How does crashplan encryption work?

Question

I am considering using CrashPlan home cloud backup with the "archive key password".

At the top of the archive encryption key security page it says the data is encrypted before it is sent to the backup servers (which seems eminently sensible to me). Then lower down on the same page it says the backup key is stored on the server. Surely for a symmetrical encryption like Blowfish, if the data is to be encrypted before it's sent over the wire, the encryption key would have to be stored on the client?

I'm sure I've overlooked something obvious here. Can anyone explain how the encryption works?

Answer 1

Look at the 'Encryption Key Options At-A-Glance' table. While it's not immediately clear, the 'Archive Key Password' method still provides a backdoor in case you forget your password, which is why it is necessary to store the key on the server. This means if someone gains access to the CrashPlan key database, reverses the hash on both your password and archive key, they could potentially access your files, as unlikely as that is.

While the encryption may happen on the client side, the key is still sent to CrashPlan, likely hashed.

If you are looking to be truly secure, a custom key is the only way to ensure that it is impossible for an attacker to get your key even if they access the CrashPlan database, since that key is not transmitted to CrashPlan. The caveat is, if you forget or lose your key, your data is gone, with no option for recovery, which isn't what most people want.

I would guess the reasoning for this, is to allow users to add a second layer of security, but still have an recovery option (security question) in case they forget their archive password.