<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Sanjoy Karmakar</title>
    <description>The latest articles on DEV Community by Sanjoy Karmakar (@sanjoy_karmakar_044).</description>
    <link>https://dev.to/sanjoy_karmakar_044</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4020553%2F5443de49-3715-4f4a-9e26-61f35e7b0655.png</url>
      <title>DEV Community: Sanjoy Karmakar</title>
      <link>https://dev.to/sanjoy_karmakar_044</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/sanjoy_karmakar_044"/>
    <language>en</language>
    <item>
      <title>What is EXIF data, and how do you remove it from a photo?</title>
      <dc:creator>Sanjoy Karmakar</dc:creator>
      <pubDate>Wed, 15 Jul 2026 08:56:08 +0000</pubDate>
      <link>https://dev.to/sanjoy_karmakar_044/what-is-exif-data-and-how-do-you-remove-it-from-a-photo-1mbh</link>
      <guid>https://dev.to/sanjoy_karmakar_044/what-is-exif-data-and-how-do-you-remove-it-from-a-photo-1mbh</guid>
      <description>&lt;p&gt;Every photo your phone or camera takes carries an invisible passenger: &lt;strong&gt;EXIF data&lt;/strong&gt;. It rides along inside the file, adds nothing to what you see on screen, and can quietly tell a stranger where you were standing when you took the picture. Here's what EXIF data actually is, what it can reveal, and how to strip it before you share a photo.&lt;/p&gt;

&lt;h2&gt;
  
  
  What is EXIF data, exactly?
&lt;/h2&gt;

&lt;p&gt;EXIF stands for &lt;strong&gt;Exchangeable Image File Format&lt;/strong&gt; — a standard, maintained by the Camera &amp;amp; Imaging Products Association (CIPA), for embedding a block of metadata inside a JPEG photo. When a digital camera or phone saves a JPEG, it writes a small binary block right after the start of the file (technically, an &lt;code&gt;APP1&lt;/code&gt; segment structured like a miniature TIFF file) containing tags about the shot: not the pixels, but facts &lt;em&gt;about&lt;/em&gt; the pixels.&lt;/p&gt;

&lt;p&gt;It's not a hack or a leak in the traditional sense — EXIF was designed to be there. The problem is that almost nobody ever looks at it before hitting send.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's actually inside an EXIF block
&lt;/h2&gt;

&lt;p&gt;A camera can write dozens of EXIF fields, but the ones that matter for privacy are a short list:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Field&lt;/th&gt;
&lt;th&gt;What it reveals&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;
&lt;code&gt;Make&lt;/code&gt; / &lt;code&gt;Model&lt;/code&gt;
&lt;/td&gt;
&lt;td&gt;The exact phone or camera model that took the photo&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;Software&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;The app or firmware version used to process it&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;
&lt;code&gt;DateTime&lt;/code&gt; / &lt;code&gt;DateTimeOriginal&lt;/code&gt;
&lt;/td&gt;
&lt;td&gt;When the photo was taken and last saved, to the second&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;
&lt;code&gt;Artist&lt;/code&gt; / &lt;code&gt;Copyright&lt;/code&gt;
&lt;/td&gt;
&lt;td&gt;A name, if the device or app was configured with one&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;Orientation&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Which way to rotate the image for display&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;
&lt;code&gt;ExposureTime&lt;/code&gt; / &lt;code&gt;FocalLength&lt;/code&gt;
&lt;/td&gt;
&lt;td&gt;Camera settings — not private, but confirms real gear was used&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;
&lt;code&gt;GPSLatitude&lt;/code&gt; / &lt;code&gt;GPSLongitude&lt;/code&gt;
&lt;/td&gt;
&lt;td&gt;The exact location the photo was taken, often to within a few metres&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;That last one is the field that actually causes harm. GPS coordinates baked into a photo are precise enough to point at a front door, a workplace, or a child's school — from a single JPEG, with no other information needed.&lt;/p&gt;

