CrashPlan is engineered to provide the benefits of cloud backup without compromising data security and privacy. With three secure options for managing your archive encryption key, CrashPlan offers the flexibility needed to meet your data security needs. Common questions about CrashPlan security are answered below.
Encryption is the process of converting information into a coded form that cannot be accessed without the key used to encode it. CrashPlan encrypts the files included in your backup before the data is sent to your destinations. Data encryption, combined with a secured encryption key, prevents unauthorized access to your information.
Put simply, if someone ever accessed your backup archive, both your password and encryption key are needed to decrypt your files.
Your backup is encoded with a Blowfish encryption algorithm. Blowfish, which was invented by security expert Bruce Schneier, is a freely available, documented, and open method of encrypting data. Being open is very important. This means that the processes it uses are public, tested by everyone, and proven to be secure. More information is available on Bruce Schneier's website.
The key’s bit length depends on the product you are using:
448-bit refers to the length of the key. The longer the key, the harder it is to decrypt data. A 448-bit encryption key is much stronger than the 128-bit encryption that online banking and most businesses use.
Each data block in your archive is identified by the type and level of encryption. So 448-bit encrypted blocks can be mixed with 128-bit encrypted blocks in the same backup. Backup continues where it left off and uses the stronger encryption for files going forward.
You can access your encrypted files by restoring them from the CrashPlan app or CrashPlan web app. CrashPlan will decrypt your files using your encryption key. The method CrashPlan uses to access your encryption key depends on how you restore your files and your security settings. Learn more about how file decryption works during restores.
CrashPlan offers three options for securing the archive encryption key for your backup. The answer depends on your Archive Encryption setting.
The default settings satisfy the security needs for most users. However, you may want to consider upgrading your security settings if any of the following apply:
Increasing the security setting for your account trades ease of use for enhanced archive security. Each additional level of protection also comes with risks and an increased need for password management. Please review your options carefully before upgrading your security.
Yes, we relock the data encryption key with the new password when it is changed.
Refer to our detailed description for each security option in the Archive Encryption Key Security article for information on where your encryption key is stored.
You can reset your account password at any time. However, our Customer Champions cannot retrieve or restore the archive key password for you if you lose it.
Your files are not actually encrypted with the archive key password or account password. Those passwords act as a way to lock or protect your encryption key. So if you change your archive key password, your data doesn’t need to be re-encrypted and your backup doesn’t need to start over. Rather, your encryption key is simply re-locked with the new archive key password. Your data encryption key never changes.
Imagine you have your keys to your car locked in a safe. The archive key password is the key to the safe, not the keys to the car. You can still restore versions of files encrypted with the original archive key password and you don't need to start your backup over.
For versions 3.6.1 and later, you have the option to enable an archive question. An archive question can be used to reset the archive key password in the event that the existing password is lost or forgotten. If you do not enable the archive question, or you are unable to answer the question correctly, then there is absolutely no way to help you recover the archive key password needed to restore your files. Our Customer Champions cannot help you recover an archive key password. Learn more about your password and account recovery options.
Yes. Enabling the archive key password option affects ALL of the computers on your account. Setting the archive key password on one computer sets the same archive key password for all your computers. You need to enter this archive key password on all the computers in your account.
Because you are changing the encryption key used to encode your data, your backup must start over if you upgrade to the custom key security option, or if you change your custom key.
There is absolutely no way for Code42 to recover your custom key. If you forgot or lose your custom key, you must start over with a new account. Learn more about account recovery.
Enabling custom key security impacts ALL of the computers on your account. However, you can choose to use a different custom key for each computer.
Once your files are encrypted and secured with the security method of your choice, your backup transmission is sent to your destinations using 128-bit AES in-transit encryption.
Yes, it is transferred securely with the same encryption technology used to encrypt files during backup. The key itself is also locked or encrypted.
Code42 ensures and monitors appropriate ISO27001 or SSAE16 certifications for its cloud data centers, and is an ISO27001-certified organization. Code42 continually strives to keep pace with evolving industry security standards.
CrashPlan supports encrypted files, folders, drives, and filesystems that are run at a system level. In other words, they are not being configured and run in a user space. Learn more about backing up encrypted files and locations.