Turning a human passphrase into a strong cryptographic key using a slow, salted function
Key derivation is the process of turning a human-chosen passphrase into a full-strength cryptographic key, using a deliberately slow, salted function designed to resist guessing.
A passphrase like “correct horse battery staple” has maybe 44 bits of entropy on a good day. AES-256 wants a 256-bit key. You can’t just hash the passphrase once and hand the result to AES — an attacker who steals the encrypted repository would try billions of passphrase guesses per second on a GPU. A key-derivation function (KDF) closes that gap by being intentionally expensive. Modern choices are Argon2id (the current recommendation, memory-hard so GPUs and ASICs don’t help much) and scrypt; PBKDF2 with SHA-256 and a high iteration count, standardised in RFC 8018, is the older but still common workhorse.
Two other ingredients matter. A unique random salt per repository stops an attacker from precomputing answers against common passphrases. Tuned cost parameters — memory, iterations, parallelism — set how long a single guess takes on real hardware, the knob that turns weeks of cracking into centuries.
In macup, your passphrase runs through Argon2id with a per-repository salt before it ever touches AES. The derived key stays on your Mac and, with your permission, in your keychain. The passphrase itself never leaves the device.