Zeq Vault — Your Math Is Your Key
Zeq Vault is an equation-based password manager where your mathematical equation unlocks the vault. No master password, no cloud sync, no server — everything is encrypted and decrypted entirely in the browser using the Web Crypto API.
Overview
Traditional password managers require you to remember a master password. Zeq Vault replaces that with a master equation — a mathematical expression that you create and remember. The equation is evaluated at the HulyaPulse constants (x = 1.287, y = 0.777), and the result is used to derive an AES-256-GCM encryption key via PBKDF2.
Your equation is never transmitted to any server. The vault is stored as an encrypted blob in localStorage, making Zeq Vault a fully client-side, zero-knowledge password manager.
Launch: Open Zeq Vault
How It Works
Vault Creation
- Choose a master equation — e.g.,
x^3 + sin(y*pi) - 42.7 - Evaluation — The equation is evaluated at
x = 1.287,y = 0.777→ numerical result - Key derivation —
PBKDF2(result, random_salt, 100000, SHA-256)→ 256-bit AES key - Encryption — All vault entries are encrypted with
AES-256-GCMusing the derived key - Storage — The encrypted blob (with salt and IV) is stored in
localStorage
Unlocking
Enter your master equation → the vault re-derives the key and attempts decryption. If the equation is correct, the GCM authentication tag verifies successfully and the vault opens. A wrong equation produces a different key, and decryption fails with an authentication error — no data is leaked.
Encryption Details
| Parameter | Value |
|---|---|
| Algorithm | AES-256-GCM |
| Key Derivation | PBKDF2 (SHA-256, 100,000 iterations) |
| Salt | Random 16 bytes (generated per vault creation) |
| IV | Random 12 bytes (generated per encryption operation) |
| Authentication | GCM built-in 128-bit authentication tag |
| Key Length | 256 bits |
Key Features
- Equation-Based Master Key — Your mathematical equation replaces the master password. Infinite complexity, mathematically derived.
- Zero-Knowledge Architecture — Everything happens in the browser. No server, no cloud, no telemetry.
- AES-256-GCM Encryption — Military-grade authenticated encryption with PBKDF2 key derivation.
- Random Equation Generator — 5 complexity levels to help you create strong master equations.
- Password Generator — Built-in strong password generator for new entries.
- Password Strength Meter — Real-time strength analysis with entropy calculation.
- Search and Organize — Filter entries by name, URL, or tags.
- Import/Export — Export vault as encrypted JSON; import from other managers.
- Auto-Lock — Vault locks automatically after configurable idle timeout.
- Responsive Glassmorphic UI — Dark-themed, accessible interface optimized for desktop and mobile.
Random Equation Generator
Zeq Vault includes a random equation generator with 5 complexity levels:
| Level | Complexity | Example |
|---|---|---|
| 1 | Simple | x + 3 |
| 2 | Moderate | x^2 + sin(y) |
| 3 | Medium | sqrt(x) * cos(y*pi) + 7 |
| 4 | Complex | x^3 + sin(y*pi) - floor(e * phi) |
| 5 | Maximum | asin(x/2) * log(y + phi) + ceil(sqrt(pi)) - tan(x*y) |
Higher complexity equations produce more entropy in the derived key, but the PBKDF2 step ensures even simple equations produce cryptographically strong keys.
Vault Entry Structure
Each entry in the vault stores:
| Field | Description |
|---|---|
| Title | Display name (e.g., "GitHub") |
| Username | Account username or email |
| Password | Encrypted password |
| URL | Website URL (clickable) |
| Notes | Free-form encrypted notes |
| Tags | Categorization labels |
| Created | Timestamp of creation |
| Modified | Timestamp of last edit |
Architecture
┌────────────────────────────┐
│ Zeq Vault Client (SPA) │ Single HTML file
├────────────────────────────┤
│ Equation Parser │ Recursive descent (no eval)
├────────────────────────────┤
│ PBKDF2 Key Derivation │ Web Crypto API
├────────────────────────────┤
│ AES-256-GCM Encryption │ Web Crypto API
├────────────────────────────┤
│ localStorage │ Encrypted blob storage
└────────────────────────────┘
The entire application is a single HTML file with no external dependencies beyond Google Fonts. There is no server component — the vault is purely client-side.
Key Operators
| Operator | Formula | Role |
|---|---|---|
| VAULT-KDF | PBKDF2(equation_result, salt, 100000, SHA-256) | Key derivation |
| VAULT-ENC | AES-256-GCM(plaintext, derived_key, IV) | Entry encryption |
| VAULT-DEC | AES-256-GCM⁻¹(ciphertext, derived_key, IV) | Entry decryption |
| VAULT-PARSE | RecursiveDescent(equation, {x:1.287, y:0.777}) | Equation evaluation |
Running Zeq Vault
Via Nginx (Recommended)
http://localhost/apps/zeq-vault/
Standalone
Zeq Vault is a single index.html file — open it directly in any modern browser:
open apps/zeq-vault/index.html
No server, no build step, no dependencies.
Security Considerations
- Client-Side Only — No data leaves the browser. The equation and vault contents never touch a network.
- No
eval()— The equation parser is a safe recursive descent parser with a strict function whitelist. - PBKDF2 Hardening — 100,000 iterations make brute-force attacks on the derived key computationally expensive.
- GCM Authentication — The authentication tag prevents any modification of encrypted data without detection.
- Equation Complexity — Unlike passwords, equations can embed mathematical functions (sin, cos, sqrt, etc.), providing a richer keyspace.
Related Documentation
- Zeq Vault Security — Full security specification
- Equation Auth — The equation evaluation system shared with Zeq Auth
- HITE Encryption — Related AES-256-GCM encryption in the Zeq OS ecosystem