CrashPlan (the free version) uses 128-bit Blowfish to encrypt your files. CrashPlan+ uses 448-bit Blowfish encryption, which is much stronger than the 128-bit encryption that online banking and most businesses use.
Blowfish is an encryption algorithm. It's a freely available, documented, and open method of encrypting data. Being Open is very important. This means that the processes it uses are public and can be tested by everyone and are proven to be secure. Blowfish was invented by a security expert named Bruce Schneier. More information is available online here: http://www.schneier.com/blowfish.html
448-bit is the length of the key. The longer the key, the harder it is to decrypt data.
Put simply, if someone ever accessed your backup archive, both your password and encryption key is needed to decrypt your data.
Each of data block is identified by the type/level of encryption. So you can have 448-bit encrypted blocks mixed with 128-bit encrypted blocks in the same backup. Backup continues where it left off and uses the stronger encryption for files going forward.
Your account password is the password you entered when you installed CrashPlan. Along with your email address, it links all your computers together.
Enter the account password if you indicated that a password is required to run the CrashPlan desktop. You'll also use the account password to access your CrashPlan account online.
An archive password is used to prevent someone else from restoring your files. If you have upgraded your security to 448-bit encryption + password, you must supply your archive password before you can restore files. The archive password is never sent to CrashPlan. However, you may be asked to provide this password if you choose to use the web restore feature.
CrashPlan Support cannot retrieve or restore the archive password for you if you lose it.
The data backed up before you changed your archive password remains backed up.
Imagine you have your keys to your car locked in a safe. The archive password is the key to the safe, not the keys to the car. You can still restore versions of files encrypted with the original archive password and you don't need to start your backup over.
Your data is not actually encrypted with the archive password or account password. Those passwords act as a way to lock or protect the actual key used to encrypt data. So if you change your archive password, we do not have to re-encrypt your data or start the back up over. We just re-lock the encryption key with the new archive password. Your data encryption key never changes.
The reason we give so many warnings before you use this feature is because there is absolutely no way to help you recover an archive password we are never privy to.
The only way to fix this would be to start your backup again under a new acount, since you won't be able to decrypt the data that has already been backed up. Please contact email@example.com for assistance.
CrashPlan's servers escrow the encryption key when using 448-bit encryption or 448-bit encryption + password.
CrashPlan's servers do not escrow the encryption key when using a custom 448-bit key. This means that if you lose or forget your encryption key, your backup data cannot be recovered and CrashPlan Support cannot assist with recovery.
It is stored in your CrashPlan configuration settings but locked by your private data password. It is also stored in the archive locked by your private data password, this facilitates guest restore.
Where does CrashPlan retrieve the data encryption key for decrypting the backup if I have reinstalled my OS or formatted my hard drive?
Upon reinstalling CrashPlan, your configuration settings are pulled from our server, including your locked encryption key. You are then prompted for your private data password before restoring. The private data password is used to unlock the encryption key to begin restore.
Yes, we relock the data encryption key with the new password when it is changed.
Yes, it is transferred securely. Not necessarily SSL but with the same encryption technology used to encrypt data during backup. Also the key is locked or encrypted itself.
Yes. Enabling “448-bit encryption + password” affects ALL of your computers. Setting the archive password on one computer sets the same archive password on all computers under your account and you'll need to enter the this archive password on all the computers in your account.
FileVault 2 (Mac OS X 10.7-10.8) is full disk encryption and no special configurations or action is required to use CrashPlan with FileVault 2.
To use CrashPlan together with FileVault (Mac OS X 10.4-10.6), you have two choices:
- Back up the giant file vaults - these are virtual disks. You'll only be able to restore the vaults in their entirety, never a specific file.
- Remove CrashPlan and reinstall. When installing, use the Customized mode to install CrashPlan as a specific user. We currently support only one filevault per computer. Backups will occur only when you're logged into your computer, as that is the only time CrashPlan will be able to see individual files.
There are two types of SAS 70 certifications: Type I and Type II.
All CrashPlan data centers are SAS 70 Type II certified.
For details on SAS 70 compliance, click here.