Passphrase, Encryption options – HP Data Protector Express Basic-Software User Manual

device does not support encryption, the user will be prompted with an alert telling them that the device

cannot be used since it does not support hardware encryption.

Passphrase

The passphrase is a series of characters that must be provided by the user for input to the cryptographic

key generation process.

•

Passphrases must be no less than 8 logical characters. They may be created by the user or

randomly generated by a separate application.

•

If created by the user, the passphrase should be difficult to guess and should contain a mix of

lowercase/uppercase letters, digits and special characters.

•

The passphrase is one of the components Data Protector Express uses to generate the encryption

key. A longer or random passphrase will increase the strength of the encryption key even more.

•

To aid the user in remembering the passphrase, the user may enter a hint message. The use of

this field is optional and provided to the user as prompt for remembering the passphrase.

•

If a backup job spans multiple media, the same passphrase will be used for all media in the set.

Passphrases for the media are stored in the Data Protector Express catalog. This means the user is able to

read and append to the encrypted media without being prompted for a passphrase as long as it is being

accessed by the instance of Data Protector Express that first encrypted it
Once a media is deleted or exported from the Data Protector Express catalog the passphrase is also

deleted. There are two instances when the user needs to know the passphrase:

•

When importing the media to another machine or another instance of Data Protector Express

•

During disaster recovery

CAUTION:

Managing the passphrase is a critical component of any encryption system. Data may be stored for

months or years, so passphrases must be archived securely. The user should keep a record or backup

of encryption passphrases and store them in a secure place separate from the computer running Data

Protector Express. If the user is unable to supply the passphrase when requested to do so, neither the user

nor Data Protector Express Support will be able to access the encrypted data.

Encryption Options

Encryption is enabled on the job’s Encryption page.

Off

Both hardware and software encryption are disabled.

Automatic

This selection will use hardware encryption, if it is available from the device; otherwise,

software encryption will be used

Software

Software encryption will be used. When Software is selected, the user can choose the

strength of software encryption

Hardware

Hardware encryption will be used, if the device supports it. If it does not support encryption

and this option is selected, the user will be prompted with an alert stating that the device cannot be used

since it does not support hardware encryption.

Software Strength

Options for the software encryption strength are listed below as three selections, low,

medium and high. Low is the easiest method to decipher by outside methods, High is the hardest method

to decipher by outside methods. As you progress from low to high, the encryption algorithm requires

more CPU computations for each block of data to be encrypted, which may slow down the data stream

to the device and will increase CPU loading on the Media Server.

Encryption passphrase / Verify Passphrase

The user supplied portion of the encryption key. Data

Protector Express will use this value, along with other information it generates, to calculate an encryption

key for the media. The passphrase must be entered twice to minimize the change of making a mistake

while typing.

56

Encryption and Compression