CrashPlan provides you with three secure options for archive encryption, which are described in detail in the Archive Encryption Key Security article. Common questions about CrashPlan security are answered below.
CrashPlan for Home without a subscription uses 128-bit Blowfish to encrypt your files. CrashPlan for Home with a subscription uses 448-bit Blowfish encryption, which is much stronger than the 128-bit encryption that online banking and most businesses use.
Blowfish is an encryption algorithm. It's a freely available, documented, and open method of encrypting data. Being open is very important. This means that the processes it uses are public and can be tested by everyone and are proven to be secure. Blowfish was invented by a security expert named Bruce Schneier and more information is available on his website.
448-bit refers to the length of the key. The longer the key, the harder it is to decrypt data.
Put simply, if someone ever accessed your backup archive, both your password and encryption key are needed to decrypt your files.
Each data block in your archive is identified by the type and level of encryption. So you can have 448-bit encrypted blocks mixed with 128-bit encrypted blocks in the same backup. Backup continues where it left off and uses the stronger encryption for files going forward.
Your account password is the password you entered when you installed the CrashPlan app. Combined with your email address, it links all the computers on your account together.
You can update your Security settings to require your account password in order to run the CrashPlan app. You'll also use the account password to access your CrashPlan account online.
An archive key password is an additional layer of security used to prevent someone else from restoring your files. If you have upgraded your security to 448-bit encryption + password, you must supply your archive key password before you can restore files. The archive key password is never sent to CrashPlan. However, you may be asked to provide this password if you choose to use the web restore feature.
CrashPlan Support cannot retrieve or restore the archive key password for you if you lose it.
The data backed up before you changed your archive key password remains backed up.
Imagine you have your keys to your car locked in a safe. The archive key password is the key to the safe, not the keys to the car. You can still restore versions of files encrypted with the original archive key password and you don't need to start your backup over.
Your files are not actually encrypted with the archive key password or account password. Those passwords act as a way to lock or protect the actual key used to encrypt data. So if you change your archive key password, we do not have to re-encrypt your data or start the back up over. We just re-lock the encryption key with the new archive key password. Your data encryption key never changes.
For versions 3.6.1 and later, you have the option to enable an archive question. An archive question can be used to reset the archive key password in the event that the existing password is lost or forgotten.
Note: You must know your existing archive key password in order to set the archive question. The question cannot be set if the archive key password has already been lost of forgotten. Code42 Customer Champions cannot set an archive question for you, or recover the answer to an archive question in the event that it is lost or forgotten.
If you do not enable the archive question, or you are unable to answer the question correctly, then there is absolutely no way to help you recover the archive key password needed to restore your files. Our Customer Champions cannot help you recover an archive key password.
The only way to fix this is to start your backup again under a new account, since you won't be able to decrypt the files that have already been backed up. Please contact our Customer Champion team for assistance.
CrashPlan for Home with subscription, CrashPlan PRO, and CrashPlan PROe:
CrashPlan for Home without a subscription:
Refer to our detailed description for each security option in the Archive Encryption Key Security article for information on where your encryption key is stored.
Yes, we relock the data encryption key with the new password when it is changed.
Yes, it is transferred securely. Not necessarily SSL but with the same encryption technology used to encrypt files during backup. The key itself is also locked or encrypted.
Yes. Enabling the archive key password option affects ALL of the computers on your account. Setting the archive key password on one computer sets the same archive key password for all your computers. You need to enter this archive key password on all the computers in your account.
FileVault 2 (OS X version 10.7+) is full disk encryption and no special configuration or action is required to use CrashPlan with FileVault 2.
To use CrashPlan and FileVault (Mac OS X version 10.4-10.6) together, you have two choices:
There are two types of SAS 70 certifications: Type I and Type II.
All CrashPlan data centers are SAS 70 Type II certified.