Encryption key management

[mlts22]

Retrospect is the only backup program in its class that offers "real" encryption of backup sets. Almost any other program, just offers password protection, if that. In more than a decade of evolution, from the best Mac backup program to the current 7.0, Retrospect has been one of the few that has offered solid, known, proven encryption for backups. Nowadays, with many regulations covering security, as well as the California statute requiring reporting to the press if security was compromised, offering encryption of backups is more important than ever.

 

With Retrospect's backup set encryption, a stolen tape is just a stolen tape worth $50-$200... its not a stolen tape, and a large amount of critical, sensitive data, worth in the millions, as it would be without encryption.

 

This is probably asking a lot, but it would be nice to see some key management options, as well as a password. Perhaps support for Aladdin's eToken, support for PGP keys, and multiple pass-phrases would be nice, so if a password is compromised on a backup set, another set does not have to be made to take care of that, just the compromised pass-phrase deleted from the backup set, assuming media where the key database can be writable.

 

Perhaps, encrypt the data with a randomly (cryptographically strong) generated key, and have each passphrase in a key database have the key encrypted to it, which would allow for multiple users to have different passphrases (or public keys).

 

It is a lot to ask, as cryptographic key management is an art to itself, but Retrospect is the only backup utility in its class to offer more than just a token nod to security.