Recovery point encryption
You can enhance the data security by using the Advanced Encryption Standard (AES) option to encrypt recovery points that you create or archive. You should use encryption if you store recovery points on a network and want to protect them from unauthorized access and use.
You can also encrypt recovery points that were created with earlier versions of Veritas LiveState Recovery or Veritas System Recovery. However, encrypting those files makes them readable with the current product only.
You can view the encryption strength of a recovery point at any time by viewing the properties of the file from the Recovery Point Browser.
Encryption strengths are available in 128-bit, 192-bit, or 256-bit. While higher bit strengths require longer passwords, the result is greater security for your data.
The following table explains the bit strength and required password length.
Table: Password length
| Bit strength | Password length |
|---|---|
| 128 (Standard) | 8 characters or longer |
| 192 (Medium) | 16 characters or longer |
| 256 (High) | 32 characters or longer |
You must provide the correct password before you can access or restore an encrypted recovery point.
Warning: Veritas Technical Support cannot open an encrypted recovery point. Store the password in a secure place. Passwords are case-sensitive. When you access or restore a recovery point that is password encrypted, Veritas System Recovery prompts you for the case-sensitive password. If you do not type the correct password or you forget the password, you cannot open the recovery point.
Besides bit strength, the format of the password can improve the security of your data.
For better security, passwords should use the following general rules:
-
Do not use consecutive repeating characters (for example, BBB or 88).
-
Do not use common words you would find in a dictionary.
-
Use at least one number.
-
Use both uppercase and lowercase alpha characters.
-
Change the password after a set period of time.
More Information
Related information