I'm not a security expert neither do I understand cryptography hence the question: I assume they are not using the original password to encrypt data. They are generating a symmetric encryption key and encrypt it with the original password, storing it along with the encrypted data on their servers. The question is how secure the encryption on symmetric key? What if it is easily brutfocable?
