Computing

I use CrashPlan for continuous backup on all my main home computers (that's five currently). I'm also a cryptography freak in that I'll encrypt anything I can! I wanted to use the backup encryption in CrashPlan and seeing a possible security hole with allowing CrashPlan to generate its own keys, I decided to do it the hard way (like most things I do).

These are the steps I took to generate my own hardened CrashPlan encryption keys. I have a different one for every machine CrashPlan is installed on...

This is all done, of course, on a Mac (why do it anywhere else?)

1. Create a password of 56 8-bit characters in any way you want.
Using "Password Assistant," create two "Random" strings of 28 characters.

2. Paste the two 28 character strings as one line into a text file called 'password.key' Make sure there are no line breaks in the file.

3. Base64 encode the file using the terminal.

To decode the file you can use the following:


4. On the "Settings" pane of CrashPlan, select the "Security" tab.
In the "Archive Encryption" section, choose "Replace with your own data key (Advanced)," then paste the contents of the file "password.base64" you created in step 3.

5. Make sure you save the original password (and maybe the Base64 encoded version as well) somewhere safe (an encrypted disk image maybe?). You might need them later and if you forget the password, your backup archive will be unaccessible.

* If you really want to be ultra-super-mega-mondo secure, you can make a really "dirty" password with the following command (by dirty, I mean there is a good chance you won't be able to type the bare password. Just try to base64 decode the output of this command to a file to see for yourself).


** If you're adventurous, you can try to weed out some of the "dirtier" characters with 'tr'


Good luck! I hope this satisfies your craving for hard-core encrypted CrashPlan backups.