&lt;p&gt;The &lt;code&gt;Orientation&lt;/code&gt; tag is worth a specific mention because it's the one EXIF field browsers already act on: the CSS &lt;code&gt;image-orientation&lt;/code&gt; property's default value, &lt;code&gt;from-image&lt;/code&gt;, tells the browser to auto-rotate a JPEG using this exact tag — proof that EXIF isn't some obscure forensic curiosity, it's live metadata your own browser reads today.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to see what your photo is carrying
&lt;/h2&gt;

&lt;p&gt;You don't have to take any of this on faith — you can look. FileX's &lt;a href="https://files.cybxsan.com/tools/inspect-file-metadata/" rel="noopener noreferrer"&gt;Inspect tool&lt;/a&gt; reads a JPEG's EXIF block and lists every tag it finds, including a specific warning if GPS coordinates are present, before you decide to share anything. It's read-only: nothing is written back to the file, and because it runs entirely in your browser, the photo itself never leaves your device just to be checked.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to remove EXIF data from a photo
&lt;/h2&gt;

&lt;p&gt;Once you know what's there, removing it is one step: FileX's &lt;a href="https://files.cybxsan.com/tools/remove-exif-metadata-from-photos/" rel="noopener noreferrer"&gt;Scrub tool&lt;/a&gt; takes a JPG or PNG and re-encodes it as a fresh JPEG at 95% quality, using the browser's &lt;code&gt;&amp;lt;canvas&amp;gt;&lt;/code&gt; element. That re-encode is the whole mechanism — a canvas only ever knows about pixels, so when it redraws your photo it has no way to carry the old EXIF block along. The output is visually identical, full resolution, same content — just without the metadata that came in.&lt;/p&gt;

&lt;p&gt;Two things worth knowing about that process:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;It always produces a JPEG, even if you dropped in a PNG. If your source was a PNG with embedded metadata, re-encoding still discards it.&lt;/li&gt;
&lt;li&gt;Because it's a genuine re-encode at high quality (not a lossless strip), there's no meaningful visible quality loss, but it isn't a bit-for-bit copy of the original either.&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Does resizing or cropping remove EXIF automatically?
&lt;/h2&gt;

&lt;p&gt;Not necessarily — plenty of photo editors preserve the EXIF block when they resize or crop, because they write the new pixels back into the same container without touching the metadata section. The only way to be sure is to either check with a tool like Inspect, or use a tool that explicitly re-encodes through a metadata-blind path like canvas — which is exactly what removes it here.&lt;/p&gt;

&lt;h2&gt;
  
  
  A quick before-you-send checklist
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Selling something online?&lt;/strong&gt; Product photos taken at home routinely carry GPS. Scrub before you post the listing.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Sharing photos from an event or trip?&lt;/strong&gt; Timestamps and device model are low-risk alone, but combined with GPS they build a fuller picture than most people intend to share.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Sending a photo to someone you don't fully trust?&lt;/strong&gt; Inspect first — it takes seconds and costs nothing to know.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;EXIF is only half the metadata story — PDFs and other documents carry their own hidden properties (author names, software fingerprints, timestamps), which works a little differently. The &lt;a href="https://files.cybxsan.com/blog/hidden-metadata-your-photos-and-pdfs-leak/" rel="noopener noreferrer"&gt;deeper look at hidden metadata&lt;/a&gt; covers both photos and documents side by side if you want the fuller picture.&lt;/p&gt;

&lt;p&gt;Curious what your own photos are carrying? Drop one into the &lt;a href="https://files.cybxsan.com/tools/inspect-file-metadata/" rel="noopener noreferrer"&gt;Inspect tool&lt;/a&gt; — it's free, read-only, and nothing is uploaded.&lt;/p&gt;

