Jump to content

Password storage security

Recommended Posts

Thanks Robin.


I have no doubt AES-128 and 256 are safe enough for our auditor. However the weakest link is the password itself, not the encryption cypher.


When Retrospect stores a password for scripted access, I presume it will store it on the local system and not in the Backup Set. When you say "The password is part of the media set." it seems to suggest the password is stored with the Backup Set? Wouldn't that be very insecure?


Can you tell me anything about how strong the encryption for the password storage is? And I don't mean the backup data encryption (AES) itself.

Link to comment
Share on other sites

Sorry for the long wait. I was checking with engineering to give you a good answer. How this stuff is handled is actually really complex and not easy for myself to explain.


Basically the password is not even saved on the media set or catalog. The password is used at the time the encryption is configured and the password is used to decrypt the data after a user enters it but it is not stored in a way that users could ever access. It is not stored in the media set or config files.


If a user has moved the data or catalog file to a different computer they must know the password to view contents.


If someone has physical access to the primary backup server, then that is a bigger security risk then anything else for sure.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...