
Skylable Manifesto: Open-source storage coming to the rescue - edwintorok
http://blog.skylable.com/2014/04/manifesto/
======
jp41467
Does this support end to end encryption?

~~~
edwintorok
Yes, you can use a client-side filter to encrypt all your data: that way the
server has no access to the plaintext. Of course we also use HTTPS to protect
the client <-> server communication itself.

See more details here about the AES256 filter:
[http://www.skylable.com/products/sx/quickstart/](http://www.skylable.com/products/sx/quickstart/)

Disclaimer: I'm a co-founder of Skylable

~~~
notacoward
Does your encryption use a key-derivation function, or does it apply user
passwords directly? And does it use a hard-coded salt - like "sky14bl3"
perhaps - or a random one?

~~~
edwintorok
It uses an iterated SHA256 function with 1024000 iterations for key-derivation
(EVP_BytesToKey, OpenSSL 0.9.x didn't have anything better available). On my
machine (AMD FX-8350 @4Ghz) it takes 0.7s to calculate the key from a
password.

The key's fingerprint is then stored in the volume's metadata (unless paranoid
mode is on), the fingerprint is an iterated hash, with a random salt.

~~~
notacoward
That's sure not what it looked like when I read the code. So what is "skysalt"
(the constant with the value mentioned above) used for?

~~~
edwintorok
The one with the random salt is keyfp(), the fixed one is getpassword(). See
[https://twitter.com/solardiz/status/462442039687512065](https://twitter.com/solardiz/status/462442039687512065)