</description>
      <category>exif</category>
      <category>metadata</category>
      <category>privacy</category>
    </item>
    <item>
      <title>How to securely erase an SSD (and why overwriting isn't enough)</title>
      <dc:creator>Sanjoy Karmakar</dc:creator>
      <pubDate>Fri, 10 Jul 2026 09:35:35 +0000</pubDate>
      <link>https://dev.to/sanjoy_karmakar_044/how-to-securely-erase-an-ssd-and-why-overwriting-isnt-enough-3d05</link>
      <guid>https://dev.to/sanjoy_karmakar_044/how-to-securely-erase-an-ssd-and-why-overwriting-isnt-enough-3d05</guid>
      <description>&lt;p&gt;If you're about to sell, return, or recycle a laptop, the instinct is to delete your files, maybe run an overwrite tool, and call it done. On a spinning hard drive that instinct is basically correct. On a solid-state drive (SSD) — which is what's inside almost every laptop sold today — it isn't. &lt;strong&gt;You can securely erase an SSD, but not by overwriting files in place.&lt;/strong&gt; Here's why, and what actually works.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why file overwrites don't reliably erase an SSD
&lt;/h2&gt;

&lt;p&gt;Overwriting a file writes new bytes over the old ones so the original content is physically replaced — that's real erasure, and it's exactly what an in-browser eraser tool does. The catch is what "in place" means on flash storage.&lt;/p&gt;

&lt;p&gt;An SSD can't rewrite a single cell the way a magnetic platter can. To spread physical wear evenly and stay fast, SSD controllers use &lt;strong&gt;wear-leveling&lt;/strong&gt;: when your OS "overwrites" a file, the controller frequently parks the new data in a &lt;em&gt;different&lt;/em&gt; physical location and retires the old block instead of erasing it there. The filesystem reports success. The original bytes may still exist in a block the OS can no longer even address. We cover this mechanism — and the related myth that more overwrite passes helps — in more depth in &lt;a href="https://files.cybxsan.com/blog/does-deleting-a-file-actually-erase-it/" rel="noopener noreferrer"&gt;does deleting a file actually erase it?&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The upshot: a software overwrite on an SSD is a &lt;strong&gt;best-effort logical wipe&lt;/strong&gt;. It defeats undelete and file-recovery tools, which is the level NIST calls "Clear." It cannot promise a lab with the right equipment won't recover a fragment from a retired block. For most everyday deletions, Clear is genuinely enough. For a drive that's about to leave your hands entirely, it usually isn't.&lt;/p&gt;

&lt;h2&gt;
  
  
  The reference standard: NIST SP 800-88
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;&lt;a href="https://csrc.nist.gov/pubs/sp/800/88/r1/final" rel="noopener noreferrer"&gt;NIST Special Publication 800-88&lt;/a&gt;&lt;/strong&gt;, "Guidelines for Media Sanitization," defines the escalating levels that matter here:&lt;/p&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Level&lt;/th&gt;
&lt;th&gt;What it does&lt;/th&gt;
&lt;th&gt;Defeats&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Clear&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Overwrite user-addressable storage with new data&lt;/td&gt;
&lt;td&gt;Standard undelete / recovery software&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Purge&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Techniques that resist laboratory recovery — cryptographic erase, or the drive's own firmware sanitize command&lt;/td&gt;
&lt;td&gt;Forensic recovery&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Destroy&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;Physical destruction of the media&lt;/td&gt;
&lt;td&gt;Everything&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;A whole SSD you're decommissioning calls for &lt;strong&gt;Purge&lt;/strong&gt;, not Clear. NIST 800-88 lists two practical ways to get there on flash media:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Cryptographic erase&lt;/strong&gt; — if the drive (or a volume on it) was encrypted, destroying the encryption key instantly makes every block unreadable, no matter which physical location the controller actually wrote to. This is the fastest and most broadly applicable Purge method for SSDs, provided encryption was on from the start.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The drive's own sanitize / secure-erase command&lt;/strong&gt; — issued directly to the controller (ATA Secure Erase for SATA drives, NVMe Sanitize for NVMe drives). The firmware erases the flash itself, which is the one layer that isn't fooled by wear-leveling, because it operates below it.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Both require access a web browser simply doesn't have — this is OS- and firmware-level work, not something JavaScript running in a tab can issue.&lt;/p&gt;

