TI Home 2009 encryption

Discussion in 'Acronis True Image Product Line' started by ITLearner, Oct 14, 2008.

Thread Status:
Not open for further replies.
  1. ITLearner

    ITLearner Registered Member

    Joined:
    Mar 23, 2008
    Posts:
    6
    I currently have TI Home v11 and am looking at upgrading to Home 2009.

    My objective is this: I want to save full and incremental backups to a USB drive, which I can then store offsite - with peace of mind that if someone nicks it from that offsite location, my data will be safe.

    TI Home 11

    If I understand correctly, the only way you can backup files in an encrypted format is by first copying them into an encryption folder on the drive you're going to back up. The instructions talk about making that copy, then deleting the unencrypted version on the local drive before finally running the actual backup. A serious hassle that I don't have time for. So I'm currently just password protecting the backup archive.

    TI Home 2009

    Upon reading page 37 of the PDF User Manual for TIH 2009 (and I note that's the only place it's mentioned - not in the main features list or elsewhere that I can see on the Acronis site), it says that one of the backup options is to password protect the archive (which v11 can already do) and the other is to apply AES encryption at either 128, 192 or 256-bit levels.

    Does this do away with the old method having to manually encrypt stuff first as per V11? How does the encryption work? Is it possible to have the archive password protected AND encrypted? Or is the same single password used for generating the encryption key?

    I'd be most grateful if someone could explain in layman's terms how this encryption feature works, as even the manual only makes a fleeting reference to it.
     
  2. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    The new method encrypts the file data before writing it to disk. Which sounds like what you want. The encryption feature was in prior non-home of ATI but this is the first time the feature has been included in a Home version.
     
  3. ITLearner

    ITLearner Registered Member

    Joined:
    Mar 23, 2008
    Posts:
    6
    That sounds very promising, thanks.

    Do you know any more about how it actually works? ie what is the encryption based on, what are the password requirements, etc.
     
  4. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
  5. ITLearner

    ITLearner Registered Member

    Joined:
    Mar 23, 2008
    Posts:
    6
    Sorry, I understand the encryption level options.

    What I'm not understanding is what's actually required in order to make an encrypted backup in practice. For example, does it involve generating an encryption key or password and storing it somewhere other than on the local drive or backup USB drive? Or is it all taken care of "behind the scenes" by TI?

    I'm just trying to get my head around how easy this feature is to use - the user manual simply doesn't cover this in any greater detail than I've already summarised.

    Thanks again and sorry if I'm being a bit dim. Got to learn somewhere :)
     
  6. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    Time to start reading the user guide. Basically, setting password is an option. If you set a passwaord, you have the further option of selecting no or one of three encryption rates. Also you can download and install the program on a trial basis for free and see how it works. You're going tohave to do this anyway before you buy so you might as well put inthe effort now.
     
  7. ITLearner

    ITLearner Registered Member

    Joined:
    Mar 23, 2008
    Posts:
    6
    Thanks, but the only reason I'm posting here at all is that I have read the user guide and it gives no more detail than I initially reiterated and you've since restated.

    I don't want to download it as "trial", as it will probably cause some problem with my existing v11 installation. So I want to be clear on how it works and then - if all is OK - just go ahead and buy the upgrade.

    From your answers, I don't think I'm explaining the crux of my question properly. Let me try it a different way: how is choosing any of the three encryption levels any different to just choosing to password protect the backup?

    Is the encryption generated off the back of the same password, in which case the "security" still only extends as far as someone not being able to crack the password? In what practical way, if at all, does the encryption add a genuine layer of additional security?
     
  8. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    In TI11 AES is used if a password is entered. From a task's script file:
    I don't see why they'd change it for TI2009.
     
  9. loyukfai

    loyukfai Registered Member

    Joined:
    May 10, 2008
    Posts:
    105
    I'm interested in this topic as well.

    If this feature (encryption) is to be trusted as a viable option for providing data security for backup archives lost to untrusted hands, I think (for some of) the end-user should look for more than the mentioning of "encrypting backup files with the industry-standard AES cryptographic algorithm" as a good indiciation.

    From the wording of the user manual, it seems that the key used for AES encryption is derived from the user provided password. So, a good password is desirable (as usual) and this is the user's responsibility.

    Then, is the key mixed with a salt? If no, then the encrypted data is more prone to a dictionary attack. If yes, how the program generates the salt? Is a large entropy used? Can the salt be easily found or deduced from the archive or some other means?

    AES seems to be a reputable and reliable algorithm, but if the key is bad and there is a loophole in the implementation, then the security scheme as a whole can still be compromised.

    Take the vulnerability of the True Echo server as an example.

    The lack of information should be an alert to anyone who wish to treat the encryption feature as a viable option, unless you think that relying purely on the principle of "security through obscurity" is good enough.

    I think this is the concern of the original poster as I understand, and also mine. Now, if only Acronis can provide more information, and has the security scheme evaluated by a reputable and independent 3rd party.

    And we may also discuss using other ways to secure the backup archives.

    Cheers.
     
Thread Status:
Not open for further replies.