Does codebook password manager use zero-knowledge architecture?

Hi, Codebook user for years. I came across an article about white-hat hackers testing other PW Managers, and getting access to plaintext passwords even in those using “zero-knowledge architecture”.

So does Codebook use this architecture, and even if, would it stand up to the kid of attacks they are talking about?

thanks

Here’s the article i found Password Manager "Zero Knowledge" Claims Don't Hold Up, Researchers Find - State of Surveillance
and here’s their source, the actual tester-hackers Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Hi @sclwood

Thanks for using Codebook and posting to the discussion forum.

Yes, Codebook does use Zero-Knowledge architecture.

Codebook never stores your passwords or Codebook data in plaintext and we (Zetetic) have no access to your decrypted Codebook data or any of your encryption keys.

On your device

Your Codebook data is encrypted on your device using your chosen Codebook Master Password as key material. That Master Password is never available to us and not stored in your Codebook database.

When syncing

Your Codebook data is encrypted with your Codebook Sync Key when syncing. Your Codebook Sync Key is never available to us.

There’s more information about the security measures used in Codebook at these links:

Codebook Security Details: Codebook Help - Security Features
Codebook Cloud Security Details: Codebook Cloud - Frequently Asked Questions

Because of this architecture, it’s important to have a backup of your Codebook Sync Key and remember your Codebook Master Password. If they’re lost/forgotten, we have no way of recovering them or your Codebook data for you.

Backup Sync Key options: Codebook Help - Backup Your Sync Key

Let us know if you have any follow up questions.