C2 Encryption Key increases iteration count to 600K
Whether you consider yourself security-minded or not, you’ll be happy to hear Synology’s latest C2 Encryption Key update. Yes, we’re increasing the default PBKDF2 iteration from 100K to 600K rounds, a significant security improvement.
What is C2 Encryption Key?
The C2 Encryption Key, also known as the C2 Key, is a critical element in Synology’s C2 services, acting as a singular encryption key across various C2 services, except for C2 Object Storage and C2 Surveillance. It’s designed to be managed solely by the user and not stored on Synology’s servers, thereby ensuring maximum security.
Some of you might have been wondering about a question for a while now: why do we need the C2 Encryption Key apart from the credentials of Synology Accounts? Well, the C2 Key serves as an additional layer of security as it’s used to encrypt and decrypt all your data, entirely on the client side to prevent your Key from being transmitted to the C2 server.
In the security architecture of Synology C2, the C2 Encryption Key is therefore a crucial component. By “iteration count”, we’re referring to the number of times the encryption key is passed through a hash function. The higher the iteration count, the harder it is for attackers to crack C2 Encryption Keys.
Why 600K rounds?
Why are we increasing the number of iterations, you ask? What are the reasons behind this update? We’ve decided on the number taking into consideration the below factors:
- Security enhancement — With a higher iteration count, it takes more time and computational power to calculate the hash function, making it more time-consuming for foul players to hack your data.
- Balance between security and performance — When more rounds of iteration are implemented, the time required to decrypt data also drags longer. We’ve decided after prudent evaluation that 600K is an ideal number that balances between safety and speed.
- Prevention against future attacks — C2 Encryption Key serves as a second layer of protection. Stepping up the iteration is also a preventive measure that will help protect users of C2 Keys from future attacks.
And how does this concern me?
This upgrade will further secure your accounts against brute-force attacks. However, it’s important to understand that increased iterations can also mean longer operations of encryption and decryption. In addition, here are a few things we’d like to remind you of:
- Make sure everything is up-to-date. Running the latest version of our services ensures availability of the new iteration scheme. Also, consider strengthening your C2 Encryption Key by using a stronger combination of characters.
- You are welcome to take additional steps to keep your C2 data safe, such as enabling 2FA for your Synology Account or switching to passkeys. Check out the links to learn more.
- Other than updating the C2 Password app and extensions, you should feel no different than before. Please rest assured that the change won’t be implemented until all users are running the latest updates. This way, we make sure that no one is locked out of their own data because their device can’t decrypt 600K rounds of iterations.
We care about your security
Synology C2 is committed to providing users with the most secure cloud solutions possible. We believe increasing the iteration count will help us go above and beyond in protecting your data. Don’t forget to update your C2 apps and extensions now, so you don’t miss any security upgrade!
