Passcrow.org

Passcrow brings password reset functionality to strong encryption, without giving sensitive data to third parties.

Your sensitive, encrypted data stays on your devices, but fragments of a recovery key are placed in escrow with community-run servers, which only release the fragments once you have proven your identity.

Passcrow works like this:

1. Recovery is requested
2. The user receives one or more verification codes (e-mail, SMS, ...)
3. The codes are copied into the application
4. Access is granted and the user chooses a new password

This is intentionally similar to the password resets of mainstream cloud accounts. Familiarity is a feature!

Behind the scenes, Passcrow uses Shamir's Secret Sharing and AES encryption to safeguard user data and privacy.

Servers store recovery key fragments, releasing them only when you have verified your identity. The fragments and identities are strongly encrypted and the keys required to decrypt and initiate recovery live on your device.

Until you request recovery, you are completely anonymous.

Passcrow is primarily a tool for developers of encryption software, who are in need of methods to safely regain access when keys or passwords get lost.

Want to add recovery options to your project? Passcrow can help!

Technically savvy people who want to manage recovery themselves, are of course encouraged to do so as well!

Anyone can run a Passcrow server, but doing so for the general public implies a commitment to keeping the server online for a long time: years or even decades.

Currently, Mailpile is committed to running one such server, but it would be great if more organizations took part.

Please get in touch if you have ideas!

Passcrow is a Free and Open Source project, made possible by volunteers and donations from the Mailpile community.

You can examine the code and technical documentation on Github.

Maybe you can also help out? That would be nice.