How should I configure CrashPlan if I want to make sure Code 42 cannot access the data

backupencryptiononline-backupprivacy

CrashPlan offers some very well-priced cloud-backup packages, but one of the issues I have with such services is the fact that, while the data is encrypted, the encryption key is held and known by the service provider. This has kept me from putting certain files in e.g. Dropbox because of how sensitive the information they contain is.

I see that CrashPlan allows password-protecting the decryption key, and using a custom 448-bit Blowfish key. Which of these options will make sure that I—and only I—can access the files backed up to CrashPlan Central? Do they also constitute "Pre-Internet Encryption" (no data is ever transmitted out of the local system without being encrypted first)?

Best Answer

The three security levels currently available in CrashPlan+ (which allows use of CrashPlan Central for online backups) are:

  • Secure key with account password (default)
  • Secure key with private password
  • Use custom data key

As for which level(s) to use, it appears that anything but the default meets the goal:

Secure key with account password (default)

The default security level allows CrashPlan admins to access backed-up data without knowing the account password, because the key and the information necessary to unlock it are both stored on CrashPlan servers. This level does not meet the goal.

Secure key with private password (better)

This security level removes CrashPlan's ability to read backed-up data, but the encryption key is still stored on CrashPlan's servers—albeit in a locked state that cannot be used for decryption without the private password. This level meets the goal. In the event that the private password is lost and forgotten, the account and all associated backups must be abandoned; no recovery is possible.

Use custom data key (best)

At this security level, the user is responsible for managing encryption keys. The key is stored on the source computer and (allegedly) never transmitted or stored elsewhere. CrashPlan admins cannot decrypt backed-up data. This level meets the goal, squared. Obviously, keys used for this option should be kept safely backed up themselves; lost keys carry the same consequence as lost private passwords, above.

Information sourced from the CrashPlan encryption key help article; more details are available there.