Our primary goal with MagnaStor security is to prevent unauthorized access to your data. MagnaStor insists that the user generate and control their own encryption keys. This has the benefit of preventing third party access to you data.
MagnaStor security is derived primarily from the clear separation of your volume key and cloud-stored data. Your volume key is never sent outside of your computer, and your volume data is always compressed and encrypted before transmission. This means that your raw data is only ever accessible from your computer.
By design, there are no features that could inadvertently enable sharing of your keys to permit decryption of volume data by unauthorized parties. Because of this, we cannot assist in the decryption of volumes when keys are lost -- whether for authorized users or anyone else.
Volume contents are compressed and encrypted with a unique 256-bit derived key on your computer, before transmission. Outside of your computer, this is the only form in which your data could be captured by a third party. In this form, your data cannot be indexed, searched, or otherwise leaked.
Each portion of volume data ("chunk") is encrypted using the standard AES-256 algorithm, with a key derived from the volume key using industry-standard PBKDF2 and a SALT of volume-specific metadata, plus a 64-bit random quantity. Keys are rotated at least every 10MB, adding another layer of complexity around transmitted volume data.