Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Crashplan security concern with FileVault' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Crashplan security concern with FileVault
Authored by: Basilisk on Apr 30, '09 09:06:16PM

I too am using Crashplan, but users should be aware that Crashplan seems to have a serious security oversight when used in conjunction with FileVault.

Crashplan stores account information and its data encryption key in '/Library/Crashplan/.identity'. This file is protected only with OS X filesystem permissions. Since this file is store *outside* your FileVault it means that an attacker who steals your laptop can obtain the encryption keys without actually decrypting your FileVault.

It *may* possible to stage an offline attack against the backup data with this encryption key (I have not attempted this). It certainly appears to be a case of insecure key handling.

This issue has been reported to Crashplan and escalated to their development team, but they have not satisfactorily addressed this concern. Its seems to be possible to correct this issue by symlinking the .identity file to another location *inside* FileVault, thus protecting the backup encryption key from offline decryption alongside the rest of your FileVaulted data. Its not clear why they don't take this seemingly simple precaution.



[ Reply to This | # ]
Crashplan security concern with FileVault
Authored by: syko on Apr 30, '09 10:14:55PM

are you sure about this? I don't see a key there



[ Reply to This | # ]
Crashplan security concern with FileVault
Authored by: Basilisk on Apr 30, '09 11:11:17PM
I'm confident that the file contains fields called "privateKey" and "publicKey" as well as other obvious account data (email, guid). This is consistent with Crashplan's terminology for key handling. I'm also confident that the file is automatically updated by Crashplan and contains the same key data across every computer attached to my Crashplan account (also consistent with Crashplan's use of a single encryption key for all computers on an account).

It may be that the key may only be stored in that location if you use a "data password", which is ostensibly their higher level of security. I you use normal security level the encryption key is actually escrowed on their server (per their FAQ). In that case they may just download the key everytime.

Crashplan has a page that tries to explain all this http://support.crashplan.com/doku.php/articles/encryption_key which makes it (somewhat) clear that the "private" key is stored unencrypted on the source computer. Their latest version even offers an option to supply your own private encryption key, though its not clear that resolves the issue of secure storage of the key for FileVault users.


[ Reply to This | # ]
Crashplan security concern with FileVault
Authored by: stuwd on May 01, '09 03:39:57AM
Hi, I was the original poster (it reads much better now - thanks robg!). The .identity file is indeed there in library/crashplan if you allow hidden files to be seen via Terminal (see [link:]http://www.brooksandrus.com/blog/2007/03/23/mac-os-x-show-hide-hidden-files-in-finder/ on how to do this).

[ Reply to This | # ]