The files stored in your SpiderOak account are readable to you alone. Most online storage systems only encrypt your data during transmission. This means that anyone with physical access to the servers on which your data is stored (such as the company's staff ) could have access to it. Even if your data is encrypted during storage, your password or set of encryption keys is often stored along with your data, making it easily decoded by anyone with local access to those servers.
With SpiderOak, you create your password on your own computer - not on a web form received by SpiderOak servers. Once created, a strong key derivation function generates encryption keys using that password, and no trace of your original password is ever uploaded to SpiderOak with your stored data.
SpiderOak's encryption is comprehensive - even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see are sequentially numbered containers of encrypted data.
SpiderOak uses a layered approach to encryption, using a combination of 2048 bit RSA and 256 bit AES.
The outer level keys are never stored in plaintext on the SpiderOak server.
The outer level keys are encrypted with 256 bit AES, using a key created by the key derivation/strengthening algorithm PBKDF2 (using sha256), with 16384 rounds, and 32 bytes of random data "salt". This approach prevents brute force and pre-computation or database attacks against the key. This means that a user who knows her password can generate the outer level encryption key using PBKDF2 and the salt. From there, she can then decipher the outer level keys, and be on the way to decrypting her data. Without knowledge of the password, however, the data is quite unreadable.
If you have any feedback on this article please let our support team know. Thanks!