Encryption used?

Backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)

Encryption used?

Veeam Logoby Dieter » Sun Apr 09, 2017 4:54 pm

Veeam Agent for Windows 2.0 Beta claims to support backup encryption. However I have not found any info on the encryption used, e.g. encryption algorithm, key length, mode of operation, security white paper, ... . Is there at least some basic info available during the beta phase?
Dieter
Lurker
 
Posts: 2
Liked: never
Joined: Sun Apr 09, 2017 4:48 pm
Full Name: Dieter Schieber

Re: Encryption used?

Veeam Logoby vmniels » Sun Apr 09, 2017 8:01 pm

The documentation will be available upon release. If you send backups to the Veeam repository you can find more info on the encryption via the helpcenter.
VCP-DCV
Veeam Certified Engineer
http://foonet.be
vmniels
Veeam Software
 
Posts: 1475
Liked: 322 times
Joined: Mon Jul 15, 2013 11:09 am
Full Name: Niels Engelen

Re: Encryption used?

Veeam Logoby Dima P. » Mon Apr 10, 2017 5:35 pm

Niels is right. Encryption engine is absolutely identical to Veeam Backup and Replication, so the provided link should help. In addition, here is the link to current verion of Help Center for VAW 2.0, keep in mind that it's not final.
Dima P.
Veeam Software
 
Posts: 6074
Liked: 433 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

[MERGED] VAW 2.0 - Encryption

Veeam Logoby SaschaH » Wed May 03, 2017 2:56 pm

Hi,

I just read this at the helpcenter regarding the encryption settings:
If you lose a password that was specified for encryption, you can change the password in the encryption settings. The new password can be used for performing data restore form all restore points in the backup chain, including restore points that were encrypted with an old password.


That leaves me puzzled. So, if I forget the password (or someone has my backups) I just set a new password and can restore files? Well, I don't think so - so what do I miss here?!
Maybe someone can tell a little more about the encryption in VAW (what algorithm for example)?

Thank you!
Sascha
SaschaH
Influencer
 
Posts: 12
Liked: 7 times
Joined: Thu Aug 20, 2015 10:23 am
Full Name: Sascha Hoehne

Re: Encryption used?

Veeam Logoby Dima P. » Wed May 03, 2017 11:08 pm

Hi Sascha,

Agent decryption key stores locally. Such approach allows perform restore without typing the password on local computer where VAW is installed. However, if you take this backup file to another VAW it will prompt you for the password.
Dima P.
Veeam Software
 
Posts: 6074
Liked: 433 times
Joined: Mon Feb 04, 2013 2:07 pm
Location: SPb
Full Name: Dmitry Popov

Re: Encryption used?

Veeam Logoby SaschaH » Thu May 04, 2017 8:41 am

Hi Dima,

thanks for clearing this up. And thanks for merging those threads, I must have missed Dieters thread. ;)

Regards,
Sascha
SaschaH
Influencer
 
Posts: 12
Liked: 7 times
Joined: Thu Aug 20, 2015 10:23 am
Full Name: Sascha Hoehne

Re: Encryption used?

Veeam Logoby marcus@vision1.org » Tue May 23, 2017 4:16 am

Hello,

I'm new to Veeam and VAW 2.0. Not new to encryption in windows. Reading this thread....I'm curious where & how the decryption keys are stored ("locally")? If they're not stored securely, seems like there's a potential chink in the armor here. ?

thanks.
-marcus
marcus@vision1.org
Novice
 
Posts: 3
Liked: never
Joined: Sat May 20, 2017 3:13 pm
Full Name: Marcus Winston

Re: Encryption used?

Veeam Logoby Mike Resseler » Tue May 23, 2017 5:09 am

Hi Marcus,

For more information on the encryption that we are using: https://helpcenter.veeam.com/docs/backu ... tml?ver=95
You can ignore the information on Enterprise Manager as I have read from your previous thread that you are backing up to a removable device.

For the keys: VAW uses 4 types of keys (Session key, Storage Key, User Key and Metakey). The exact procedure of which key is used when and where it is stored can be found here: https://helpcenter.veeam.com/docs/agent ... tml?ver=20

Hope it helps
Mike
Mike Resseler
Veeam Software
 
Posts: 3089
Liked: 359 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Encryption used?

Veeam Logoby marcus@vision1.org » Tue May 23, 2017 12:42 pm

Thanks for that! Very helpful.

So I conclude two things: a) the user key, and other derives keys, are stored in a database on the machine's HDD ("VAW database"), and b) the user key is not stored on the backup target, only encrypted "derived" keys (storage, meta, and session) are. True?

-marcus
marcus@vision1.org
Novice
 
Posts: 3
Liked: never
Joined: Sat May 20, 2017 3:13 pm
Full Name: Marcus Winston

Re: Encryption used?

Veeam Logoby Mike Resseler » Tue May 23, 2017 12:47 pm

Correct
Mike Resseler
Veeam Software
 
Posts: 3089
Liked: 359 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler


Return to Veeam Agent for Windows



Who is online

Users browsing this forum: No registered users and 6 guests