&lt;h2&gt;
  
  
  What that actually looks like
&lt;/h2&gt;

&lt;p&gt;Concretely, reaching Purge on a real machine means one of:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Linux, LUKS-encrypted drive:&lt;/strong&gt; destroy the volume key (&lt;code&gt;cryptsetup luksErase&lt;/code&gt;) for an instant crypto-erase.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Linux, NVMe:&lt;/strong&gt; issue an NVMe Sanitize block-erase (&lt;code&gt;nvme sanitize&lt;/code&gt;) — the drive's firmware wipes itself.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Linux/any OS, SATA SSD:&lt;/strong&gt; the drive's ATA Security Erase Unit command (often run via &lt;code&gt;hdparm --security-erase&lt;/code&gt;).&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;macOS:&lt;/strong&gt; disable FileVault and destroy the APFS volume key for a crypto-erase, or use the drive's native secure-erase utility.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Windows:&lt;/strong&gt; turn off BitLocker and reformat to destroy the key, or run the drive vendor's secure-erase tool.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These are irreversible, whole-device operations — exactly the kind of thing that shouldn't run silently or by accident, and exactly why FileX draws a hard line around them.&lt;/p&gt;

&lt;h2&gt;
  
  
  Where FileX's two erasure tools fit
&lt;/h2&gt;

&lt;p&gt;FileX ships two erasure tools, and each is honest about which level it reaches:&lt;/p&gt;

&lt;p&gt;The &lt;strong&gt;&lt;a href="https://files.cybxsan.com/tools/securely-erase-files/" rel="noopener noreferrer"&gt;in-browser Eraser&lt;/a&gt;&lt;/strong&gt; overwrites and deletes the contents of a folder you choose, entirely in your browser via the File System Access API — nothing leaves your device. That's &lt;strong&gt;Clear&lt;/strong&gt;: it reliably defeats recovery software, and it's the right tool for cleaning out sensitive files you're done with day to day. It is not, and doesn't claim to be, a whole-drive Purge tool — a browser tab can't touch drive firmware.&lt;/p&gt;

&lt;p&gt;The downloadable &lt;strong&gt;FileX Eraser Tool&lt;/strong&gt; (native, Windows/macOS/Linux, Pro-licensed) also supports &lt;code&gt;crypto-erase&lt;/code&gt; and &lt;code&gt;purge&lt;/code&gt; methods for whole devices. Deliberately, it does not fire the firmware sanitize command itself — that's a destructive, irreversible action on an entire disk, and an unsigned CLI shouldn't auto-execute it. Instead it detects your OS and prints the correct, vetted native command for your platform (&lt;code&gt;nvme sanitize&lt;/code&gt;, &lt;code&gt;hdparm --security-erase&lt;/code&gt;, &lt;code&gt;cryptsetup luksErase&lt;/code&gt;, &lt;code&gt;diskutil secureErase&lt;/code&gt;, or the BitLocker equivalent) so you run it deliberately, as an admin, against the right device. For file- and folder-level &lt;code&gt;clear&lt;/code&gt; jobs it runs the erase itself and produces the same tamper-evident certificate as the web tool.&lt;/p&gt;

&lt;h2&gt;
  
