Journal Security¶
Encryption¶
Password hashing: Argon2id (memory: 64MB, iterations: 3, parallelism: 4)
Data encryption: AES-256-GCM with unique IV per entry
Key management: AES key exists only in RAM, wiped on lock/restart
Design Principles¶
Password is never stored in plaintext
No password recovery by design
Journal database is completely separate from main app
No code path connects journal to Claude API
Ollama availability check on startup
Auto-Lock Triggers¶
Inactivity timeout (default: 30 minutes)
Screen lock detection
Navigate away from journal page
Server restart