Storj DCS: 2FA and file persistence

Hello there,

I’m testing Storj DCS (web version) and it looks great!

Congratulations (to all devs) for the great product!

Considering the use of Storj DCS (web version), I’ve got a few questions about erasing and persistence of files on Storj’s network:

  1. For how long do my uploaded pieces (files) last on Storj DCS (Storj network - P2P nodes) - i.e. file persistence/availability - while I’m using my free 50GB account?

  2. If 2FA is activated, is 2FA asked when anyone tries to Reset account Password?

  3. Are all my uploaded pieces (files) instantly erased from all P2P storage nodes after I had clicked “Delete” button (Objects Upload Children screen) for each uploaded file of mine?

  4. Are all my uploaded pieces (files) contained inside a Bucket (or Object) instantly erased from all P2P storage nodes after I had clicked “Delete” button (on Bucket Management screen)?

Welcome to the forum.

  1. Pieces should stay forever as long as you stay inside of the 50GB.
  2. I just tried, it doesn’t. At least not for sending the email with the reset token. I didn’t finish the process though.
  3. The satellite informs the nodes that hold your pieces about the deletion. The pieces get marked for deletion and then are gradually garbage collected.
  4. Same process as in 3, I think.
1 Like

This isn’t entirely correct, the nodes that are online process the delete right away. Garbage collection is only responsible for cleaning up pieces if a node missed the deletion.

Keep in mind though that even when a node is offline and it takes a bit for the piece to be deleted, it will be only a small part of an encrypted blob. There can be no information pulled from it.

Deletes are asynchronous, this means they get processed right away by the satellite and nodes, but the response doesn’t wait for all nodes to have finished. As soon as the satellite has the information it needs, it returns the call and starts the deletion process on nodes. This greatly improves performance for deletes for customers. But getting a response doesn’t guarantee the files are already completely gone. (this is more a matter of miliseconds to seconds than minutes though)

3 Likes

If 2FA is activated, is 2FA asked when anyone tries to Reset account Password?

No, not currently. But that is a good idea, and I am making a ticket to add this functionality next sprint.

5 Likes

Thanks @tylkomat and @BrightSilence for clarifying the situation a bit more!

I support your initiative (implementing that functionality) because allowing password reset without 2FA confirmation might open a possible surface for a skilled attacker…

Definitely, we still have some notable security holes. MFA is actually a very recent feature (past 6 months, I think), so it’s not surprising that this slipped through. In any case, this is a high priority task.

3 Likes

Btw (still) considering Storj DCS (web version), I’ve got one more question:

Is it possible to change account’s email address?

Couldn’t find that option on “Settings”…

Yes it’s possible, but via support request. You must have an access to both email addresses and will be required to register both on HelpDesk platform, this will prove that you are the owner of both addresses. Then your old email address could be replaced with a new one.
This process could be updated in the future though.

2 Likes

That would be much desirable and appreciated because requesting email change using password + 2FA is by far more efficient and faster…

Where can I find the changelog from Storj DCS’ updates?
(So I can be sure when new features have been implemented)

If there’s no changelog: Is there any way to be notified about new Storj DCS’ updates?

https://storj.io/category/engineering

You can also use these boards: Projects · storj · GitHub

And all changelogs: https://forum.storj.io/tag/official-changelog