🛡
SafeWord
v3 · NextGen Authenticator · Beyond Google Auth

Create Vault

Set a strong master password to protect your accounts

Forgot password? Reset vault
🔑 SafeWord Mode1677× stronger than 6-digit OTP
🛡 FSOTP + RatchetPast theft ≠ Future codes
🔒 AES-256-GCMMilitary-grade encryption
⚡ PBKDF2×310KBrute-force resistant KDF
⏱ Live CountdownAnimated 30s timer per code
🌐 Zero Servers100% local & offline PWA
SafeWord
🛡 FSOTP — Forward-Secure OTP
Secret key চুরি হলেও পরবর্তী কোড জানা অসম্ভব!

কারণ: প্রতি ৩০ সেকেন্ডে key ratchet হয়
S_{t+1} = SHA-256(S_t ∥ R_t)

R_t = Server random — period শেষ না হওয়া পর্যন্ত গোপন।
এই R_t ছাড়া ভবিষ্যৎ কোড বের করতে 2²⁵⁶ চেষ্টা লাগবে।
🔒 AES-256-GCM · RFC 6238 TOTP + FSOTP + SafeWord · Tap code to copy
SafeWord = 1,677,721,600 combinations · 1677× stronger than Google Auth
🛡 FSOTP — Forward Secure Detail
FORWARD-SECURE ONE-TIME PASSWORD
--- ---
--s
30s
SafeWord Code (1677× stronger)
WORD · WORD · WORD · 00
⎘ Click to copy full SafeWord
Period Index
Key Ratchets
0
Current Key S_t (Fingerprint)
Current Period — Proof Chain
COMMITMENT = SHA-256(R_t) [PUBLIC]
REVEALED RANDOM R_t [NOW PUBLIC]
Next Period — Pre-Commitment
COMMITMENT = SHA-256(R_{t+1}) [PUBLIC]
🔒 R_{t+1} hidden — 2²⁵⁶ possibilities · Mathematically impossible to predict
Commitment Chain History
Why FSOTP is unbreakable even after key theft:
Current key S_t চুরি হলে → attacker জানে S_t
কিন্তু পরের OTP = HMAC(S_{t+1}, R_{t+1})
S_{t+1} = SHA-256(S_t ∥ R_t) → R_t ছাড়া impossible
R_{t+1} এখনও server-এ গোপন → গাণিতিকভাবে অসম্ভব!
❓ How SafeWord Works
📊 Security Comparison
SystemCombinationsKey Security
Google Auth (6-digit) 10⁶ = 1M Static key forever
Google Auth (8-digit) 10⁸ = 100M Static key forever
SafeWord (3 words + PIN) 256³×100 = 1.67B Static key
FSOTP + SafeWord ⭐ 1.67B per period Ratchet per 30s
🔑 TOTP — How It Works
Standard TOTP (RFC 6238) — Facebook, Google, GitHub সব ব্যবহার করে:

Counter = floor(UnixTime / 30) OTP = HMAC-SHA1(Secret, Counter) → 6 digits
ব্যবহার: যেকোনো সার্ভিসের 2FA-তে কাজ করে।
দুর্বলতা: Secret একবার চুরি হলে সব OTP কম্প্রোমাইজড।
🔤 SafeWord Mode — Word-Based OTP
SafeWord একই HMAC ব্যবহার করে কিন্তু 256-word dictionary থেকে কোড তৈরি করে:

HMAC-SHA256(Secret, Counter) → bytes Word1 = DICT[byte₄], Word2 = DICT[byte₅], Word3 = DICT[byte₆] PIN = byte₇ mod 100 → 2 digits Result: "STORM·CIPHER·NOVA·47"
সুবিধা:
✓ Shoulder-surfing কঠিন — digits মনে রাখা সহজ কিন্তু শব্দ লুকানো সহজ
✓ OCR/screenshot attack resist — শব্দ recognize করা কঠিন
✓ মানুষ মুখে বলে verify করতে পারে
✓ 1,677,721,600 combinations = Google Auth-এর 1677 গুণ
🛡 FSOTP — Forward Secrecy
Initialization:
S₀ = 256-bit random secret (encrypted in vault) R₀ = CSPRNG random (fresh each period) C₀ = SHA-256(R₀) = commitment (pre-published)
OTP Generation (period t):
msg = R_t ∥ period_counter OTP_t = HMAC-SHA256(S_t, msg) → 6 digits SafeWord_t = 3 words + PIN from same HMAC
Key Ratchet (every 30 seconds):
S_{t+1} = SHA-256(S_t ∥ R_t) ← one-way! R_{t+1} = new CSPRNG random ← server keeps secret
Forward Secrecy guarantee:
S_t চুরি হলেও → S_{t+1} জানতে R_t লাগবে
R_t period শেষে reveal হয় → কিন্তু R_{t+1} তখনও গোপন
∴ Future codes = গাণিতিকভাবে অসম্ভব! (2²⁵⁶ operations)
🔒 Vault Encryption
সব data সম্পূর্ণ locally encrypted:

Key = PBKDF2-SHA256(password, salt, 310,000 iterations) Stored = AES-256-GCM(key, accounts_json)
310,000 iterations — brute force = impractical
Random salt per vault — rainbow table useless
GCM mode — tampering detected automatically
Zero transmission — কোনো server নেই
WebCrypto API — browser native, no libraries
Add Account
Initialising camera…

কিছু service সরাসরি otpauth:// URI copy করতে দেয়। এখানে paste করুন।

⚙ Settings
Vault Status
Stored Accounts
0
Encryption
AES-256-GCM + PBKDF2-SHA256 × 310,000
✓ On
Data Transmission
Nothing sent to any server
✓ Zero
Security
Auto-lock Timeout
Seconds idle before locking
Change Master Password
Backup & Restore
Export Encrypted Backup
Saves as encrypted JSON — safe to store anywhere
Import Backup
Restore from encrypted JSON file
⚠ Danger Zone
Lock Vault
Wipe All Data
Delete vault and all accounts permanently
About SafeWord NextGen
TOTP Standard: RFC 6238 / RFC 4226
FSOTP: HMAC-SHA256 + Key Ratcheting + Commitment
SafeWord: 256-word dict · 1.67B combos · 1677× stronger
Vault Encryption: AES-256-GCM
Key Derivation: PBKDF2-SHA256 × 310,000
Random: crypto.getRandomValues (CSPRNG)
External: jsQR v1.4 (QR scanning only)
All crypto via WebCrypto API. Zero server transmission.
v3.0 · © Humayun Shariar Himu