Eblob is an encrypted blob (binary large object, in the terms of databases), holding any kind of symmetrically encrypted data with the passphrase used to derive the key. It is used to secure configuration files, holding valuable private keys, allowing them to be transferred safely everywhere.
In fact it uses two factors for securing the data:
Whole security depends on the passphrase itself. Pay attention that this is not the password. Password is a short string of high entropy (highly random) characters, but passphrase is (very) long string of low-entropy characters. Low-entropy text is much more easier to remember, and its length provides pretty enough entropy as a result.
Password strengthening function is applied to that passphrase to mitigate brute-force and dictionary attacks on it. Here, Balloon memory-hard password hashing function is used, together with BLAKE2b-256 hash. It has proven memory-hardness properties, very easy to implement, resistant to cache attacks and seems more secure than Argon2 (Password Hashing Competition winner).
Eblob is an XDR-encoded structure:
+-------+------------------+------+ | MAGIC | S | T | P | SALT | BLOB | +-------+------------------+------+
|Magic number||8-byte, fixed length opaque data||N N C P B 0x00 0x00 0x03|
|S, T, P||unsigned integer||Space cost, time cost and parallel jobs number|
|Salt||32 bytes, fixed length opaque data||Randomly generated salt|
|Blob||variable length opaque data||Authenticated and Encrypted data itself|
balloon(BLAKE2b-256, S, T, P, salt, password)