Understanding how we protect your credentials doesn't require being an engineer. Here we explain, step by step, why Cleverpass is practically impossible to break.
From the moment you type your master password to when the encrypted file is saved, everything happens exclusively on your device.
It's the only password you need to remember. It is never stored anywhere — neither on your device, nor on our servers, nor on Google Drive. It only exists in your memory and temporarily in RAM during the derivation process.
Your master password is processed using PBKDF2 with SHA-256 for 320,000 iterations. This transforms your password into a 256-bit cryptographic key. The high number of iterations makes trying millions of candidate passwords by brute force cost hundreds of years of computation.
PBKDF2(masterPwd, salt, 320000, SHA-256) → 256-bit keyAlong with the password, a <strong>random salt</strong> unique to your vault is generated. This ensures that two users with the same master password obtain completely different cryptographic keys, eliminating rainbow table attacks.
salt = crypto.getRandomValues(32 bytes)The derived key encrypts all your passwords using AES-256, the same standard used by governments and banks. Each entry also uses a unique initialization vector (IV), so two identical passwords produce completely different ciphertexts.
AES-256-GCM(data, key, random_IV) → ciphertextEncrypted credentials are stored in a <strong>proprietary file system</strong> specifically designed for Cleverpass. This format is not a standard JSON or plain text file — it's structured to maximize security and optimize device synchronization without exposing sensitive metadata.
Cleverpass gives you total control: save only on your device or sync with your own Google Drive. In both cases, data <strong>always travels encrypted</strong>.
Your credentials live only on your device. No internet, no cloud, no third parties. Maximum absolute privacy.
Data syncs between your devices using your own personal Google Drive. Cleverpass never touches your data — it only acts as a bridge, and what reaches Google is already encrypted.
When you use multiple devices, Cleverpass keeps everything synchronized in real time — including complex situations like simultaneous edits.
Every change you make is automatically propagated to all your linked devices through your Google Drive. No manual delays or 'Sync Now' buttons — everything happens transparently.
If two devices modify the same credential at the same time, the system detects the conflict by analyzing the version metadata of each change. The resolution engine evaluates which version is most recent and, if ambiguous, applies a safe merge policy that preserves all changes without data loss.
Cleverpass's proprietary file system includes integrity checksums in every write operation. If a file on Drive is modified externally or suffers corruption, the system detects and rejects the synchronization, protecting your data integrity.
Cleverpass architecture is designed so that no single attack vector compromises your data.
Not just marketing — these are the concrete technical decisions that make Cleverpass exceptionally secure.
Each user has their own space on Google Drive. No shared database. A successful attack on one user leaks nothing from the rest.
Your vault lives in your own Google Drive or on your device. If Cleverpass closed tomorrow, your encrypted file would still be yours and accessible forever.
Cleverpass's file format is not standard. This adds an extra layer of security through obscurity — even knowing the encryption, the internal structure is unknown.
To compromise your vault you need two things at once: access to your Google Drive (or device) and your master password. Getting only one of the two is useless.
The minimum recommended standard is 100,000 iterations. Cleverpass uses 320,000 — more than 3 times the minimum — making dictionary attacks exponentially more expensive.
The cryptographic key is generated and used exclusively on your device. Neither Cleverpass nor Google ever sees it. There is no 'key server' that could be compromised.
Download Cleverpass and start protecting your passwords with the same level of encryption used by banks and governments.
Download apps free