HP Express Software manual 41

Passphrase

A passphrase is a series of characters that must be provided for input to the cryptographic key generation process.

•Passphrases must be no less than 8 logical characters. You may create the passphrase or have one randomly generated by a separate application.

•If you create the passphrase, it should be difficult to guess and should contain a mix of lowercase/uppercase letters, digits and special characters.

•The passphrase is one of the components Data Protector Express uses to generate the encryption key. A longer or random passphrase will increase the strength of the encryption key even more.

•To aid in remembering the passphrase, you may enter a hint message. The use of this field is optional.

•If a backup job spans multiple media, the same passphrase will be used for all media in the set.

Passphrases for the media are stored in the Data Protector Express catalog, so Data Protector Express can read and append to the encrypted media without prompting for a passphrase, as long as the media is being accessed by the instance of Data Protector Express that first encrypted it.

When a media is deleted or exported from the Data Protector Express catalog the passphrase is also deleted. There are two instances when you need to know the passphrase:

•When importing the media into another machine or another instance of Data Protector Express

•During disaster recovery

CAUTION: Managing the passphrase is a critical component of any encryption system. Data may be stored for months or years, so passphrases must be archived securely. You should keep a record or backup of encryption passphrases and store them in a secure place separate from the computer running Data Protector Express. If you are unable to supply the passphrase when requested to do so, neither you nor HP support will be able to access the encrypted data.

Encryption Options

Encryption is enabled on the job’s Encryption page.

Off

Both hardware and software encryption are disabled.

Automatic

This selection will use hardware encryption, if it is available from the device; otherwise, software encryption will be used

Software

Software encryption will be used. When Software is selected, you can choose the strength of software encryption

Hardware

Hardware encryption will be used, if the device supports it. If the device does not support encryption and this option is selected, you will be prompted with an alert stating that the device cannot be used because it does not support hardware encryption.

Software Strength

Options for the software encryption strength are: low, medium and high. Low is the easiest method to decipher by outside methods, High is the hardest method to decipher by outside methods. As you progress from low to high, the encryption algorithm requires more CPU computations for each

41