Security

We don't ask you to trust us.

Below is a summary of how SlothBox enforces its trust guarantees. The canonical documents — threat model, full crypto details, runbook — live in the repository so they version with the code.

Cryptography

XChaCha20-Poly1305 IETF for symmetric AEAD. BLAKE2b-256 for key fingerprints. Argon2id for password-protected shares (v0.5+). All primitives are direct calls into libsodium — no custom logic, no hand-rolled MAC, no key stretching outside vetted defaults.

CRYPTO.md

Threat model

We protect content confidentiality from the SlothBox operator and from network observers. We do not protect against an endpoint compromise (sender or recipient). We document explicit non-goals so you can decide whether the model fits your use case.

THREAT_MODEL.md

Verifiable architecture

Every container, every config, every cryptographic call lives in one repo under MIT. `docker compose up -d` brings the entire production stack online on your machine. v1.0 ships an offline `slothbox-verify` CLI you can audit independently.

Source on GitHub ARCHITECTURE.md

Audit roadmap

v0.1.0-alpha — internal review only. v1.0 — independent cryptographer review + third-party application pen test, with reports published under /audits/. We will not soften this milestone to ship faster.

SECURITY.md MILESTONES.md

Reporting a vulnerability

Email security@philipsloth.com. PGP key fingerprint and disclosure window are documented in SECURITY.md. v0.1 has no bug bounty; v1.0 will, scope-limited.