A Deeper Explanation for Those Who Love Technical Details
If you love understanding all the technical details, here is the nitty-gritty of how we process your data at the source before it is distributed to the Symform Cloud Storage Network.
- Generate a random folder encryption key using the 256-bit Advanced Encryption Standard (AES).
- Files are divided into blocks of up to 64MB. If a file’s size is equal to or less than 64MB, then it fits into a single block. If the file is not a multiple of 64MB, the final block will be less than 64MB.
- Each block is encrypted with the folder key. The key used for encryption is shared by all files in the same folder, enabling de-duplication of similar files within a folder and multiple version of the same file.
- Each encrypted block is divided (shredded) into data fragments. There are two scenarios at this stage – one for blocks smaller than 256K, and one for blocks larger than 256K:
- Blocks less than 256K: Data blocks are broken into 4K chunks. If the block is less than a multiple of 4K, it will be padded with zeros to make it a 4K multiple. After padding, a 4K block will generate one data fragment, an 8K block will generate 2 data fragments, and so on. A 256K block will generate 64 data fragments.
- Blocks greater than 256K: Always gets padded to the next 256K multiple (e.g. 512K, 768K…64MB) and always generates 64 data fragments. The size of the fragment depends on the padded block size. A 256K block generates 64 4K fragments, a 512K block generates 64 8K fragments, and a 64MB block generates 64 1MB fragments.
What Does This Mean for Your Data Protection?
Smaller blocks incur more redundancy overhead, to ensure the same level of availability that larger blocks have. These are small blocks, so redundancy overhead isn’t much of a concern anyway. The more significant issue here tends to be the communication overhead associated with transferring small fragments.
A very small file (e.g. smaller than 4K) may fit completely inside a single data fragment; therefore, in theory, its contents are protected by encryption only and not by dispersal across nodes. In practice, this doesn’t matter very much, because the information about which file is associated with which data fragment, and where that data fragment is located, is stored apart from the data fragment itself – in Symform Cloud Control. An attacker would have to identify a file and break into Symform to find out where its fragments are located. After this, they would have to actually have access to at least one of those fragments to be able reconstruct the encrypted contents. Last, and certainly not least, they would have to break the AES-256 encryption key.
If you still have questions about how we process data, please don’t hesitate to contact us.
