Data Protector Express User's Guide (TC330-96002, October 2010)
device does not support encryption, the user will be prompted with an alert telling them that the device
cannot be used since it does not support hardware encryption.
Passphrase
The passphrase is a series of characters that must be provided by the user for input to the cryptographic
key g eneratio
nprocess.
• Passphrases must be no less than 8 logical characters. They may be created by the user or
randomly generated by a separate application.
• If created by
theuser,thepassphraseshouldbedifficult to guess and should contain a mix of
lowercase/u
ppercase letters, digits and special characters.
• The passphrase is one of the c omponents D ata Protector E xpress uses to generate the encryption
key. A longer or random passphrase will increase the strength of the encryption key even more.
• To aid the user in remembering the passphrase, the user may enter a hint message. The use of
this field is optional and provided to the user as prompt for remembering the passphrase.
• If a backup
jobspansmultiplemedia,thesamepassphrasewillbeusedforallmediaintheset.
Passphrases for the media are stored in the D ata Protector Express catalog. This me ans the user is able to
read and append to the encrypted media without being prompted for a passphrase as long as it is being
accessed by the instance of Data Protector Express that first encrypted it
Once a media is deleted or exported from the Data Protector Express catalog the passphrase is also
deleted.
There are t wo instances when the user ne eds to know the p assphrase:
• When impor ting the media to a nother machine or another instance of Data Protector Express
• During disaster recovery
CAUTION:
Managing the passphrase is a critical component of any encryption system. Data may be stored for
months or
years, so passphrases must be archived securely. The user should keep a record or backup
of encryption passphrases and store them in a secure place separate from the computer running Data
Protector Express. If the user is unable to supply the passphrase when requested to do so, neither the user
nor Data Protector Express Support will be able to access the encrypted data.
Encryption Options
Encryption is enabled on the job’s Encryption page.
Off Both hardware and software encryption are disabled.
Automatic This selection will use hardware encryption, if it is available from the device; otherwise,
software encryption will be used
Software Software encryption will be used. When Software is selected, the user can choose the
strength of software encryption
Hardware Hardware encryption will be used, if the device supports it. If it does not support encryption
and this option is selected, the user will be prompted with an alert stating that the device cannot be used
since it does not support hardware encryption.
Software Strength Options for the software encryption strength are listed below as three selections, low,
medium and high. Low is the easiest method to decipher by outside methods, High is the hardest method
to decipher by outside methods. As you progress from low to high, the encryption algorithm requires
more CPU computations for each block of data to be encrypted, which may slow down the data stream
to the device a nd will increase C PU loading on the Media Server.
Encryption passphrase / Verify Passphrase The user supplied portion of the encryption key. Data
Protector Express will use this value, along with other information it generates, to calculate an encryption
key for the m edia. The passphrase must be entered twice to minimize the change of making a mistake
while typing.
56
Encryption and Compression