What is AES-256-GCM encryption?

AES-256-GCM is a symmetric encryption algorithm that uses 256-bit keys with Galois/Counter Mode. It provides both confidentiality (data is unreadable) and authentication (data hasn't been tampered with). It's used by governments, banks, and security-critical applications worldwide.

What is PBKDF2 key derivation?

PBKDF2 (Password-Based Key Derivation Function 2) transforms a password into a cryptographically strong encryption key by running it through a hash function hundreds of thousands of times. This key stretching makes brute-force attacks computationally impractical.

What does zero-knowledge encryption mean?

Zero-knowledge encryption means the service provider cannot access your data. In Dash, encryption happens entirely on your device, your password never leaves your device, and no server ever sees your plaintext data. Even the app developer cannot read your encrypted notes.

Can I recover my notes if I forget the password?

No. Since Dash uses zero-knowledge encryption, there is no password recovery mechanism. Your password never leaves your device and is never stored. This is a feature, not a limitation — it means nobody can reset or bypass your encryption.

Is AES-256 encryption secure enough?

AES-256 provides 2^256 possible key combinations, making brute-force attacks impossible with current or foreseeable technology. It has decades of cryptanalysis with no practical attacks found and is recommended by NIST and the NSA for TOP SECRET classified information.

Dash

Encryption Guide

What Is AES-256 Encryption?

Learn how encryption works and how Dash uses AES-256-GCM, PBKDF2 key derivation, and zero-knowledge architecture to keep your notes private.

Learn how it works

No account needed

Works offline

AES-256 encrypted

Encryption Guide

Plaintext

Readable content

AES-256

PBKDF2 derived key

Ciphertext

a7f3e2b1...

9c4d8f6e...

2b1a7f3e...

Encrypted

What Is Encryption?

Encryption transforms readable data into unreadable ciphertext. Only someone with the correct key can reverse the process.

Symmetric Encryption

Same key encrypts and decrypts. Faster, used for data at rest. AES and ChaCha20 are examples.

Asymmetric Encryption

Uses public + private key pair. Slower, used for key exchange. RSA and ECDSA are examples.

Why AES-256-GCM?

Proven security with decades of cryptanalysis. Hardware-accelerated. Provides both confidentiality and authentication.

PBKDF2 Key Derivation

Your password alone is not an encryption key. Key stretching transforms it into one that's cryptographically strong.

Password to Key

Your password cannot be used directly as an encryption key. PBKDF2 transforms it into a cryptographically strong 256-bit key.

600,000 Iterations

Each iteration makes key derivation slower intentionally. A legitimate user waits milliseconds; an attacker trying billions of guesses waits years.

Unique Salt Per Page

Each encrypted page gets a random 128-bit salt, preventing rainbow table attacks and ensuring identical passwords produce different keys.

SHA-256 Hash Function

PBKDF2 uses SHA-256 as its underlying hash function, a NIST-approved standard used across security-critical applications.

WebCrypto API

Dash uses the browser-native WebCrypto API for all cryptographic operations - audited, hardware-accelerated, and battle-tested.

Open Source

Every line of encryption code is publicly auditable on GitHub. Security through transparency, not obscurity.

How Dash Encrypts Your Notes

A three-step process that turns your password into military-grade protection.

STEP 1

Set Password

Enter Password

••••••••••••

Enter a password for this page

STEP 2

Key Derivation

PBKDF2-SHA256

600K iterations + unique salt

STEP 3

AES-256-GCM

EncryptedGCM

derived key + random IV

confidentiality + auth

Authenticated encryption

Technical Specifications

The cryptographic primitives and parameters Dash uses under the hood

Encryption Details

Algorithm

AES-256-GCM

Authenticated encryption with associated data

Key Derivation

PBKDF2-SHA256

600,000 iterations for password stretching

Salt Size

128 bits

Prevents rainbow table attacks

IV Size

96 bits

GCM recommended nonce size

Key Size

256 bits

Maximum AES strength

Password Hashing

bcrypt

10 rounds for verification

Crypto Implementation

WebCrypto API

Browser-native, hardware-accelerated

What This Means For You

Strong encryption comes with trade-offs. Here is what you should know.

No Master Password

Each page can have its own password. No single point of failure.

No Password Recovery

Your password never leaves your device. Nobody can reset it. This is a feature - only you can read your notes.

No Cloud Dependency

Encryption works fully offline. No internet, no server, no account needed.

Secure Purchase

Get Dash Today

Join thousands of privacy-conscious users who've chosen Dash over corporate surveillance. One payment, lifetime access.

Already purchased? Recover your downloads →

Dash

Private Notes App

Instant Download

Encryption FAQ

AES-256 Encrypted

100% Offline

Protect your notes with real encryption

AES-256-GCM encryption for $14.99. One-time purchase.

One-time payment

Lifetime access

No subscription