How Dropbox securely stores your passwords: an inside look at top-tier cloud protection

In this post, we want to share more details of our current password storage mechanism and our reasoning behind it. Our password storage scheme relies on three different layers of cryptographic protections, as the figure below illustrates. For ease of elucidation, in the figure and below we omit any mention of binary encoding (base64).

Sourced through from:

Very technical summary from dropbox of their password encryption algorithm.


I expect all cloud service providers to treat my information as confidential, starting with my passwords. With the care and attention that dropbox protects its password, you can see how top tier cloud providers – Google, Microsoft, Apple, Facebook – will most often be more secure than anything you can do, even if you are a fairly large corporation. Trust cloud services as they are probably more secure than whatever your internal IT can provide. It is their bread and butter and their reputation – and ultimately their whole business – relies on it.

Farid Mheir