Goal: Security done right
Protecting the privacy of our users’ data is a top priority for us here at Backblaze and that means encryption. But providing a service that is extremely easy to use is also a key part of our vision and far too often encryption makes a product hard to use. This trade-off was unacceptable to us so we set out to build a system that delivers military grade encryption without compromise! Here is the full list of our requirements:

1) Protect data with military grade encryption
2) Implement encryption transparently so users don’t have to deal with it
3) Allow users to change their password without re-encrypting their data
4) In business environments, allow IT access to data without the user’s password

The solution: Military grade encryption made easy
To accomplish the ambitious goals above we used a mix of public/private and symmetric key algorithms. The math behind this cryptography is hard but the idea is simple…. Public/private keys allow you to encrypt data with one key and decrypt it with another one. Typically data is encrypted with the public key and decrypted with a private key that is kept secret but the reverse also works. This is very useful because it allows us to encrypt data in the background without requiring the user to type in their password.

Unfortunately, public/private key algorithms are slow and can’t be used to encrypt a large amount of data. Symmetric key algorithms use the same key to encrypt and decrypt data and are very fast on large amounts of data. But since the same key is used to decrypt the data, the data is only secure if the symmetric key is secure.

Combining these algorithms, here’s how our system works.


We generate a new 2048-bit RSA public/private key pair when our client is installed, store the public key on the local disk and transmit the private key to our datacenter via https. Then, for each backup session, we generate a new random 128-bit AES symmetric key which we use to encrypt the user’s data. We secure the 128-bit AES key by encrypting it with the user’s public key and transmit the encrypted file along with the encrypted key to our datacenter over https. We destroy the unencrypted 128-bit AES key at the end of each backup session and never write it to disk. To decrypt a file, the user’s private key is used to decrypt the 128-bit AES which is then used to decrypt the file.

The user’s private key which is stored safely in our datacenter is protected by a password that is highly guarded. But for some users this is not good enough and we allow the user to secure this file with their own password. When this is done it is impossible to access the data without the user’s password. Unfortunately, this also means we can’t help the user if they ever forget this password so we don’t recommend it for most users.

The real beauty of this scheme becomes clear when you look back at our goals above. AES is the encryption standard adopted by the US government to protect classified information. #1 solved. Using the user’s public key we can safely run transparently in the background without compromising security. #2 check. Since a password is used to secure the private key rather than to encrypt the data directly, the password can be changed by re-encrypting only the private key with the new password. #3 accomplished. And last but not least, you can make several copies of the user’s private key and encrypt each copy with a different password to provide IT access to data without the need to share passwords. #4 done!

This seems like a mathematical question, but is actually one of philosophy or perspective, and continues to cause confusion in its ambiguity.

The Confusion
Originally megabyte was used to describe a byte multiple (2²⁰ = 1024 x 1024 = 1,048,576) in computer programming.

However, several international organizations and most storage media (including hard drives and DVDs) use the Latin approach to the measurement whereby a megabyte is 10³ bytes (1000 x 1000 = 1,000,000.)

Operating systems, on the other hand still refer to a megabyte as 1024 x 1024 bytes.

Here are snapshots of how the Apple Finder and Windows Explorer show their 1024x-based byte-to-gigabyte conversion:

So why does that 500 GB external USB drive already feel a bit small? Well, a small part of it may be that you have actually “lost” 34 GB before taking it out of the package as it actually only stores 466 GB according to your file system.

A Solution?
The major measurement organizations tried to propose a solution, creating the terms “kibibyte”, “mebibyte”, “gigibyte”, etc. which would specifically refer to the 1024x approach, and going forward “kilobyte”, “megabyte”, and “gigabyte” would refer to the 1000x interpretation. Unfortunately, the world has already wed itself to the old lingo.

Search for “mebibyte” on the websites of Microsoft, IBM, Adobe, Symantec, Dell, EMC, and NetApp.
Number of results: 0

Even Microsoft Word tells me I have a spelling error when I write “mebibyte.”

We Chose the Operating System Interpretation
In other words, whenever you see a measurement presented, it is always based on 1024x. Why? Because more advanced users often compare the size a folder selected for backup according to our system and the size their file manager claims. Standardizing on the size presented to them makes it easiest for the user and to answer any support questions. It would be great if there was one system, but in the meantime, I’m not counting on the mebibyte to save us.

(Updated 11/16/10: Corrected misinterpretation of “size” versus “size on disk”. Thanks to Bill Burton for pointing this out.)

When we were thinking about a logo for Backblaze, we knew we wanted an iconic image that could be connected easily to the software. That meant creating something simple enough that could scale to 16×16 pixels for an icon placed in the system tray. Logos are probably the most difficult for me as a designer to do. There is a feeling that a company will live with this identity for the rest of it’s life, so it better be perfect. And everyone has a different opinion: “That looks too techy. Can we make it more catchy? It looks like a squished squid.”
Well squished squid or running starfish, it’s good to get the stakeholders opinion. As a designer, such criticism makes me articulate what I am trying to accomplish, rather then just feeling intuitively through the design process.

So what do I think of the Backblaze logo? It’s all flamey and stuff.