1. The model in one paragraph
Murmur is zero-knowledge by design. Your password is turned into an encryption key inside your browser, and that key never leaves your device. The connection to your private Google Sheet is encrypted with it before being stored, so the login directory that authenticates you only ever holds ciphertext. Your notes themselves live in a Google Sheet you own.
2. Cryptography
- Key derivation: PBKDF2 with SHA-256 and 310,000 iterations over your password and a random 16-byte per-account salt, producing 512 bits.
- Encryption key: the first 256 bits become an AES-GCM key used to encrypt your Sheet connection and your keyring. It is non-extractable and never transmitted.
- Verifier: the second 256 bits are hashed with SHA-256 into a verifier used solely for authentication. It reveals nothing about the encryption key.
- Per-channel keys: shared channels use independent random 256-bit keys, carried between your devices in an encrypted keyring.
3. What this protects against
- The operator of the master (login) sheet cannot read your notes, your Sheet’s location, or your password.
- A leak of the master sheet exposes only ciphertext, salts, verifiers, and access lists — no plaintext content.
- A network observer cannot read your content, which is encrypted before transmission where the connection blob is concerned and otherwise sent directly to your own Sheet over HTTPS.
4. Known trade-offs (by design)
- Device trust. Your decrypted session lives in
localStorageon your own device. A compromised device or malicious browser extension can read it. Sign out to clear it. - Password recovery is impossible. Because the key is derived from your password and never stored, a forgotten password cannot be recovered; you re-register and re-link your Sheet.
- Invite codes are bearer tokens.Anyone holding a shared channel’s code has its key. Removing a member does not revoke a code they already hold — stop sharing and re-share to rotate the key.
- Your Sheet’s token is a secret. The Web App URL plus token grant access to your data; keep them confidential.
5. Reporting a vulnerability
Please report security issues privately, not as public issues. Use GitHub’s private vulnerability reporting for the repository. Include what you found, how to reproduce it, and the impact. We aim to acknowledge reports promptly and are glad to credit reporters in release notes. See the repository’s SECURITY.md for full details.
6. Review it yourself
The security-relevant code is deliberately small and readable. The client crypto lives in src/lib/crypto.ts and the authentication and access-control logic in apps-script/master.gs. We encourage independent review — that’s the point of being open source.