Key derivation, defined
Key derivation turns a human passphrase into a cryptographic key. A key derivation function such as PBKDF2 mixes the passphrase with a random salt and repeats the work many thousands of times, so the same passphrase always yields the same key on your device while guessing attacks stay expensive for everyone else.
From a passphrase to a key
Encryption algorithms need keys of an exact size with full randomness, and human passphrases are neither. A key derivation function (KDF) closes that gap: it takes the passphrase and a salt, does a large amount of deliberate work, and outputs key material of the right size. The function is deterministic, so the same passphrase and salt always reproduce the same key, which is what lets your own devices unlock your own data without the key ever being stored anywhere.
Why the salt and the iterations matter
The salt is a random, non-secret value stored alongside the account. It guarantees that two people with the same passphrase end up with different keys, and it stops attackers from precomputing one table of guesses to use against everyone. The iteration count forces the KDF to repeat its internal work, PBKDF2 repeats a hash, so every single guess an attacker makes costs the same multiplied effort. Standards guidance is to set the count as high as your slowest device tolerates.
In Violet
Violet, currently pre-launch, derives the content key on the client only: your passphrase plus a per-account salt go through PBKDF2-SHA256 with 200,000 iterations to produce a 256-bit AES-GCM key. The key is created through the Web Cryptography API as non-extractable, which means the platform itself refuses to export the key bytes, and it is never sent to the server. The server holds the salt (which is not a secret) and the sealed envelopes, nothing that can open them.
Definitions
- key derivation function (KDF)
- A deterministic function that turns input secrets such as a passphrase, plus a salt, into cryptographic key material of a required size, usually with deliberately expensive computation.
- PBKDF2
- Password-Based Key Derivation Function 2, standardized in RFC 8018. It applies a hash-based function repeatedly (the iteration count) over the passphrase and salt to produce a key.
- salt
- A random, non-secret value mixed into key derivation so that identical passphrases produce different keys and precomputed guessing tables become useless.
- non-extractable key
- A key created through the Web Cryptography API with extraction disabled: the application can use it to encrypt and decrypt, but the platform refuses to export the raw key bytes.
Questions
Is a passphrase the same as a password?
Functionally yes: both are secrets you remember. Passphrase usually signals something longer, often several words, which matters here because the derived key protects everything. Length adds far more strength than symbol substitutions.
If I forget my passphrase, can the provider reset it?
Not without losing the encrypted content. When the key is derived from your passphrase on your device, the provider never has it, so there is nothing to reset on the server side. A product that can restore your old content after a reset is holding a key somewhere, which is a different architecture. This trade is the honest cost of end-to-end encryption.