  
  The practical takeaway
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Deleting or even overwriting individual files on an SSD is Clear-level protection — good for day-to-day cleanup, not a guarantee for hardware leaving your control.&lt;/li&gt;
&lt;li&gt;The reliable way to reach Purge on an SSD is cryptographic erase (destroy the key) or the drive's own ATA Secure Erase / NVMe Sanitize command — both need OS- or firmware-level access.&lt;/li&gt;
&lt;li&gt;Turn on full-disk encryption from day one on any drive you might ever resell or return. It makes a future crypto-erase instant instead of impossible.&lt;/li&gt;
&lt;li&gt;For files you want gone right now, not a whole drive, the &lt;a href="https://files.cybxsan.com/tools/securely-erase-files/" rel="noopener noreferrer"&gt;in-browser Eraser&lt;/a&gt; overwrites and deletes them locally and hands you a certificate — nothing uploaded.&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>ssd</category>
      <category>secureerase</category>
      <category>nist80088</category>
    </item>
    <item>
      <title>PBKDF2 vs Argon2 vs bcrypt — which key-derivation function and why</title>
      <dc:creator>Sanjoy Karmakar</dc:creator>
      <pubDate>Wed, 08 Jul 2026 09:20:39 +0000</pubDate>
      <link>https://dev.to/sanjoy_karmakar_044/pbkdf2-vs-argon2-vs-bcrypt-which-key-derivation-function-and-why-571k</link>
      <guid>https://dev.to/sanjoy_karmakar_044/pbkdf2-vs-argon2-vs-bcrypt-which-key-derivation-function-and-why-571k</guid>
      <description>&lt;p&gt;If you've read anything about password hashing or encryption, you've run into all three names: PBKDF2, bcrypt, Argon2. They get lumped together as "ways to turn a password into something safe to store or use," but they were built for different problems, at different times, and they don't defend against the same attacks equally well. Here's what each one actually does, where they diverge, and why FileX derives its encryption keys with PBKDF2 rather than the others.&lt;/p&gt;

&lt;h2&gt;
  
  
  What a key-derivation function is for
&lt;/h2&gt;

&lt;p&gt;A password like &lt;code&gt;correct horse battery staple&lt;/code&gt; is not usable directly as a cryptographic key, and it's not safe to check by comparing it to a plain stored copy either. A key-derivation function (KDF) — sometimes called a password-hashing function in the login context — takes the password plus a random &lt;strong&gt;salt&lt;/strong&gt; and runs it through a deliberately expensive one-way computation. Two properties matter:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;The salt&lt;/strong&gt; makes every derivation unique, even for two people who pick the same password, so an attacker can't precompute one giant table of results and reuse it against every target.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;The cost&lt;/strong&gt; (iterations, memory, or both) makes each guess slow. An attacker who steals a salt and a ciphertext (or a stored hash) still has to pay that cost for &lt;em&gt;every single password they try&lt;/em&gt;. That's the entire point — the cipher or the login check is rarely the weak link; how expensive it is to brute-force the password is.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;PBKDF2, bcrypt, and Argon2 all satisfy this shape. Where they differ is &lt;em&gt;what&lt;/em&gt; they make expensive.&lt;/p&gt;

&lt;h2&gt;
  
  
  PBKDF2: CPU-hard, standardized, everywhere
&lt;/h2&gt;

&lt;p&gt;PBKDF2 (Password-Based Key Derivation Function 2) dates to 2000 and is specified in &lt;a href="https://www.rfc-editor.org/rfc/rfc2898" rel="noopener noreferrer"&gt;RFC 2898&lt;/a&gt;. It derives a key by running an underlying HMAC (commonly HMAC-SHA256) over the password and salt thousands of times in sequence. The only cost knob is &lt;strong&gt;iterations&lt;/strong&gt; — more repetitions, more CPU time, no memory requirement beyond the hash itself.&lt;/p&gt;

