CrashPlan encrypts your backup files before any data is sent to your backup destinations. With both CrashPlan and CrashPlan+, you choose how the encryption key is secured.
A secure 128-bit Blowfish key (CrashPlan) or a secure 448-bit Blowfish key (CrashPlan+) is used to perform the encryption. See Additional Details and Resources for more info on Blowfish encryption.
There are three different archive encryption key security options to choose from:
- Secure key with your account password
- Secure key with private password
- Replace with your own data key
Your archive encryption key security policy applies to your entire CrashPlan account.
Use the Settings > Security page to upgrade your archive encryption key security. Each of the encryption key security options offers increasingly greater security; however, with this additional security comes additional responsibility:
- Important: Once you have upgraded your security settings:
- You can never downgrade.
This prevents someone from recovering your lost or stolen computer and using CrashPlan to downgrade your security.
- If you lose the private password or data key, you will not be able to restore your data.
CrashPlan Support has no way to help you reset or recover the existing backups.
- If you forget your private password or lose the data key that you created, you must start over with a new account.
- You must restart your backup when upgrading to the data key option. Your previous backups are removed and you can no longer restore data.
Using your account password to secure your encryption key is the simplest method to use. It offers a good balance between security and ease of use.
When you secure your encryption key with your account password, your encryption key is locked with a secure version of your account password. You ask CrashPlan to securely store both your locked encryption key and the secure version of your account password. If you forget your account password, you can use the account password reset tool to ask CrashPlan to change the lock on your encryption key.
- Account password is the default encryption key security option
- Your account password is salted and hashed before being stored on CrashPlan's servers
- The encryption key itself is stored secured (locked using the salted and hashed version of your account password) on CrashPlan's servers and any friend destinations
- Admins can access backup data stored on CrashPlan's servers without knowing your account password
- You can reset your account password from www.crashplan.com
- The encryption key is generated by the CrashPlan desktop when you create your account
When you upgrade your encryption key security to the private password option, you change how the encryption key is secured, but the encryption key itself does not change. Instead of using the secure version of your account password to lock your encryption key, you choose to use a secure version of an additional password, called a private password, to lock your encryption key. With the private password model, you ask CrashPlan's servers to hold only the locked encryption key. CrashPlan is thus unable to re-lock the encryption key for you if you forget your private password.
- If you lose or forget your private password, you will not be able to restore
- There is no way to reset your private password if it is lost or forgotten and even CrashPlan Support cannot assist with recovery
- Your encryption key remains the same when you upgrade security to private password
- You can change your private password at any time and changing the private password does not affect backup data
- The encryption key itself is stored secured (locked using the salted and hashed version of your private password) on CrashPlan's servers and at any friend destinations
- Admins cannot access backup data stored on CrashPlan's servers without knowing your private password
- Admins have no access to your private password
If you choose the data key security model, you replace the encryption key generated by CrashPlan with a data key of your choice. This is the most secure option, but it requires the most management because you must provide your long, 128-bit (CrashPlan) or 448-bit (CrashPlan+) data key every time you restore.
You create your own data key that resides on the source computer. The data key is never transmitted to any other locations, including CrashPlan's servers. It is up to you to secure your data key on the source computer. Make sure to store a copy of the data key someplace where it is accessible if you need to restore, even if the source computer has failed.
- If you lose your data key, you will not be able to restore
- There is no way to reset your data key if it is lost or forgotten and even CrashPlan Support cannot assist with recovery
You can create your data key in several ways:
- Enter a passphrase that returns a data key and then paste the key into the encryption key box
- Allow CrashPlan to generate a completely random data key for you without entering any text (just click the Generate option)
- Import a data key that has been saved to a text file (e.g., an SSH private key)
Once you've selected the method for generating your data key, you can use the Export option to export the key to a text file so the key can be stored safely. When you need to restore files to another computer in your account, you can use the Import option to import the encryption key from the text file.
- Highest upgraded security
- When you upgrade, your original encryption key is replaced with an encryption key you choose
- You must start a completely new backup after upgrading and data backed up prior to upgrading is deleted
- Your data key is never transmitted beyond the source computer
- Your data key is never cached at any remote location
- You can choose to assign a different data key for each computer in your account
- Web restore, guest restore, new installations, remote restore, etc. require that you provide the data key
- Admins cannot access backup data stored on CrashPlan's servers without knowing your data key
- Admins have no access to your data key
If you have forgotten or misplaced your private password or data key, the files backed up under your account cannot be restored. You must start over with a new account, which means you must start your backup over. To start over:
- Sign into My Account at www.crashplan.com.
- Update your account email address to something like firstname.lastname@example.org.
- (CrashPlan+ only) Under Subscriptions, copy and paste your license key(s) into a file stored someplace safe. You'll need these later.
- Open the CrashPlan desktop and issue the deauthorize command to sign out.
- Select New Account from the login screen to create a new account.
- Start backup.
- (CrashPlan+ only) Enter your license key under Settings > Account > Key.
Repeat steps 4-7 for any additional computers, but use Existing Account for step 5. If you have a Family Unlimited subscription, you only need to enter your license key on one computer.
Blowfish is a freely available, documented and open method of encrypting data (an algorithm). Being Open is very important - this means that Blowfish encryption uses public processes that can be scrutinized and tested by everyone and as a result, is proven to be secure. More information on Blowfish encryption is available online on creator Bruce Schneier's website:
CrashPlan uses a 128-bit encryption key and CrashPlan+ uses a 448-bit encryption key. 128-bit encryption is the same encryption that online banking and most businesses use. The longer the key, the harder it is to decrypt data.
There's a discussion of CrashPlan's Blowfish encryption in the Listener Feedback section of the Security Now podcast, Episode 230.