Security

Safeparts removes single points of failure. It does not make storage and distribution decisions for you.

Threat model (what to assume)

• If an attacker gets k shares, they can reconstruct the secret.
• If an attacker gets fewer than k shares, they learn nothing useful.
• If you lose too many shares (fewer than k remain), recovery is impossible.

Caution

Treat shares like the secret itself. Don’t paste them into chat, tickets, logs, or screenshots.

Storage rules

1. Separate failure modes: different people, devices, and locations.
2. Avoid co-location: two shares in the same safe is one compromise away from disclosure.
3. Avoid centralization: a shared drive holding multiple shares defeats the point.
4. Keep a contact/runbook: who holds each share, and what to do if someone is unavailable.
5. Practice recovery periodically.

Passphrases (optional)

Safeparts can encrypt the secret before splitting it. With a passphrase, an attacker needs both:

• at least k shares, and
• the passphrase.

Note

Passphrases do not replace share separation. They add a second requirement, but the storage plan is still the security boundary.

Web UI privacy boundary

The web UI runs split/combine entirely in your browser via WASM (no backend required). Your secret is not uploaded unless you choose to copy/paste it somewhere else or deploy a modified build.

Build output

When deploying the web UI yourself, publish web/dist/.

Note

For a deeper technical view of Safeparts’ crypto choices and operational procedures, see Technical design.