&lt;p&gt;That single-dimension cost is PBKDF2's main weakness: it parallelizes cleanly on GPUs and ASICs, which can run huge numbers of hash iterations concurrently far cheaper than a general-purpose CPU can. &lt;a href="https://pages.nist.gov/800-63-3/sp800-63b.html" rel="noopener noreferrer"&gt;NIST SP 800-63B&lt;/a&gt; sets the floor at "typically at least 10,000 iterations," while the current &lt;a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html" rel="noopener noreferrer"&gt;OWASP Password Storage Cheat Sheet&lt;/a&gt; recommends 600,000 iterations for PBKDF2-HMAC-SHA256 in new systems specifically because commodity GPU cracking has gotten so much faster since the function was designed. PBKDF2 is still considered sound — it just needs a high, regularly-revisited iteration count to stay expensive against modern hardware.&lt;/p&gt;

&lt;h2&gt;
  
  
  bcrypt: built for login checks, not general key derivation
&lt;/h2&gt;

&lt;p&gt;bcrypt (1999) wraps the Blowfish cipher into a password-hashing scheme with a configurable, exponential cost factor. It was a real improvement over unsalted or fast-hashed passwords at the time, and OWASP still lists it as an acceptable choice with a work factor "as large as verification server performance will allow, with a minimum of 10."&lt;/p&gt;

&lt;p&gt;Two things limit it outside login-check use cases: it silently truncates input past 72 bytes, and — like PBKDF2 — its cost is CPU time only, so it doesn't resist a well-funded, memory-rich cracking rig as well as a memory-hard function does. It's also not part of any Web Crypto API standard, so a browser can't produce it without shipping a separate implementation.&lt;/p&gt;

&lt;h2&gt;
  
  
  Argon2: memory-hard, the modern default
&lt;/h2&gt;

&lt;p&gt;Argon2 won the &lt;a href="https://www.password-hashing.net/" rel="noopener noreferrer"&gt;Password Hashing Competition&lt;/a&gt; in 2015 and is standardized in &lt;a href="https://www.rfc-editor.org/rfc/rfc9106" rel="noopener noreferrer"&gt;RFC 9106&lt;/a&gt;. Its cost has three independent dials: iterations (time), &lt;strong&gt;memory&lt;/strong&gt; (how much RAM each computation must hold), and parallelism. That memory requirement is the important change — a GPU or ASIC that can run millions of cheap hash operations in parallel can't cheat past a function that demands, say, 19 MiB of memory &lt;em&gt;per guess&lt;/em&gt;. Memory is expensive to parallelize at scale in a way that raw compute isn't.&lt;/p&gt;

&lt;p&gt;OWASP now recommends &lt;strong&gt;Argon2id&lt;/strong&gt; (a hybrid variant resistant to both side-channel and GPU-style attacks) as the first choice for new password-hashing systems, falling back to PBKDF2 only when FIPS-140 compliance is required.&lt;/p&gt;

&lt;h2&gt;
  
  
  The three, side by side
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;PBKDF2&lt;/th&gt;
&lt;th&gt;bcrypt&lt;/th&gt;
&lt;th&gt;Argon2id&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Defined&lt;/td&gt;
&lt;td&gt;RFC 2898 (2000)&lt;/td&gt;
&lt;td&gt;1999, no formal RFC&lt;/td&gt;
&lt;td&gt;RFC 9106 (2021)&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Cost dimension&lt;/td&gt;
&lt;td&gt;Iterations (CPU only)&lt;/td&gt;
&lt;td&gt;Cost factor (CPU only)&lt;/td&gt;
&lt;td&gt;Time + memory + parallelism&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;GPU/ASIC resistance&lt;/td&gt;
&lt;td&gt;Weaker — parallelizes well&lt;/td&gt;
&lt;td&gt;Moderate&lt;/td&gt;
&lt;td&gt;Strong when memory is tuned high&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Input limits&lt;/td&gt;
&lt;td&gt;None significant&lt;/td&gt;
&lt;td&gt;Truncates past 72 bytes&lt;/td&gt;
&lt;td&gt;None significant&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Native in the browser (Web Crypto API)&lt;/td&gt;
&lt;td&gt;Yes&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;td&gt;No&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;FIPS-140 status&lt;/td&gt;
&lt;td&gt;Approved&lt;/td&gt;
&lt;td&gt;Not a NIST/FIPS algorithm&lt;/td&gt;
&lt;td&gt;Not currently FIPS-approved&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;h2&gt;
  
