Memory-hard KDF
output = 256-bit key
resistance = GPU & ASIC
class = memory-hard
GPU and ASIC-resistant key derivation — brute-forcing your seed phrase is computationally infeasible.
Security & Trust
Security is not a feature. It's the foundation.
Selvum is built on the principle that the best way to protect your data is to never touch it in the first place.
2^132
Possible seed combinations
0
Selvum servers storing your data
THREAT MODEL
What Selvum protects you from.
What Selvum protects you from.
And what it doesn't.
Honest security means defining the boundaries clearly.
Protected against
Cloud breaches
There are no Selvum servers to breach. Your vault never leaves your device.
Network attacks
Selvum is 100% offline. No data in transit means no interception possible.
Provider access
Zero-knowledge is real here. We cannot access your vault. Not even with a court order.
Weak encryption
AES-256-GCM with strong key derivation (memory-hard, GPU-resistant). Modern cryptographic standards, widely audited and used in high-security systems.
Out of scope
Compromised device
If your device is rooted or has malware, no password manager can fully protect you. Selvum detects and warns you.
Lost seed phrase
Your 12 words are your only key. If you lose them, no one can recover your vault. This is by design.
Physical coercion
If someone forces you to unlock the app, that is outside the technical threat model of any password manager.
Device theft while unlocked
Selvum auto-locks after inactivity. Always lock your phone screen.
CRYPTOGRAPHY
KEY DERIVATION
ENCRYPTION
SEED PHRASE
The math behind your security.
AES-256-GCM
key_size = 256 bits
nonce = random per operation
auth_tag = 128 bits
mode = authenticated
Authenticated encryption. Detects any tampering with the vault file.
BIP-39 Standard
wordlist = 2,048 words
words = 12
combinations = 2^132
entropy = 128 bits
The same standard securing billions in cryptocurrency. Computationally unbreakable.
OPEN SPECIFICATION
The .sv file format is fully documented.
You don't have to trust us. You can verify the format yourself.
// Selvum Vault Format v1.0
// Every .sv file follows this structure:
// Without the 12-word seed phrase,
// decryption is computationally impossible.
// Every .sv file follows this structure:
[4 bytes]
Magic:
0x53 0x45 0x4C 0x56 // "SELV"
[2 bytes]
Version:
0x00 0x01 // v1.0
[1 byte ]
Flags:
reserved
[16 bytes]
Salt:
KDF salt (random)
[12 bytes]
Nonce:
AES-GCM nonce (random per save)
[4 bytes]
Length:
payload size (big-endian uint32)
[N bytes]
Payload:
AES-256-GCM ciphertext
[16 bytes]
Tag:
GCM authentication tag
// Decrypted payload is valid JSON.
// Without the 12-word seed phrase,
// decryption is computationally impossible.
VERIFICATION KIT
Verify it yourself.
A real vault. Known seed. Decrypt it yourself.
Download this example Recovery Kit generated with real data. Open RESCATE_OFFLINE.html in any browser — no internet, no app needed — and enter the 12 words below. You will see the decrypted entries. This is exactly how your vault works.
01index
02rug
03subway
04raccoon
05space
06pole
07glow
08nephew
09bulk
10possible
11iron
12canoe
DESIGN DECISIONS
By design
By design
By design
Intentional
Every security decision has a reason.
Why no cloud sync?
Any server storing encrypted vaults is a target. By eliminating servers entirely, we eliminate the entire attack surface.
Why do the same 12 words decrypt both the app and the Recovery Kit?
The BIP-39 seed phrase is the only master key to your vault. Both the app and RESCATE_OFFLINE.html use a memory-hard KDF to derive the encryption key from those 12 words. This guarantees that the Recovery Kit works without needing to remember any additional password — only the words you already have on paper.
Why no seed phrase verification test?
Any system that knows the correct seed phrase is a system that stores it. We verify nothing — which means we store nothing. Your seed exists only on paper.
How does Selvum protect the clipboard?
Selvum marks all copied content as sensitive so it is hidden from clipboard history and cannot be read by other apps.
IMPLEMENTATION
What we've implemented.
What we've implemented.
Nothing hidden.
AES-256-GCM authenticated encryption
Auto-lock on background
Strong key derivation (memory-hard, GPU-resistant)
Android cloud backup disabled
Random nonce per save operation
iOS iCloud backup excluded
Screenshot prevention (FLAG_SECURE)
Root/jailbreak detection
Clipboard protected — content hidden from clipboard history
Zero network permissions
Biometric authentication via device OS
Zero analytics or telemetry
Publicly documented vault format
© 2026 — Selvum