Data Encryption – Understanding Our AES-256 Encryption & Key Management
eazyBackup always encrypts all user data before storing or transmitting it, using strong AES-256-CTR with Poly1305 in AEAD mode with high-entropy random keys.
Encryption is enabled by default and cannot be disabled.
Encryption keys for your data are automatically generated and managed by the eazyBackup app. The data encryption keys are then encrypted against your backup account password, and stored on the Server.
This means that (A) eazyBackup is unable to decrypt data without the customer's password; and (B) in the event of a customer PC loss, only the customer's password is necessary to log in to the account and restore data.
AES-256-CTR with Poly1305 in AEAD mode: This is the core encryption technology used. AES-256-CTR refers to the Advanced Encryption Standard with a 256-bit key in Counter mode, which is a form of symmetric key cipher. This mode encrypts data in blocks, making it highly efficient and secure. Poly1305 in AEAD (Authenticated Encryption with Associated Data) mode adds an additional layer of security by providing message authentication, which checks the integrity and authenticity of the data.
High-entropy random keys: High-entropy keys are used to increase the cryptographic strength of the encryption, making it much harder for attackers to predict or brute-force the encryption keys.
User's password and key derivation: The user's password is not used directly as an encryption key. Instead, it undergoes a process called PBKDF2-SHA512 (Password-Based Key Derivation Function 2 using SHA-512 hashing), which derives two 192-bit keys (labeled as "L" and "R"). This method involves using the password to generate a unique key, fortified by the hashing process, making it more secure against brute force attacks.
Hard-coded parameters for repeatable output: The use of hard-coded parameters in the key derivation process ensures that the output (derived keys) is consistent every time, based on the same input parameters. This is important for system reliability and user authentication.
Last updated