DEV Community


Tardigrade Thursday with Jocelyn: Security Access, Pt. 1

・2 min read


Hi, I'm Jocelyn Matthews, Community Manager at Storj Labs and Tardigrade. Today our VP of Operations John Gleeson joins me to talk about encryption, erasure coding, API keys (macaroons as cryptographic authorization credentials that can be chained) and Access management. We also chat about hierarchically determined (HD) keys, error correction root and child encryption keys.

The takeaway from today's episode? Distributed data storage architecture combined with edge-based encryption and access management stores your data as if it were encrypted sand stored on an encrypted beach. The combination of client-side HD Encryption keys and HD API keys in an easy-to-use platform enables application developers to leverage the capability-based security model to build applications that provide superior privacy and security. With the significant increase in attention on privacy and security, these capabilities can provide developers the opportunity to reduce risk, reduce the threat surface and improve the privacy of applications.

Learn about the ways the tools we built to ensure the security and privacy of data stored on our distributed storage platform can also be used by the developers and end users of applications that store data on the platform to increase the security and privacy of those applications.

What on earth is Tardigrade? So glad you asked! Open source since its inception, Storj Labs powers Tardigrade, the enterprise level decentralized cloud object storage platform that comes with SLAs. Distributed across a decentralized network of statistically uncorrelated nodes, every object is encrypted before leaving your machine.

Files are broken up into segments, those segments are actually encrypted with a randomized, salted, derived encryption key, that is then encrypted with the metadata and split into 80 pieces. Of those 80 pieces only 29 - and they can be any 29 ! - are needed to reconstitute the file. Nobody can see your data except the owner of the key (you). Just the act of decrypting it confirms the data you get back is exactly the data that was stored.

In this conversation we cover the reasons, and talk about how developing in the harshest and trustless environment pays off in the long run, with the side effect of requiring security to be "baked in" to the platform from the start. We then move on to a meaty discussion of why macaroons offer incredible flexibility for storage, and how chained Access caveats allow you to safely share data, or to revoke that sharing securely at the Satellite level.

Discussion (0)