The cryptography that splits and recovers your secrets is published as open source under the MIT License. Auditable. Cloneable. Runnable offline. Independent of us. If Shards disappears tomorrow, the code keeps working — and so do your shards.
We open-sourced the part that has to be trusted — the cryptography. We did not open-source the part that has to be a business — everything around it. Here is the line we drew, and why.
The reason to open-source cryptography is so users can trust it without trusting the company. The reason not to open-source the whole business is that the business is not the source of trust — the math is. Every meaningful security guarantee we make is testable in the public repository.
You do not need our marketing pages to recover your shards. You need the code, the test vectors, and the build instructions. All three are public.
A test vector is a known input paired with a known output. Cryptographic libraries use them to prove that any implementation behaves identically — ours, yours, or one written 20 years from now.
The 214 official vectors come from Trezor's published SLIP-39 reference suite — the canonical test set for Shamir-based seed sharing. If a library passes them, its output is interoperable with every other compliant library. If it fails any of them, it has subtly diverged from the standard.
Our 36 custom vectors cover edge cases: minimum thresholds (1-of-1, 2-of-2), maximum thresholds (16-of-16), round-trip correctness under unusual parameters, and known-malicious inputs (corrupted shares, truncated mnemonics, wordlist substitutions).
Once the public repository launches, the test results are visible in the CI badge on GitHub, and the test suite itself is runnable in under thirty seconds with npm test.
A reproducible build means that anyone, starting from the same source code, produces a byte-identical output. If our published artifact matches what you build from source, you know it hasn't been tampered with between the repository and your browser.
If you build from source and the resulting SHA-256 does not match the hash published on the release page, do not use that artifact. Open an issue on GitHub. Either the published version has been tampered with, or there is a build environment issue worth investigating. A reproducible build is the simplest verification you can run, and it should always succeed.
For high-value secrets, running the split and reconstruction on a machine that has never touched the internet is the strongest practical protection. Two methods, depending on how paranoid you need to be.
Method A · Load the page once, then disconnect. Visit thresholdvault.com/split, wait for it to fully load, then disconnect your device from the network. Perform the split or reconstruction. The page does not make additional network calls during operation — verifiable in your browser's developer tools, Network tab.
Method B · Build from source on an air-gapped machine. Clone the repository on a connected machine, transfer it to an air-gapped device via USB, then build and run the standalone HTML. This eliminates the dependency on our domain entirely.
Running offline eliminates network-based risks. It does not eliminate physical risks (a compromised device, malware loaded before air-gapping, key-logging firmware, printers with retained memory). For the highest-value secrets, the cryptographic operation is just one link in a longer chain — see our threat model for the full picture.