How many iterations use Storj for PBKDF2 when we create Keys for CLI to use end to end encryption?

Hello, recent security issues of a well-known online password manager: LastPass have highlighted that 100,000 iterations for PBKDF2 are obsolete now they recommend 600,000 How do I change my password iterations for LastPass? - LastPass Support, i have search in official Storj documentation but I couldn’t find info about this parameter can anyone tell us sometingh about this? Thanks for answer!

This seeems unrelated to Storj

Why do you think it’s unrelated ? maybe storj doesn’t use any functions to make passwords more secure or do you mean i have write in wrong forum’s section? In that case I apologize

Storj does not generate account passwords for the customer. It is up to the customer to make sure they use strong passwords. If they decide to use an external password generator, it is up to them to make sure that they use one that actually generates sufficiently strong passwords. Note that Storj also recommends to always use multi-factor authentication along with a strong password.

Please specify what is the specific issue you want us to address.

I mean when a customer uploads via CLI each file is encrypted locally using a key derived from the customer’s password set for the bucket where files are uploads , I wanted to understand if the procedure for deriving this key uses PBKDF2 function to reduce vulnerability to brute force attacks and how many iterations performs

I am not sure where you read that supposedly the encryption key is derived from the customer´s password. Please read our documentation about how encryption is implemented and specifically, the section on Content and Metadata encryption for details of our implementation.

1 Like

Ok thank you for clarification i’ll read those docs

1 Like

If I’m understanding things correctly Argon2id and not PBKDF2 is being used for key derivation. There is more information about the design here: storj/ at 529e3674e484df0da70654f1d3de50f6ef6455cd · storj/storj · GitHub You can inspect the code here: common/password.go at 7591b205266e8c253f46c841f60899496889050c · storj/common · GitHub


Thank you! This is what i’m looking for

1 Like