How can we help?

We think these articles could help:

    See More
    Home > CrashPlan > Latest > Configuring > Archive Encryption Key Security

    Archive Encryption Key Security

    Applies to:
    • CrashPlan for Home
    • CrashPlan PRO
    • CrashPlan PROe

    Overview

    Code42 regards data security as the most important component of our backup services. That's why CrashPlan encrypts your backup files before any data is sent to your backup destinations. 

    This article contains an in-depth look at each of CrashPlan's encryption key options, as well as other important aspects of your backup's security.

    Note: See the Definitions section below if you are uncertain about the terms used in this article.

    Archive Encryption Key Security Options

    Your files are either encrypted with a 448-bit Blowfish key (CrashPlan for Home, CrashPlan PRO, CrashPlan PROe), or a 128-bit Blowfish key (CrashPlan for Home without a subscription).

    The encryption key itself is secured in one of three ways, based on your security settings:

    See External Resources for more information on Blowfish encryption and the process of salting and hashing passwords.

    Considerations

    • You can upgrade your archive encryption key security from the Settings > Security screen. Each of the encryption key security options offers increasingly greater security; however, with this additional security comes additional responsibility. Review your options carefully before upgrading your security. 
    • You can never downgrade your account security once it is upgraded.
      This prevents someone from recovering your lost or stolen computer and using the CrashPlan app to downgrade your security.
    • CrashPlan PROe only: Your administrator may choose to lock the security policy so that you cannot upgrade your security settings.
    Important

    Your archive encryption key security policy applies to all of the computers on your CrashPlan account. 

    Upgraded security policies are implemented as follows:

    • Archive Key Password: All of the computers on your account must use the same archive key password. You cannot have separate archive key passwords for separate computers on a single account.
    • Custom Key: All of the computers on your account must use a custom key. However, you may use a different custom key for each computer on the account.

    Encryption Key Options At-A-Glance

    The following table provides a comparison of the available archive encryption options. See the Definitions section below if you are uncertain about the terms used in the table.

    Security Account Password (Default) Archive Key Password Custom Key
    Data encryption Yes Yes Yes
    Level of data privacy Strong Stronger Strongest
    Risk of being unable to restore files Low

    With archive question enabled: Medium

    High:
    • Key is nearly impossible to commit to memory
    • Custom key cannot be recovered by Customer Champions or administrators

    Without archive question enabled: High

    Requires restarting backup after upgrading? No No Yes
    Secured key stored on CrashPlan servers? Yes Yes No
    Secured key stored at destination for guest restore?
    (CrashPlan for Home only)
    Yes Yes No
    You must provide your key to restore files
    Information needed to restore from CrashPlan web app Account password  Account password and archive key password Account password and custom encryption key
    Information needed for mobile restore Account password  Account password and archive key password  Account password and custom key 
    Encryption key and credentials used by every computer on account? Yes
    Single account password and encryption key
    Yes
    Single account password, encryption key, and archive key password
    No
    Single account password, but individual computers can have a unique custom key
    Information required for new CrashPlan installations Account password Account password Account password and custom key
    Administrators have access to backup archive?
    (CrashPlan PRO and CrashPlan PROe only)
    Yes No No

    Password And Custom Key Recovery

    You can reset your account password at any time. However, recovering an archive key password or custom key is difficult, if not impossible. 

    Archive Key Password

    In version 3.6.1 and later, you can set an archive question for your archive key password.

    Custom Key
    Warning
    Our Customer Champions have no way to help you recover an archive key password, an archive question, or a custom key.

    Securing Your Encryption Key With Your Account Password

    Your account password is CrashPlan's default method for securing your encryption key. It is the simplest method to use, and it offers a good balance between security and ease of use. Using this method, you can access and restore files from the CrashPlan app, the CrashPlan mobile app, and the CrashPlan web app by supplying your account password. 

    Tech No​tes

    Consideration Details
    Configuration
    • Account password is the default encryption key security option
    Management requirements
    • Only one password to remember
    • Lowest risk of losing ability to restore files
    • (CrashPlan for Home only) Account password can be reset from our website
    Key creation
    • Encryption key is generated by the CrashPlan app when you create your account
    Key security & storage
    • Encryption key is escrowed on CrashPlan's server for web restores and for installations on new devices
    • Secured key is stored at destination for guest restore
    Key storage for mobile devices
    CrashPlan mobile app only
    • Encryption key is not stored on the device
    • Secured key is sent from CrashPlan's server during the sign-in process
    • Secured key is stored in the device's memory only while the CrashPlan mobile app is in the foreground and user is signed in
    Web restore key access
    • Encryption key is escrowed on CrashPlan's servers for decryption
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Administrators can access files backed up to cloud destinations without knowing user account password

    Securing Your Encryption Key With An Archive Key Password

    When you upgrade your encryption key security to the archive key password option, you change how the encryption key is secured, but the encryption key itself doesn't change. Instead of securing the encryption key with your account password, you are choosing to secure the key with an additional password, called an archive key password. Only the secured encryption key is stored on CrashPlan servers. 

