Crashplan + TrueCrypt - Overkill?
Crashplan already has an option to encrypt the data. And if selected, this stores the encrypted file on the server.
Truecrypt certainly has lot more options, but for basic usage, wouldn't CrashPlan's encryption suffice?
Update: After trying CrashPlan, I'm not sure if the said encryption is anything real. Sure, it creates a container file that you cannot open and look in to, but if you go to CrashPlan's website, you can:
- see your entire folder structure
- see individual files
- restore individuals files or group of files any which way you like.
Encryption is supposed to be one-way traffic, if the data is available in plain sight, then I'm not sure if it is encryption. Maybe encoded but not encrypted. Am I missing something here?
Disclosure: I am the CEO and a Founding Partner of Code42
It's overkill. To make matters worse, it'll slow down your backups and delay data protection as the realtime monitoring wont work and encrypted data isn't compressible.
By using private data password (recommended) or generating your own key, you are ensured privacy. (Yes, you have to trust us on saying this, but unless you're a software/security expert personally studying/auditing the truecrypt code, you've got to trust something/someone.
If you have data so precious you can't trust anyone, doubling up encryption is reasonable. However, I'd only do that for that specific set of data - let CrashPlan handle the rest.
I am a TrueCrypt user, but if I was using CrashPlan I would definitely avoid encrypting my data with another product before feeding it to CrashPlan to handle then push over the internet (as the performance would most likely go from good -> painful). If you encrypt a 1GB folder, which contains numerous tiny Word documents, suddenly all you have is a 1GB homogenous blob of data that can't be efficiently handled by your backup software. So, if you add a single extra period to one of those Word docs, then re-save, your TrueCrypt archive file is now ENTIRELY different, and the WHOLE thing has to get backed up again. I would be inclined to trust CrashPlan's encryption (you've got to trust the encryption of these services or find one you DO trust). If you had a small text file with domain administrator passwords and can't sleep at night without double-encrypting it, that's fine, but you'd want to avoid any massive encrypted files (TrueCrypt or otherwise) as the impact on performance will be an increase in network bandwidth, and much slower backups- all for an increase in security you (arguably) don't need. If you are a lawyer, or have medical-related information, then you might have a legal obligation to double-encrypt, or perhaps you can get some sort of legal reassurance from Code 42 that the encryption can be trusted for that kind of data (perhaps you'd have a duty to do that in such a situation, I'm not sure- haven't personally come across this kind of data at work yet). If you were using Dropbox (a company which admits that 5% of their employees have access to the data stored by users in order to maintain and troubleshoot!) then encryption is pretty much essential for anything more than your shopping list, but I would be inclined to trust services which offer encryption as part of the package).
Or the short answer:
... yeah, it's probably overkill.