Forgot password

I cannot seem to recall the password I used when I created my backup using True Image Version 10. Is there a way to bypass that or any other way to find out what it is? Yes, I understand I am a dummy but......

 

Unlikely

I am assuming this is not an autologon issue but, if the security has been done properly a hash of your password will have been stored with the backup rather than the password itself. The only way to authenticate, is for you to provide the password, which is hashed and the two hashes then get compared to see if the password you provided matches i.e. - the password itself should not be stored with the backup, and the hash is non-reversable.

F.

 

Not sure what you mean by "hashed". It is not the log on. So if I do not remember the password I am out of luck?

 

Sadly, you are. Good security has it's down side.


The main reason why you would want to password protect a backup is if it contains sensitive information and you believe that someone could gain access to that backup and recover the information. Storing the backup in a secure location means that a password on the backup is not necessary, so that's one option worth considering.

 

Password hashes are a common way of carrying out authentication without having to know what the stored password was.

If you did set a password within True Image, against your backup, your are stuffed

F.

 

I would create a new backup and upon being asked to enter a password I would either select No Password or use one that I cannot lose memory off.

And I say this because in the Owner's guide, in the case of the Acronis Secure Zone, one can change the password and not being asked to enter the present one. Could be that creating an archive under password can allow different passwords each time.

 

I assume that because Acronis does not advertise that any popular encryption algorithms are used for passwords that they are using a proprietary algorithm.

Does anyone know how secure the passwords really are?

For example you can download password crackers for Peachtree Accounting, Microsoft Excel, Word, etc.

 

This is an interesting point actually. It is a well establish philosophy in cryptography circles that the only way to prove the security of a new algorithm is to publish its specification for peer review. If it is going to get hacked easily this will happen early on. Security by obfuscation is generally considered to be lame. If you are relying on no one finding out what your algorithm is, then it doesn't say much about the algorithm itself.

So either Acronis have identified their chosen algorithm (which I hope is a hashing algorithm) and I just haven't seen it, or they are naive enough to think that keeping quiet about their chosen algorithm adds to their security. If they do turn out to be using a proprietary algorithm, the only way to have it accepted is to publish the specification for it.

I hope they are using an SHA hash or MD5. But I'm not sure why they don't say.

F.

 

Hello DMD31842,

Thank you for choosing Acronis Disk Backup Software.

We are sorry for the delayed response.

Please note that if a password has been set for a backup archive and is now lost or forgotten, then there is no way to retrieve or disable it. You cannot restore such a backup archive or extract files from it without the correct password.

Thank you.
--
Aleksandr Isakov

 

re: Aleksandr Isakov's response

Thank you for clarifying the password issue. As I posted above, how secure is the password? Is it a proprietary algorithm that uses the same type of "Encryption" methods as Microsoft Word or Excel (which is broken in under a second) or does the password protection use real encryption such as AES?

 

More typically, password protection uses hashing as opposed to 'encryption' - e.g. Windows NT security, Unix security, SSL etc.

F.