encryption issue

Discussion in 'Acronis True Image Product Line' started by Bavarisch, Aug 14, 2008.

Thread Status:
Not open for further replies.
  1. Bavarisch

    Bavarisch Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    5
    Hello,

    I have the demo version of TI 11 Home, and have performed a backup (disk to disk, same machine, and SMB file share, across LAN). The backup works fine, however, it does not seem to honor my request to encrypt the backup.

    I have seen this behavior at a friend's office; they are currently using Echo workstation on 2 workstations, to back up to a file server. I saw an option I didn't have, dealing with AES levels, when he showed me his system.

    I can see into his file (on a USB key he provided) and he took one of my sample backups as well, and could browse it. I am using a sixteen character test password while evaluating this, but I'm not sure why it won't encrypt. I can't test the Echo version, but I can work with any hints for the TI 11 Home variant.

    Any ideas? Thanks!
     
  2. seekforever

    seekforever Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    4,751
    AFAIK, the Home version only lets you put password protection on the archive; it does not encrypt the contents of the archive.
     
  3. Bavarisch

    Bavarisch Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    5
    Ahh thanks. What scares me is there is no password needed to read the contents of either backup file; i.e. using either version, we can see the contents of c:\boot.ini for instance.

    If the home product does not actually encrypt the backup file it creates, how the heck is it realistically secured?
     
  4. seekforever

    seekforever Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    4,751
    If you are saying you can get into an archive file that is password protected without the password then something is seriously wrong. Granted, password protection isn't the greatest thing in the security world but it should make it more difficult to read than just opening the archive normally.

    Perhaps some TI users who actually use passwords can shed some light on this.
     
  5. Bavarisch

    Bavarisch Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    5
    You bet, that's exactly what I'm saying.

    I've been told by another fellow that he saw the same thing, but that his home version 10 does not exhibit the same flaw, going to try to do some testing if he will do a short sample backup file for me. Tnx!
     
  6. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
  7. Bavarisch

    Bavarisch Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    5
    Dare I ask what you switched to? I do have a need to secure my backup data.

    I am still in the Try period on the Home product, so haven't committed any funds yet; I'd rather purchase an appropriate TI solution.
     
  8. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    By all means; the next line up, TI Workstation. Funny way for a company to acheive an up-sell, but hey!
     
  9. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    The password is just a lock that ATI HOME respects--other software, like file viewers, can poke around--they don't need to show no stinkin' badges.;-)

    ATI Home doesn't encrypt any data--contrary to what the Acroinis web pages used to say. All locks are imited in how well they protect, even the one on your home's front door. The program-specific password is one of the weakest; where it falls short is where encryption becomes valuable.

    sh
     
  10. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    While that's true, shieber, this bug still makes the idea flawed because it means even casual snoopers gain entry. It's the same as locking the door but the lock company turn up and leave a key for anyone to use (strange lock company, admittedly!).

    Also, if you used Acronis's compression then even a third party file viewer wouldn't be able to view these files without knowing the compression used.
     
  11. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    I think you missunderstood me. It's not a bug, it's jsut the level of security that's built into ATI Hoem. It's not flawed, it's just a really crappy lock. It's not like Acronis promised something better. Well, okay, they did, they promised encryption but that claim was false and they probably removed if from the web pages by now. In any event what ATI's password prtoection does is protect against ATI users from opening tibs that aren't theirs.

    That's something; it's not much but it's something. It won't; stop anyone determined enough to try to reverse code the compression ATI uses. Additionally, you could hold your tibs in a Secure Zone, but similarly, that would stop only the casual user.

    If you want protection you can sink your teeth into, then you want a highly secure level of encryption (large bit number, alpha numeric alphabet, SES standards or better, etc) and ATI11 home doesn't have any of that. Zip zero nada encyption. But even if it did, encryption isn't the last word in security. If you want even better protection than mere encryption, you physcally move the data to another location where it can be physically locked away with a "pick-proof" lock that uses dead bolts and tamper-triggers, etc.

    Of course, how secure that "other place" is, depends on construction materials and methods. ;)

    There's virtually no limit to how poorly or how well you can secure your data. A program specific password is like have a 2-pin keylock (like the lock on most office desks) and no paper clips around handy to an intruder lest they pick the lock in about five seconds. With software, the best you can do is encryption, but you can't do that with ATI Home. Hide the paper clips.
     
    Last edited: Aug 15, 2008
  12. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    No I'm talking about this bug this thread started off with which is obviously flawed (because it's a bug, duh) - not the idea of password-only protection, which is limited but not 'flawed'!

    Although, since AT11 Home was targeted at the casual non-PC expert user, I think they'd have reasonable grounds to expect password-protection to mean something better than just 'only stops ATI looking at the file, not other programs'; for example, Microsoft Word has password protection, but this also encrypts the file somewhat, simply because MS appreciated that if it doesn't do this the password protection is pointless.

    Anyway, this keeps taking us off topic. The password protection in the version the original poster mentions, and in the one I pointed to in my own thread, don't work at all.

    Lol
     
  13. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    No version of ATI Home encrypts. From the 1st message it soulnded like that was the issue, that using a password wasn't encrypting in ATI Home. It's true, ATI Home doesn't encrypt, password or not.
     
  14. Britnash

    Britnash Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    15
    You just aren't getting this are you?

    THE PROBLEM IS IT LETS YOU EXPLORE .TIBS WITHOUT HAVING TO ENTER THE PASSWORD.
     
  15. MudCrab

    MudCrab Imaging Specialist

    Joined:
    Nov 3, 2006
    Posts:
    6,481
    Location:
    California
    This problem (or a similar one) has been posted in this thread: Acronis True Image Home 11.8101 archive passwords ignored

    Acronis responded:
    In some cases, it seems that TI completely ingores the password. I wonder if you backed up a partition that didn't change between backups (from the TI CD, for example), one with a password and one without, if they would be identical (assuming, of course, that two repeat backups using the same options would be identical).
     
  16. Bavarisch

    Bavarisch Registered Member

    Joined:
    Aug 14, 2008
    Posts:
    5
    Yep, it completely ignored the password. I ran a new "full" backup each time (of a small partition, and also in file mode of a subset of those files), being careful there were no .tib files in the target directory.

    There is a Secunia security alert I found that mentions security failures under the remote FTP option. http://secunia.com/advisories/30856/ While I realize that's a different product . . .

    I was not sure if this involved all remote targetted backups via the current generation Acronis engine, so I tried both of the above backups first - to both a local drive, and second - to a remote (SMB windows share) drive. None of the four backup sets required a password to browse.

    Oh well, it sounds like I'll need to "upgrade" to the Echo workstation product to get actual encryption anyway.

    I came to Acronis, fleeing in terror from the crapware that Norton Ghost has become. I'm hoping for better things from Acronis, as DriveImage XML is not quite feature rich enough yet. Thanks for looking . . .
     
Thread Status:
Not open for further replies.