  
  Why FileX uses PBKDF2
&lt;/h2&gt;

&lt;p&gt;FileX derives the AES-256 key for every &lt;code&gt;.filex&lt;/code&gt; container with &lt;strong&gt;PBKDF2-HMAC-SHA256, a random 16-byte salt, and 250,000 iterations&lt;/strong&gt;, calling &lt;code&gt;crypto.subtle.deriveKey&lt;/code&gt; directly — the &lt;a href="https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey" rel="noopener noreferrer"&gt;Web Crypto API&lt;/a&gt; built into every modern browser. That's the deciding factor: &lt;code&gt;SubtleCrypto.deriveKey&lt;/code&gt; supports PBKDF2, HKDF, and ECDH natively. It does not support Argon2 or bcrypt. Getting either of those into the browser means shipping a third-party WebAssembly implementation and trusting it the way you'd trust any dependency — which cuts against FileX's rule of using only the browser's own audited, self-hosted crypto primitives with nothing extra to fetch or verify.&lt;/p&gt;

&lt;p&gt;That's an honest trade-off, not a claim that PBKDF2 is the strongest KDF available. Argon2id's memory-hardness is a genuine advantage against large-scale GPU cracking, and if you're designing a server-side login system today, OWASP's guidance to prefer Argon2id over PBKDF2 is worth following. FileX's use case is different in one respect but not immune to the same math: it derives a &lt;em&gt;file encryption key&lt;/em&gt; from a password, not a login-check hash, but an attacker who obtains a &lt;code&gt;.filex&lt;/code&gt; file still faces the same offline brute-force economics — the salt and iteration count are exactly what slow them down. FileX's 250,000 iterations sit well above the NIST floor of 10,000, though below OWASP's newer 600,000-iteration figure for stored password verifiers; iteration counts are a moving target as hardware gets faster, which is why the cheat sheets keep raising them.&lt;/p&gt;

&lt;p&gt;The practical upshot for you: the KDF is only half the defense. A long, random password does more for your file's security than any iteration count can compensate for on its own — &lt;a href="https://files.cybxsan.com/tools/generate-strong-passwords/" rel="noopener noreferrer"&gt;generate one in your browser&lt;/a&gt; with the same zero-upload guarantee. For the full picture of how the derived key gets used — AES-256-GCM, the random IV, the authentication tag that rejects tampering — see &lt;a href="https://files.cybxsan.com/blog/how-aes-256-gcm-encryption-protects-your-files/" rel="noopener noreferrer"&gt;how AES-256-GCM keeps your files safe&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;
  
  
  Takeaway
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;All three — PBKDF2, bcrypt, Argon2 — exist to make password guessing slow, not to make encryption itself stronger.&lt;/li&gt;
&lt;li&gt;PBKDF2 and bcrypt cost CPU time only; Argon2 also costs memory, which is why it resists GPU/ASIC cracking better.&lt;/li&gt;
&lt;li&gt;Web browsers only implement PBKDF2 natively (via the Web Crypto API), which is why FileX — and most in-browser crypto — uses it rather than Argon2 or bcrypt.&lt;/li&gt;
&lt;li&gt;The password you choose still matters more than the KDF choice. &lt;a href="https://files.cybxsan.com/tools/encrypt-files-in-browser/" rel="noopener noreferrer"&gt;Encrypt a file in your browser&lt;/a&gt; — nothing is uploaded, and the live monitor on the page proves it.&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>pbkdf2</category>
      <category>argon2</category>
      <category>keyderivation</category>
      <category>encryption</category>
    </item>
  </channel>
</rss>
