Postern Vault
A secrets / password vault, sealed at rest with the one canonical seal (XChaCha20-Poly1305 + Argon2id).
Postern Labs · public beta
Postern Labs builds owned, rebranded privacy and security products — a secrets vault, post-quantum file drop, a messenger, passkeys, metadata scrub, a panic lock, a wallet, voice tools, an app store, and a reproducible OS — on top of an ownerless, post-quantum protocol it does not own. You pay Postern for protection, support, and provable integrity — never for a coin.
The part most launch pages hide
Every claim on this site is audit-gated: if a thing isn't true yet, we phrase it as the plan. The full text lives on the disclaimer page.
The model
Think Bitcoin and the businesses built around it. The base protocol — Bloch-SIS-PoW, a post-quantum, pure-PoW BlockDAG — is a neutral commons: no owner, no foundation, no official site, no token sale. It is software plus a documented RPC/API surface, and nothing more. Anyone runs it; anyone builds on it.
Postern Labs is one builder among many on that neutral base — a company, with products it owns and a name deliberately rebranded away from “Bloch”. It sells the BlackBerry thing: protection, support, and integrity you can verify, on permissive Linux.
Vault · Courier · Messenger · Keys · Hygiene · Panic Lock · Seal Companion · Wallet · Postern OS · the apps — permissively licensed, sold for the protection.
SHAKE-256 hashcash PoW (Module-SIS gate) · Falcon‖ML-DSA · GhostDAG-Q · the coin. No owner, no curator, no official site or explorer. Just the protocol.
This distinction matters enough that it has its own page.
The suite
The Rust cores below are built and test-verified; the front-ends are reference prototypes; everything is unaudited. Honest labels on every card — the full catalog is on the products page.
A recent round of hardening moved several of these from prose to code — a real Argon2id KDF in the SDK, a license-revocation (CRL) endpoint, the Megolm end-to-end-encryption messaging core, Tor transport, and feature-gated TDX / SEV-SNP attestation verification. Each is still labelled with exactly how far it actually runs (some only against offline test fixtures), and all of it remains unaudited.
A secrets / password vault, sealed at rest with the one canonical seal (XChaCha20-Poly1305 + Argon2id).
Serverless person-to-person file drop: ML-KEM-1024 payload seal, now with sender authentication (a post-quantum SignedDrop) and anti-replay. The ephemeral Tor onion transport stays off by default.
Megolm-based end-to-end messaging core, via vodozemac (Apache-2.0).
A panic button that instantly re-locks and destroys nothing.
A passkey / FIDO2 credential core for the permissive-license world.
Scrubs the document metadata nobody fixes — OOXML, ODF, JPEG.
The attestation verifier: self-audit and peer-verify, so you check our claims instead of trusting them.
Post-quantum hybrid wallet (Falcon‖ML-DSA), diversified addresses, on-device key vault — on the unaudited, 51%-attackable mainnet beta; the coins carry no value claim.
The door between two worlds (a proposed name, pending trademark clearance; the porog / threshold of the Izbushka tale): a hardened, self-enrolled managed-profile workspace on stock Android — StrongBox key-attestation skeleton + the shared managed-profile DPC. A scaffold, not shipping; key-attested device, not measured-boot workspace; hardened, not anonymous; a rooted host defeats it. Never “Postern OS”.
The bridge between two worlds (the Kalinov crossing): a dual-persona layer that joins your personal side and a second, Google-Play-enabled persona on one device. The Google side is honestly the less-private side (it phones home to Google) — NoporIS sells separation, not privacy, and respects Google/Android licenses (no GMS redistribution, no Play-Integrity circumvention). A concept scaffold; name pending trademark clearance.
The settlement outside the fortress walls (a proposed name, pending trademark clearance) — the fourth folklore name after Postern the gate, Porog the threshold and NoporIS the crossing, and honestly the tier where data leaves the sealed base. The non-attestable escape hatch: a full Android/AOSP userland in an LXC container on the GNU/Linux host (built on Waydroid), for the Android apps the native ports can't run. In development — architecture + scaffolds only, not shipping. Bounded honestly: never Postern-Seal-covered, Play-Integrity STRONG fails by design, a rooted host defeats it — keep real secrets out. Never “Postern OS”.
For the deep read, engineers and auditors can pull the Technical Whitepaper (PDF) ↓ and the Audit-Readiness Dossier (PDF) ↓ — code-derived, every UNAUDITED / not-booted marker intact. Neither is an audit.
About · the founder
Tiago Tenório (TT) is the founder and CEO of Postern Labs. He comes from Brazil's payments and fintech sector — a Visa prepaid/third-party ISO agent (2018–2020); founder of the AG47 office and a member of C6 Bank's Conexão C6 program, operating across São Paulo, Goiás, the Federal District, Alagoas and Paraná (2020–2021); a national distribution partner in First Data Corporation's Ignite program for acquiring products and services (2020–2021); PMO lead on a cards project at Havan (2021–2022); and Commercial Director at Avalon Capital, an asset manager (2022). In 2026 he founded Postern Labs to build privacy-first, post-quantum software — and the ownerless Bloch-SIS-PoW protocol its products build on, in which he holds no privileged role beyond a fully disclosed, structurally passive 17% founder premine.
The companies named above state his prior roles only — none of them endorses, backs, funds, or is affiliated with Postern Labs or Bloch-SIS-PoW.
Tiago B. de A. Tenório on LinkedIn — an outbound link; this site still loads nothing external and makes no network requests of its own.
Standing commitments