Every piece of your collection data is encrypted on your device before it reaches our servers. We store only encrypted blobs — we cannot read your information. Only you can.
When you create your ArmoryHub account, you set a 6-digit PIN. This PIN is used to derive a unique encryption key using PBKDF2-SHA256 with 310,000 iterations. All your data — firearms, serial numbers, photos, documents, purchase prices — is encrypted with AES-256-GCM on your device before being sent to our servers. Your PIN and encryption key are never transmitted or stored in plaintext. The server only ever receives encrypted blobs.
Choose a 6-digit PIN during account setup. This derives your unique encryption key.
Every record is encrypted with AES-256-GCM on your device before upload. The server only receives encrypted blobs.
Sign in on another device, enter your PIN, and your encrypted data syncs and decrypts locally. The same PIN works across all your devices.
For users who want maximum protection, you can add a high-entropy passphrase that replaces the PIN-encrypted copy of your key on our servers with a passphrase-encrypted copy. Your daily PIN unlock is completely unaffected — the passphrase is only needed when setting up a new device, after signing out, or if your browser data is cleared.
Your data on our servers is protected by multiple layers — Supabase runs on AWS with encryption at rest, network isolation, and strict access controls. A full offline database breach is an extremely unlikely scenario. But even in that worst case, an attacker would need to crack the encryption on the copy of your key. Your PIN provides ~20 bits of entropy. A 6-word diceware passphrase provides ~78 bits — making brute-force computationally impossible with any known or foreseeable technology.
Time to exhaust all combinations in a worst-case full offline breach scenario:
| Attacker resources | PIN (~20 bits) | 6-word passphrase (~78 bits) |
|---|---|---|
| Single high-end GPU | ~1 minute | ~1 trillion years |
| 10,000 GPUs | < 1 second | ~100 billion years |
| 1,000,000 GPUs (nation-state) | < 1 second | ~1 billion years |
| Age of the universe: 13.8 billion years. PIN times assume PBKDF2 at 310k iterations; passphrase at 600k. | ||
Both your PIN and your passphrase are non-recoverable — ArmoryHub cannot decrypt your data under any circumstances. Your PIN is easy to remember but has limited entropy. A passphrase provides dramatically higher entropy but should be stored securely — in a password manager, a locked drawer, or a fireproof safe. If you forget your passphrase and lose access to all your devices, your data is permanently and irreversibly lost.
Even without a passphrase, online brute-force attacks against your PIN are impractical. Before an attacker can attempt to guess your PIN, they must know your email, your account password, and have access to an authenticated session. Failed attempts then trigger progressive server-side lockouts:
3 attempts
30 seconds
5 attempts
2 minutes
7 attempts
5 minutes
10 attempts
15 minutes
15 attempts
30 minutes
20+ attempts
1 hour
With rate limiting, brute-forcing a 6-digit PIN online takes ~57 years on average — and that's assuming the attacker already has your email, password, and session access. PIN and passphrase attempts use separate lockout counters.
Your PIN derives your encryption key. We cannot recover your data if you forget it. This is what makes zero-knowledge encryption secure — there is no backdoor, not even for us. Write down your PIN and store it safely.
Sign in on any device — web browser, iPhone, iPad, or Mac — and enter your PIN. Your encrypted data syncs from the cloud and decrypts locally. The same PIN works across all your devices. If you have passphrase hardening enabled, new devices will ask for your passphrase first, then your PIN.
Encryption
AES-256-GCM
Architecture
Zero-knowledge, client-side
PIN Key Derivation
PBKDF2-SHA256, 310,000 iterations
Passphrase Key Derivation
PBKDF2-SHA256, 600,000 iterations
Infrastructure
Supabase on AWS
Rate Limiting
Separate counters for PIN & passphrase
PIN Entropy
~20 bits (~57 years online brute force)
Passphrase Entropy
~78 bits (~1 trillion years per GPU)
No. Your PIN and passphrase are never transmitted to our servers — they are only used locally to derive your encryption key. This is a security feature, not a limitation. If you forget your PIN or passphrase and lose access to all devices, your data cannot be recovered by anyone, including us.
The optional passphrase feature replaces the PIN-encrypted copy of your key on our servers with one encrypted by a high-entropy passphrase. It protects against the extremely unlikely scenario of a full offline database breach. For most users, PIN protection with server-side rate limiting is more than sufficient. Enable it if you want the highest possible security and are prepared to securely store a passphrase.
No. Your daily PIN unlock is completely unaffected. The passphrase is only needed when setting up a new device, after signing out, after clearing browser data, or when your authentication session expires.
If you still have a device that is logged in and you know your PIN, you can continue to access your data — the master key is encrypted locally with your PIN. However, you cannot change or disable the passphrase without entering the current one. Eventually your session on that device will expire, and without the passphrase you will be unable to re-authenticate. At that point, your data is permanently lost.
When you set up a new device, you enter your passphrase first (to decrypt the master key from the cloud), then your PIN (same PIN as your other devices). After that, the new device works with just your PIN. The passphrase is only needed once per device during initial setup.
We recommend a diceware passphrase — at least 6 random, unrelated words joined together without spaces (e.g., anvilmangocliffrhythmpedalember). This provides roughly 78 bits of entropy while being easy to write down and less prone to typos than complex passwords. Store it in a password manager, a locked drawer, or a fireproof safe.