CrashPlan encrypts your backup files before any data is sent to your backup destinations. You choose how the encryption key is secured in CrashPlan for Home, with or without a subscription.
A secure 128-bit Blowfish key (CrashPlan for Home without a subscription) or a secure 448-bit Blowfish key (CrashPlan for Home with a subscription, CrashPlan PRO, CrashPlan PROe) is used to perform the encryption. See Additional Details and Resources for more info on Blowfish encryption.
There are three different archive encryption key security options to choose from:
Your archive encryption key security policy applies to your entire CrashPlan account.
Use the Settings > Security page to upgrade your archive encryption key security. Each of the encryption key security options offers increasingly greater security; however, with this additional security comes additional responsibility:
Using your account password to secure your encryption key is the simplest method to use. It offers a good balance between security and ease of use.
When you secure your encryption key with your account password, your encryption key is locked with a secure version of your account password. You ask CrashPlan to securely store both your locked encryption key and the secure version of your account password. If you forget your account password, you can use the account password reset tool to ask CrashPlan to change the lock on your encryption key.
When you upgrade your encryption key security to the private password option, you change how the encryption key is secured, but the encryption key itself does not change. Instead of using the secure version of your account password to lock your encryption key, you choose to use a secure version of an additional password, called a private password, to lock your encryption key. With the private password model, you ask CrashPlan's servers to hold only the locked encryption key. CrashPlan is thus unable to unlock the encryption key for you if you forget your private password.
If you choose the data key security model, you replace the encryption key generated by CrashPlan with a data key of your choice. This is the most secure option, but it requires the most management because you must provide your long, 128-bit (CrashPlan for Home without a subscription) or 448-bit (CrashPlan for Home with a subscription) data key every time you restore.
You create your own data key that resides on the source computer. The data key is never transmitted to any other locations, including Code42's servers. It is up to you to secure your data key on the source computer. Make sure to store a copy of the data key someplace where it is accessible if you need to restore, even if the source computer has failed.
You can create your data key in several ways:
Once you've selected the method for generating your data key, you can use the Export option to export the key to a text file so the key can be stored safely. When you need to restore files to another computer in your account, you can use the Import option to import the encryption key from the text file.
If you have forgotten or misplaced your private password or data key, the files backed up under your account cannot be restored. You must start over with a new account, which means you must start your backup over. To start over:
Repeat steps 4-7 for any additional computers, but use Existing Account for step 5. If you have a Family Unlimited subscription, you only need to enter your license key on one computer.
Blowfish is a freely available, documented and open method of encrypting data (an algorithm). Being Open is very important - this means that Blowfish encryption uses public processes that can be scrutinized and tested by everyone and as a result, is proven to be secure. More information on Blowfish encryption is available online on creator Bruce Schneier's website:
CrashPlan for Home without a subscription uses a 128-bit encryption key and CrashPlan for Home with a subscription uses a 448-bit encryption key. 128-bit encryption is the same encryption that online banking and most businesses use. The longer the key, the harder it is to decrypt data.
There's a discussion of CrashPlan's Blowfish encryption in the Listener Feedback section of the Security Now podcast, Episode 230.