Security

ARK-Journal entries are encrypted client-side before storage. The server stores ciphertext only. It does not hold the keys required to decrypt journal entries.

A Key Encryption Key (KEK) is derived from the user's recovery key using PBKDF2-SHA256 with 600,000 iterations. A random AES-GCM-256 Data Encryption Key (DEK) is generated client-side, wrapped with AES-KW using the KEK, and only the wrapped (encrypted) DEK is sent to the server. Raw keys are never transmitted.

Each entry is encrypted with a per-entry key derived via HKDF-SHA256 from the DEK. The full entry structure — blocks, formatting, images, tags, and mode — is encrypted as a single payload before storage.

Keys are not recoverable by Phronion. If a user loses their recovery key, their encrypted data cannot be decrypted. There is no password reset, no admin override, and no backdoor. This is by design.

Encrypted backup protects the DEK with a user-chosen PIN. The PIN is never sent to the server. The client derives an encryption key using Argon2id (time cost 3, memory 64 MB, parallelism 4) with a 16-byte random salt, then encrypts the DEK with AES-256-GCM before upload.

The server stores only the encrypted blob and KDF parameters. All decryption is performed client-side.

Restore attempts are rate-limited. After 10 failed attempts, the backup is locked for 30 minutes. This is designed to resist online guessing with rate limiting and lockouts, not to make brute force mathematically impossible.

Phronion does not store passwords. Authentication is delegated to established identity providers (Google and Microsoft) via OAuth 2.0 / OpenID Connect. Tokens are validated server-side against provider JWKS endpoints with RS256 signature verification.

Local authentication (username/password) is available as an alternative. Passwords are hashed with bcrypt. Failed login attempts are tracked per credential with automatic lockout after 10 failures (10-minute lockout window).

Admin access requires explicit role assignment. Platform administration endpoints are protected by role-based access controls enforced at the API layer.

Threshold-based anomaly detection runs inline with authentication and administrative operations. Alerts are triggered by patterns including brute-force attempts, unusual account creation rates, authentication failure spikes, and abnormal administrative activity.

When a threshold is breached, the system emits alerts through multiple channels: structured log entries, database persistence for post-incident review, Prometheus counters for dashboarding, and email notification to the security contact.

Governance actions (account disable, legal hold, encrypted export) generate email notifications with structured subjects and tamper-evident detail including SHA-256 hashes for exports.

All administrative actions are recorded in a write-only audit log with actor identity, action, target, and timestamp.

Phronion is designed to protect against:

• Server compromise revealing journal content
• Platform operator access to user content
• Credential stuffing and brute-force attacks
• Stripe webhook forgery or replay

Phronion is not designed to protect against:

• Compromise of your unlocked device
• Malicious browser extensions with content script access
• Screen recording or shoulder surfing
• Loss of the recovery key (no recovery mechanism exists by design)