HP Data Protector Express Basic-Software User Manual
Page 41
Passphrase
A passphrase is a series of characters that must be provided for input to the cryptographic key
generation process.
•
Passphrases must be no less than 8 logical characters. You may create the passphrase or
have one randomly generated by a separate application.
•
If you create the passphrase, it should be difficult to guess and should contain a mix of
lowercase/uppercase letters, digits and special characters.
•
The passphrase is one of the components Data Protector Express uses to generate the encryption
key. A longer or random passphrase will increase the strength of the encryption key even
more.
•
To aid in remembering the passphrase, you may enter a hint message. The use of this field is
optional.
•
If a backup job spans multiple media, the same passphrase will be used for all media in the
set.
Passphrases for the media are stored in the Data Protector Express catalog, so Data Protector
Express can read and append to the encrypted media without prompting for a passphrase, as
long as the media is being accessed by the instance of Data Protector Express that first encrypted
it.
When a media is deleted or exported from the Data Protector Express catalog the passphrase is
also deleted. There are two instances when you need to know the passphrase:
•
When importing the media into another machine or another instance of Data Protector Express
•
During disaster recovery
CAUTION:
Managing the passphrase is a critical component of any encryption system. Data
may be stored for months or years, so passphrases must be archived securely. You should keep a
record or backup of encryption passphrases and store them in a secure place separate from the
computer running Data Protector Express. If you are unable to supply the passphrase when requested
to do so, neither you nor HP support will be able to access the encrypted data.
Encryption Options
Encryption is enabled on the job’s Encryption page.
Off
Both hardware and software encryption are disabled.
Automatic
This selection will use hardware encryption, if it is available from the device; otherwise, software
encryption will be used
Software
Software encryption will be used. When Software is selected, you can choose the strength of
software encryption
Hardware
Hardware encryption will be used, if the device supports it. If the device does not support encryption
and this option is selected, you will be prompted with an alert stating that the device cannot be
used because it does not support hardware encryption.
Software Strength
Options for the software encryption strength are: low, medium and high. Low is the easiest method
to decipher by outside methods, High is the hardest method to decipher by outside methods. As
you progress from low to high, the encryption algorithm requires more CPU computations for each
41