CrashPlan provides you with three secure options for archive encryption, which are described in detail in the Archive Encryption Key Security article. Common questions about CrashPlan security are answered below.
CrashPlan for Home without a subscription uses 128-bit Blowfish to encrypt your files. CrashPlan for Home with a subscription uses 448-bit Blowfish encryption, which is much stronger than the 128-bit encryption that online banking and most businesses use.
Blowfish is an encryption algorithm. It's a freely available, documented, and open method of encrypting data. Being open is very important. This means that the processes it uses are public and can be tested by everyone and are proven to be secure. Blowfish was invented by a security expert named Bruce Schneier and more information is available on his website.
448-bit refers to the length of the key. The longer the key, the harder it is to decrypt data.
Put simply, if someone ever accessed your backup archive, both your password and encryption key are needed to decrypt your files.
Each data block in your archive is identified by the type and level of encryption. So you can have 448-bit encrypted blocks mixed with 128-bit encrypted blocks in the same backup. Backup continues where it left off and uses the stronger encryption for files going forward.
Your account password is the password you entered when you installed the CrashPlan app. Combined with your email address, it links all the computers on your account together.
You can update your Security settings to require your account password in order to run the CrashPlan app. You'll also use the account password to access your CrashPlan account online.
An archive key password is an additional layer of security used to prevent someone else from restoring your files. If you have upgraded your security to 448-bit encryption + password, you must supply your archive key password before you can restore files. The archive key password is never sent to CrashPlan. However, you may be asked to provide this password if you choose to use the web restore feature.
CrashPlan Support cannot retrieve or restore the archive key password for you if you lose it.
The data backed up before you changed your archive password remains backed up.
Imagine you have your keys to your car locked in a safe. The archive password is the key to the safe, not the keys to the car. You can still restore versions of files encrypted with the original archive key password and you don't need to start your backup over.
Your files are not actually encrypted with the archive key password or account password. Those passwords act as a way to lock or protect the actual key used to encrypt data. So if you change your archive password, we do not have to re-encrypt your data or start the back up over. We just re-lock the encryption key with the new archive key password. Your data encryption key never changes.
The reason we give so many warnings before you use this feature is because there is absolutely no way to help you recover an archive key password that Code42 is never privy to.
The only way to fix this is to start your backup again under a new account, since you won't be able to decrypt the files that have already been backed up. Please contact contact our Customer Champion team for assistance.
CrashPlan for Home with subscription, CrashPlan PRO, and CrashPlan PROe:
CrashPlan for Home without a subscription:
Refer to our detailed description for each security option in the Archive Encryption Key Security article for information on where your encryption key is stored.
Yes, we relock the data encryption key with the new password when it is changed.
Yes, it is transferred securely. Not necessarily SSL but with the same encryption technology used to encrypt files during backup. The key itself is also locked or encrypted.
Yes. Enabling the archive key password option affects ALL of the computers on your account. Setting the archive password on one computer sets the same archive password for all your computers. You need to enter this archive key password on all the computers in your account.
FileVault 2 (OS X version 10.7+) is full disk encryption and no special configuration or action is required to use CrashPlan with FileVault 2.
To use CrashPlan and FileVault (Mac OS X version 10.4-10.6) together, you have two choices:
There are two types of SAS 70 certifications: Type I and Type II.
All CrashPlan data centers are SAS 70 Type II certified.