Skip to Content
Introducing the new Magma! 🌋
RailsSecurity

Security

Account Password

You are responsible for keeping your account secure while using Rails services.

During the setup process, we highly recommend using a strong account password. This password is the primary entropy used to encrypt and decrypt your sensitive information. Rails provides tools to create strong passwords, including a strength meter to measure password entropy.

Never forget your account password!

  • The password is cleared from memory after use and is never transmitted in cleartext to Rails servers.
  • If you forget it, there is no way to recover your password.

This ensures that no one, including the Rails team, can access or reverse-engineer your sensitive data. All sensitive data is fully encrypted or hashed before it leaves your device, providing robust protection for you and your information.

Strong Password Guidelines

  • Use a combination of uppercase and lowercase letters, numbers, and special characters.
  • Avoid using easily guessable information like names or birthdates.
  • Consider using a password manager to securely store and generate strong passwords.

Overview of the Node Setup Process

Master Key and Master Password Hash

During the Node setup process, Rails uses the Argon2id  Key Derivation Function (KDF) to generate a master key.

  1. Master Key Creation:

    • The master key is derived using your account password as the key and your team ID as the salt.
    • This key is never stored or transmitted to Rails servers.

  2. Master Password Hash:

    • Argon2id is used to create a hash with the master key as the key and the account password as the salt.
    • This hash is transmitted to Rails servers for authentication.
    • On receipt, the server rehashes it with Argon2id and a random salt. The new hash is then stored securely.

Argon2  is the winner of the 2015 Password Hashing Competition . The Argon2id variant provides strong security against brute-force and side-channel attacks.