Storm Log

What strikes here

Keybolt strikes passwords, passphrases, and PINs entirely in your browser using the Web Crypto API. Nothing is sent to any server, stored anywhere, or tracked in any way. Your passwords are born and stay in your sky.

How the storm works

All randomness comes from crypto.getRandomValues(), a cryptographically secure source built into your browser. It draws entropy from hardware noise -- thermal fluctuations in your CPU, the literal chaos of physics. Keybolt uses rejection sampling to eliminate modulo bias, ensuring every character is uniformly random.

Passphrases use the EFF Diceware word list -- 7,776 words, the standard for generating memorable high-entropy passphrases. The number isn't arbitrary: 6⁵ = 7,776. It was designed for dice.

What the storm does NOT do

• No data is stored -- not in cookies, localStorage, or anywhere else
• No network requests after the page loads
• No analytics, tracking, or third-party scripts
• No accounts or settings to manage
• No fingerprinting, no telemetry, no server-side logging

Verify it yourself. Open your browser's developer tools, check the Network tab. After the initial page load: zero requests. We built it this way on purpose.

Service blanks

A locksmith knows the blank for each lock. Keybolt ships with presets for major services -- Google, Apple, banks, social media -- that auto-configure password rules to match each service's requirements. No more guessing which symbols are allowed or what the maximum length is.