server. This approach substantially improves data privacy and security against server-side threats. Nevertheless, the ZKE model lacks an account recovery feature, placing full responsibility on users to protect their master passwords—a trade-off that underscores the need for further investigation into ZKE-compatible recovery mechanisms.
Co-Authors Ariya Dwika Cahyono