    Important!
    • An archive key password applies to all computers included on an account. You cannot have separate archive key passwords for separate computers on a single account. This is true for CrashPlan for Home family plan subscriptions, as well as CrashPlan PRO and CrashPlan PROe user accounts.
    • If you lose or forget your archive key password:
      • With an archive question enabled (versions 3.6.1 and later only): You can reset your archive key password by answering your archive question. If you are unable to provide the correct answer, you will be unable to restore your files and you must start over with a new account.
      • Without an archive question enabled: There is no way to reset your archive key password if it is lost or forgotten. You will be unable to restore files and you must start over with a new account.
      • Code42's Customer Champions cannot assist with recovery of an archive key password or your archive question.

    When upgrading security to use an archive key password, read the confirmation alert carefully:

    Confirm upgrade to archive key password

    Tech Notes

    Consideration Details
    Configuration
    • Upgraded security
    Management requirements
    • Two passwords to remember
    • Increased risk of not being able to restore files if archive key password is forgotten
    • You can change your archive key password at any time without affecting backup data
    • Optional You can provide an archive question that, if answered correctly, can be used to reset your archive key password in the event that it is lost of forgotten
    Key creation
    • Encryption key is generated by the CrashPlan app when you create your account
    • Your encryption key remains the same when you upgrade security to archive key password
    Key security & storage
    • Encryption key exists only on source computer
    • Secured key is secured with your archive key password hash and stored on CrashPlan's servers for authentication during web restores and installations on new devices
    • Secured key stored at destination for guest restore
    Key storage for mobile devices
    CrashPlan mobile app only
    • Encryption key is not stored on the device
    • Secured key is sent from CrashPlan's server during the sign-in process and stored in the device's memory while the CrashPlan mobile app is in the foreground and you remain signed in
    • You must enter your archive key password to restore
    • If you enable Remember my private password, then the archive key password is stored in the device's memory as long as you remain signed in; the key and password are both removed when you sign out
    Web restore key access
    • Encryption key is secured with your archive key password hash and stored on CrashPlan's servers for web restore
    • You must supply your archive key password in order to restore files
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Admins cannot access files backed up to your destinations without knowing your archive key password​
    • Admins cannot access your archive key password

    Archive Question

    An archive question is an optional feature of the archive key password security option that is available in versions 3.6.1 and later of the CrashPlan app​​. An archive question can be used to reset the archive key password in the event that the existing archive key password is lost or forgotten.

    Note: You must know your existing archive key password in order to set the archive question. The question cannot be set if the archive key password has already been lost of forgotten. Code42 ​Customer Champions​​ cannot set an archive question for you, or recover the answer to an archive question in the event that it is lost or forgotten.
    How It Works
    • The question is stored on the CrashPlan server as plain text so that it can be displayed to you if it is needed
    • A salted and hashed version of the answer is stored on the CrashPlan server

    In the event that your archive key password is lost or forgotten, and you have this feature enabled, you can answer your archive question.

    1. CrashPlan presents you with the archive question
    2. CrashPlan salts and hashes the answer you provide and compares it against the salted and hashed version stored on the CrashPlan server
    3. If the salted and hashed version of the stored answer matches the salted and hashed version of the supplied answer, you can enter a new archive key password
    4. The secure key stored on the CrashPlan server is updated with the new archive key password

    Securing Your Archive With A Custom Key

    If you choose the custom key security model, the encryption key generated by CrashPlan is replaced with a custom key of your choice -- 128-bit (CrashPlan for Home without a subscription) or 448-bit (CrashPlan for Home with a subscription, CrashPlan PRO, CrashPlan PROe). This is the most secure option, but it requires the most management because you must provide your long, 128-bit or 448-bit, custom key when performing:

    • Web restore
    • Guest restore
    • Remote restore
    • Installation of CrashPlan on new devices

    With this option, you create your own data key that resides on your computer. The data key is never transmitted to any other locations, including CrashPlan servers. It is up to you to secure your data key on the source computer. Make sure to store a copy of the custom key someplace where it is accessible if you need to restore, even if the source computer has failed. 

    Read our tutorial on upgrading security to custom key for more information on creating, exporting, and importing your custom key. 

    Important!
    • When you upgrade to 448-bit encryption with custom 448-bit key, all previously backed up files associated with the old encryption key are deleted and no longer available for restore.
    • Always store your encryption key in a plain text (.txt) file and work with a plain text editor such as vi, vim, emacs, nano, pico, Notepad or TextMate. Word processors such as Word, Wordpad, Pages, or OpenOffice Writer introduce additional formatting characters and should be avoided when working with encryption keys.
    • There is no way to reset your custom key if it is lost or forgotten. You will be unable to restore files and you must start over with a new account. Please contact our Customer Champion team for assistance. 

