CrashPlan is engineered to provide the benefits of cloud backup without compromising data security and privacy. With three secure options for managing your archive encryption key, CrashPlan offers the flexibility needed to meet your data security needs. Common questions about CrashPlan security are answered below.
Encryption is the process of converting information into a coded form that cannot be accessed without the key used to encode it. CrashPlan encrypts the files included in your backup before the data is sent to your destinations. Data encryption, combined with a secured encryption key, prevents unauthorized access to your information.
Put simply, if someone ever accessed your backup archive, both your password and encryption key are needed to decrypt your files.
CrashPlan for Home, CrashPlan PRO, and CrashPlan PROe backups are encoded with the Blowfish encryption algorithm. Blowfish is a freely available, documented, and open method of encrypting data. Being open means that the processes it uses are public, tested by everyone, and proven to be secure.
Starting with version 4.2, CrashPlan PROe private cloud deployments also have the option to encode backups using Advanced Encryption Standard (AES). AES is the National Institute of Standards and Technology (NIST) specification for encryption which is used by the US government and is a standard for businesses worldwide.
The strength of the keys used to encrypt your files depends on which product you are using.
|Product||Encryption Algorithm||Key Strength|
|CrashPlan for Home (without a subscription)||Blowfish||128-bit|
|CrashPlan for Home||Blowfish||448-bit|
* Blowfish and AES key strength cannot be directly compared due to a difference in block sizes. For further comparison, more details are available at eFolder Blog.
Each data block in your archive is identified by the type and level of encryption. So 448-bit encrypted blocks can be mixed with 128-bit encrypted blocks in the same backup. Backup continues where it left off and uses the stronger encryption for files going forward.
You can access your encrypted files by restoring them from the CrashPlan app or CrashPlan web app. CrashPlan will decrypt your files using your encryption key. The method CrashPlan uses to access your encryption key depends on how you restore your files and your security settings. Learn more about how file decryption works during restores.
CrashPlan offers three options for securing the archive encryption key for your backup. The answer depends on your Archive Encryption setting.
The default settings satisfy the security needs for most users. However, you may want to consider upgrading your security settings if any of the following apply:
Increasing the security setting for your account trades ease of use for enhanced archive security. Each additional level of protection also comes with risks and an increased need for password management. Please review your options carefully before upgrading your security.
Yes, the encryption key remains the same. If you use the default security option, then your encryption key is relocked with your new account password when your password is changed. If you use either the archive key password or custom key option, then changing you account password has no effect on how your encryption key is secured.
Refer to our detailed description for each security option in the Archive Encryption Key Security article for information on where your encryption key is stored.
You can reset your account password at any time. However, our Customer Champions cannot retrieve or restore the archive key password for you if you lose it.
Your files are not actually encrypted with the archive key password or account password. Those passwords act as a way to lock or protect your encryption key. So if you change your archive key password, your data doesn’t need to be re-encrypted and your backup doesn’t need to start over. Rather, your encryption key is simply re-locked with the new archive key password. Your data encryption key never changes.
Imagine you have your keys to your car locked in a safe. The archive key password is the key to the safe, not the keys to the car. You can still restore versions of files encrypted with the original archive key password and you don't need to start your backup over.
For versions 3.6.1 and later, you have the option to enable an archive question. An archive question can be used to reset the archive key password in the event that the existing password is lost or forgotten. If you do not enable the archive question, or you are unable to answer the question correctly, then there is absolutely no way to help you recover the archive key password needed to restore your files. Our Customer Champions cannot help you recover an archive key password. Learn more about your password and account recovery options.
Yes. Enabling the archive key password option affects ALL of the computers on your account. Setting the archive key password on one computer sets the same archive key password for all your computers. You need to enter this archive key password on all the computers in your account.
Because you are changing the encryption key used to encode your data, your backup must start over if you upgrade to the custom key security option, or if you change your custom key.
There is absolutely no way for Code42 to recover your custom key. If you forget or lose your custom key, you must start over with a new account. Learn more about account recovery.
Enabling custom key security impacts ALL of the computers on your account. However, you can choose to use a different custom key for each computer.
Once your files are encrypted and secured with the security method of your choice, your backup transmission is sent to your destinations using 128-bit AES in-transit encryption.
Yes, it is transferred securely with the same encryption technology used to encrypt files during backup. The key itself is also locked or encrypted.
Code42 ensures and monitors appropriate ISO27001 or SSAE16 certifications for its cloud data centers, and is an ISO27001-certified organization. Code42 continually strives to keep pace with evolving industry security standards.
CrashPlan supports encrypted files, folders, drives, and filesystems that are run at a system level. In other words, they are not being configured and run in a user space. Learn more about backing up encrypted files and locations.