Deep dives on zero-knowledge cryptography, credential security, and building a security platform. No filler. No marketing.
When your server can’t read user data, every notification, invite, and alert requires a different mental model. A full audit of 64 call sites and 8 bugs that were quietly corrupting breach alerts, offboarding notifications, and MPA approvals — and the four patterns behind all of them.
Most password managers claim zero-knowledge. Few implement per-entry key derivation. Here’s the architectural decision that separates a real zero-knowledge vault from one that just claims to be — and what it means when a server is breached.
What actually needs to happen when an employee leaves — credential rotation, key revocation, audit trail closure, and vault key re-derivation. Most organisations get at least two of these wrong, and the consequences show up months later during an incident review.
When you suspect a breach, the first 15 minutes determine the outcome. The technical architecture behind instant org-wide session termination, canary trip wires, dead man’s switch, and guided recovery — and why most teams don’t have it until it’s too late.
Some actions are too consequential for one person to authorise. The full implementation of HexVault’s MPA system — database schema, quorum logic, vote tracking, auto-expiry, and the edge cases that break naive implementations.