Hardware; Passphrase; Passphrases And Data Protector Express Catalog; Passphrase Management - HP BB118BV - StorageWorks Data Protector Express Package User Manual

The cryptographic algorithm provided by hardware devices that provide this feature is not under Data
Protector Express control. The hardware provides configuration and operating parameters via a special
encryption command. The device driver adjusts its crypto session settings from this input. Hardware
encryption is an on/off feature, you do not have the ability to adjust the encryption level through the
$product $ interface. By default Data Protector Express will attempt to use the highest encryption
algorithm supported on the device, if the device supports multiple algorithms. If the device does not
support encryption, the user will be prompted with an alert telling them that the device cannot be used
since it does not support hardware encryption.

Passphrase

The passphrase is a series of characters that must be provided by the user for input to the cryptographic
key generation process.
Passphrases must be no less than 8 logical characters. They may be created by the user or randomly
•
generated by a separate application.
If created by the user, the passphrase should be difficult to guess and should contain a mix of
•
lowercase/uppercase letters, digits and special characters.
The passphrase is one of the components Data Protector Express uses to generate the encryption key.
•
A longer or random passphrase will increase the strength of the encryption key even more.
To aid the user in remembering the passphrase, the user may enter a hint message of up to 255
•
characters . The use of this field is optional and provided to the user as prompt for remembering the
passphrase.
If a backup job spans multiple media, the same passphrase will be used for all media in the set.
•
Passphrases for the media are stored in the Data Protector Express catalog. This means the user is able to
read and append to the encrypted media without being prompted for a passphrase as long as it is being
accessed by the instance of Data Protector Express that first encrypted it
Once a media is deleted or exported from the Data Protector Express catalog the passphrase is also
deleted. There are two main instances when the user needs to know the passphrase:
When importing the media to another machine or another instance of Data Protector Express
•
During disaster recovery
•
Managing the passphrase is a critical component of any encryption system. Data may be stored for
months or years, so passphrases must be archived securely. The user should keep a record or backup of
encryption passphrases and store them in a secure place separate from the computer running Data
Protector Express.
Data Protector Express Support will be able to access the encrypted data.
If the user is unable to supply the passphrase when requested to do so, neither the user nor