.labyrinth file or click to browsePassphrase stretched with a random 256-bit PBKDF2 salt. 300k iterations resists GPU brute-force. Iteration count stored explicitly in bundle for future migration.
GPS coordinates rounded to chosen precision, combined with a random 16-byte geo-salt (stored in bundle), user-selected device fingerprint factors, and timezone. The geo-salt means even perfect coordinate knowledge yields zero information without the salt.
Password key and geo key concatenated and run through HKDF-SHA256 with domain separation. Neither factor alone can decrypt.
Filename, filesize, and precision hashed and passed as AES-GCM Additional Authenticated Data. Any metadata modification is detected — even a correct key rejects tampered metadata.
AES-256-GCM, random 96-bit IV, 128-bit auth tag. Raw buffer zeroed with fill(0) after encryption. Wrong password and wrong location produce identical generic rejection.
| Scenario | Status |
|---|---|
| Stolen ciphertext alone | ✓ Protected |
| Stolen password alone | ✓ Protected |
| File + password, wrong location | ✓ Protected |
| Offline coordinate brute-force | ✓ Geo-salt |
| Bundle metadata tampering | ✓ Detected (AAD) |
| Lock location from file | ✓ Not stored |
| Vector | Status |
|---|---|
| GPS spoof + geo-salt + coords | ⚠ Bundle required |
| Full device compromise (root) | ✗ Not covered |
| Browser memory forensics | ⚠ Mitigated |
| Adversary at same location | ⚠ Partial |
.labyrinth bundle contains: encrypted ciphertext · PBKDF2 salt · AES IV · random geo-salt · filename · filesize · timestamp · precision · device factor IDs (not values) · versioned crypto params. No coordinates, no timezone, no fingerprint values of any kind.
| Factor | Stability | Changed By | Rec. |
|---|---|---|---|
| User Agent | High | Browser major update | Always |
| Language | Very High | Manual change | Always |
| Platform | Medium | OS reinstall | Optional |
| CPU Cores | High | Hardware only | Optional |
| Screen Resolution | Low | Monitor, scaling | Avoid |