We built Reach0 to create a tool that puts your privacy first. It's completely free, open-source, and designed so that nobody, not even us can ever see the secrets you share.
What Is Zero-Knowledge Encryption?
Zero-knowledge encryption means that even the service provider can't access your data. When you use Reach0, your secrets are encrypted entirely in your browser before anything leaves your device. The encrypted data never touches our servers, and we never see your password or decryption key. It's mathematically impossible for us to decrypt your secrets, and that's exactly how we designed it.
True privacy means you shouldn't have to trust anyone, not even the people building the tools you use
How Reach0.com Encrypts Your Data
Let's walk through exactly what happens when you create a secret. We want you to feel totally confident about how your data is protected at every step!
Step 1: Compression Before Encryption
Before encrypting your secret, Reach0 compresses it using gzip compression. This step reduces the size of text-heavy secrets by 60-70%, making your shareable links shorter and faster to process. The best part? Compression happens entirely in your browser using the native Compression API, no data leaves your device during this step.
Step 2: Password Strengthening with PBKDF2
Your password goes through PBKDF2 (Password-Based Key Derivation Function 2) with 100,000 iterations. This is a crucial security feature that protects against brute-force attacks, and here's why it matters:
The browser takes your password and runs it through a complex mathematical function 100,000 times, mixing it with a random salt value each time. This process takes about 100 milliseconds on a modern computer, barely noticeable for you, but devastating for attackers trying to guess your password.
If someone tries to crack your password, each attempt costs them 100ms. A password that would take just 1 hour to crack with simple hashing now takes over 11 years with PBKDF2 at this iteration count.
Example: Let's say you choose the password FrenchFries2026!. Here's what happens:``
Key Derivation Process
Input
- Password:
FrenchFries2026! - Random salt
↓
Iterative hashing
- Iteration 1 →
a8f3e9d2c1b4… - Iteration 2 →
7f2d8a9e3c6b… - Iteration 3 →
… - …
- Iteration 100,000
↓
Final Output
- 256-bit encryption key:
9a7f3e8d2c4b1a5f…
Each iteration takes microseconds for you, but an attacker trying millions of password guesses will be slowed down dramatically
Step 3: Random Salt and Initialization Vector
Every encryption operation uses a fresh random salt (16 bytes) and initialization vector or IV (12 bytes). The salt strengthens your password during key derivation, while the IV ensures that encrypting the same message twice produces completely different encrypted output. These values aren't secret, they're prepended to the encrypted data so the decryption process can use them later.
This randomness is essential. It means that even if you encrypt the same secret twice, the result looks completely different each time. just strong security.
First encryption
- Salt:
3f8a2e9d1c4b…(random) - IV:
7a3d2f8e…(random) - Encrypted result:
a9f3e7d2c4b1a8f5e9d3c7b2a6f4e8d…
↓
Second encryption
- Salt:
c7b2a6f4e8d3…(different random) - IV:
2f8e4c1a…(different random) - Encrypted result:
7d2c4b1a8f5e9d3c7b2a6f4e8d3c7b…
Result:
Even with the same input and password, encryption produces completely different outputs every time, protecting against pattern matching and replay attacks.
Step 4: AES-GCM Encryption
Reach0 uses AES-GCM (Advanced Encryption Standard with Galois/Counter Mode) with 256-bit keys, the same military-grade encryption trusted by password managers and encrypted messaging apps around the world. We chose AES-GCM because it provides two critical features in one elegant package:
- Confidentiality: Your data is scrambled into unreadable ciphertext that only someone with the correct password can decode
- Authentication: If anyone tampers with even a single bit of the encrypted data, decryption automatically fails
This authenticated encryption ensures that your secrets can't be modified without detection. You'll know immediately if something's wrong.
Original message: FRENCH FRIES AGAIN
After AES-GCM encryption: 9f8e7d6c5b4a39281716f5e4d3c2b1a09f8e7d6c5b4a3928...
If someone changes even ONE character: Yf8e7d6c5b4a39281716f5e4d3c2b1a09f8e7d6c5b4a3929... ^ changed
When decryption is attempted: ❌ Error: Authentication failed - data has been tampered with
The Secret Sauce: URL Hash Fragment
Here's where Reach0.com's zero-knowledge guarantee really shines. The encrypted payload is encoded in the URL hash the part after the # symbol. Browsers have a fundamental rule built into the HTTP protocol: they never send the URL hash to the server.
When you share a link like reach0.com/#encrypteddata, your browser only sends reach0.com to our servers. The encrypted data stays in your browser and travels directly to whoever opens the link.
It's how HTTP works at a protocol level. Even if we wanted to capture your encrypted secrets (and we absolutely don't), it's architecturally impossible. Server logs can't see it, analytics can't track it, and network monitoring can't intercept it. Your secrets are yours alone. Yay
Example: When you create a secret, Reach0 generates a link like this:
https://reach0.com/#a9f3e7d2c4b1a8f5e9d3c7b2a6f4e8d3c7b2a1f9e8d7c6b5a4f3e2d1c0b9a8
What the server sees:
GET https://reach0.com/
Host: reach0.com
[End of request]
What stays in your browser:
#a9f3e7d2c4b1a8f5e9d3c7b2a6f4e8d3c7b2a1f9e8d7c6b5a4f3e2d1c0b9a8
^ This entire encrypted payload never leaves your device until you share the link
What happens next: When your recipient clicks the link, their browser goes to the Reach0 app, which reads the hash fragment locally and decrypts it, all without our servers ever seeing the encrypted data.
Why This Architecture Matters
We know that most secure sharing tools store your encrypted data on their servers. Even when they promise not to look, you're still trusting their security practices, their employees, and their infrastructure.
With Reach0.com's zero-knowledge design, you get:
- No data breaches: There's nothing stored on our servers to steal
- No expiration dates: Since nothing is stored, your links never expire, they work forever
- No bandwidth limits: No server storage means no artificial restrictions on what you can share
- True privacy: We literally can't, and that's a feature
- Open Source: The entire codebase is available on GitHub with an MIT license. You can review the code, audit our security, or even clone it and deploy on your own machine
We believe transparency builds trust. That's why everything is open for you to inspect and verify.
Built for Everyone
We built this tool because we believe everyone deserves access to strong encryption without compromises, subscriptions, or surveillance.
The best part? It's completely free, runs entirely in your browser, and requires no signup or account. Just visit Reach0.com, and share the link. That's it.
We're Here to Help
If you find any issues or have ideas for improvements, we'd love to hear from you! Please feel free to report them here. Your feedback helps make Reach0.com better for everyone.
Thank you for reading this :)