    When upgrading security to use a custom key, read the confirmation alert carefully:

    Confirm upgrade to custom key

    Tech Notes

    Consideration Details
    Configuration
    • Highest level of upgraded security
    Management requirements
    • Nearly impossible to remember, with increased risk of not being able to restore files if custom key is lost
    • You must start a completely new backup after upgrading to this security option; files backed up prior to upgrading are deleted from backup archives
    • Web restore, guest restore, new installations, and remote restore require that you provide the custom key
    Key creation
    • The original encryption key generated by the CrashPlan app is replaced with an encryption key you choose
    • You can choose to assign a different custom key to each computer on your account
    Key security & storage
    • Encryption key exists only on source computer
    • Your custom key is never cached at any remote location
    Key storage for mobile devices
    CrashPlan mobile app only
    • Custom key is only stored on your device if you enable Remember my custom key
    • Custom key is removed when you sign out of the app
    Web restore key access
    • You must supply your custom key in order to restore files
    • The custom key is held in memory for the purpose of restoring files; it is never written to disk
    • The custom key is flushed from memory once files are restored
    Administrator access
    CrashPlan PRO and CrashPlan PROe only
    • Admins cannot access files backed up to your destinations without knowing your custom key
    • Admins cannot access your custom key

    Securing Your Encryption Key On The Source Computer

    No matter which security option you use, the encryption key is stored unencrypted on the source computer. This is the only place that Code42 ever stores your encryption key in an unsecured state. The CrashPlan app relies on this encryption key to decrypt files during a restore.

    The encryption key is stored as a hidden file in the following locations (by operating system):

    • Windows Vista/2008/7/8 C:\ProgramData\CrashPlan\.identity 
    • Windows XP/2003 C:\Documents and Settings\All Users\Application Data\CrashPlan\.identity
    • Mac (installed "as root") /Library/Application Support/CrashPlan/.identity
    • Mac (installed "as user") ~/Library/Application Support/CrashPlan/.identity 
    • Linux /var/lib/crashplan/.identity  

    Ultimately, the encryption key stored on the source computer is as secure as the files on your computer. If you require a password to access your computer, but take no additional security measures, then the encryption key is only as secure as your computer's password. If you use software to encrypt your hard drive, then you've added a layer of protection that also protects your CrashPlan encryption key. 

    When deciding whether or not to take extra security precautions with your computer's files, consider:

    • How portable is the computer? Is it a desktop that sits in a home or office with a security system, or is it a laptop that is frequently used outside the home or office?
    • How sensitive are the files stored on the computer? Does the computer store proprietary or confidential information?

    Transmission Security

    Once your files are encrypted and secured with the security method of your choice, your backup transmission is sent to your destinations using 128-bit AES in-transit encryption. 

    Definitions

    The terms below are used throughout this article.

    account password

    Password you supplied when you registered your CrashPlan user account.

    archive question

    An archive question is an optional feature of the archive key password security option (displayed in security settings as 448-bit encryption + password). If your user account has an archive question and answer configured, you are able to reset the archive key password if your existing archive password is lost or forgotten. When the archive question is enabled, the security of your archive key depends on both how hard it is to guess your answer and the strength of your archive password. You can enable the archive question feature at any time, provided you know your current archive password.

    archive key password

    Password supplied when you enable 448-encryption + password encryption key security option. If you have enabled this option, you need to supply the archive key password to restore files. See also account password, secured key.

    custom key

    Encryption key that is user-created (using the Passphrase or Generate options) and is used instead of the encryption key generated by the CrashPlan app. This encryption security option offers the greatest security because the custom key never leaves the source computer.  It also greatly increases user responsibility; there is no way to recover a backup if the custom key is lost or forgotten. CrashPlan Customer Champions have no way to assist with custom key recovery.

    CrashPlan server
    For the purposes of this article, refers to the master server for the CrashPlan product that you are using. If you are using CrashPlan for Home or CrashPlan PRO, the term refers to a server owned and maintained by Code42. If you are using CrashPlan PROe, then this may refer to a Code42 server, or a server owned and maintained by your organization, depending on the configuration of your enterprise's Code42 environment. 
    encryption key

    A piece of information that a cryptographic algorithm uses to encrypt data. CrashPlan PROe, CrashPlan PRO, and CrashPlan for Home with a subscription use 448-bit encryption keys. CrashPlan Free uses 128-bit encryption keys.

    secured key

    A version of a user's archive encryption key that is encrypted with the user's account password (default security) or archive key password (enhanced security).

    External Resources

    • Blowfish is a freely available, documented, and open method of encrypting data (an algorithm). Being open is very important - this means that Blowfish encryption uses public processes that can be scrutinized and tested by everyone and as a result, is proven to be secure. More information on Blowfish encryption is available on creator Bruce Schneier's website.
    • CrashPlan for Home without a subscription uses a 128-bit encryption key and CrashPlan for Home with a subscription uses a 448-bit encryption key. 128-bit encryption is the same encryption that online banking and most businesses use. The longer the key, the harder it is to decrypt data. There's a discussion of CrashPlan's Blowfish encryption in the Listener Feedback section of the Security Now podcast, Episode 230.
    • Salting and hashing is a security measure used for passwords. Learn more about salting and hashing from BlackWasp
    You must to post a comment.
    Last Modified
    16:33, 18 Jun 2014

    Page Rating

    2 of 2 found this page helpful.

    Tags