As i know, NetBackup provides deduplication and encryption on client side. In first step chunk is deduplicated then client sends hash on NetBackup server, to check if chunk is already present on server and then client performs encryption. Am i right that hash is not encrypted, and data may be (possibly) identified by hashes?

I red in this TSM document that efficiency of data deduplication in case of encryption is very low. I think that this is may be cause TSM client do not show to TSM server real hashes of unencrypted data, that why is think that reliability for TSM in this case higher that for NetBackup.
How do you think?