SUBJECT: Why HoloSec Rejects Hardware Security Modules (HSMs).
Traditional enterprise security relies on HSMs (Hardware Security Modules)—physical chips that store encryption keys. The industry sells this as "security." The reality is that it is Centralized. If a state actor seizes the physical server, they possess the keys. It is a single point of failure with a physical address.
HoloSec does not store keys. We CALCULATE them. The encryption key for any given file is derived from a chaotic geometric permutation of three variables:
> 01. The User's Entropy (Your Password).
> 02. The File's Identity (Filename Salt).
> 03. The Temporal Coordinate (The Exact Minute of Creation).
When you lock a file with HoloSec, the derived Encryption Key exists in RAM for approximately 50 milliseconds. Once the encryption is complete, the Key is flushed from memory and destroyed.
The Key itself is never written to the disk or the file header. It simply ceases to exist.
Instead, HoloSec logs the Time Coordinate (the "seed") into your local database (`holosec_vault.db`). For maximum security, HoloSec allows you to move this vault to External Physical Storage (USB, MicroSD, or Air-Gapped Drive).
The Defensive Result: Even if an adversary compromises your primary machine and possesses your master password, they remain locked out. The "Time Coordinates" required to reconstruct the keys are physically absent from the hardware. Without the external vault, the files on your drive are mathematically indistinguishable from random noise.
We do not store the Cake (The Key); we store the Recipe (The Time)—and you can keep that recipe in your pocket.
STATUS: DECLASSIFIED
AUTHOR: ARCHITECT_ZERO
HASH: 8f9d2a...[TRUNCATED]