1. Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING) Click the link to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This message will disappear after you have made at least 12 posts. Thank you for your cooperation.

Changing Client side encryption password.

Discussion in 'TSM Security and Regulatory Compliance' started by AlanDavenport, Nov 13, 2008.

  1. AlanDavenport

    AlanDavenport New Member

    Joined:
    Jul 10, 2006
    Messages:
    12
    Likes Received:
    0
    Is it possible to change the password used for client side encryption? Auditors have asked this question of me. My take is that I could deleted the stored, encrypted password and back up a file to generate a new one but this would then cause previously encrypted backups to become unrecoverable. is thsi correct?

    Al
     
  2.  
  3. moon-buddy

    moon-buddy Moderator

    Joined:
    Aug 24, 2005
    Messages:
    6,076
    Likes Received:
    269
    Occupation:
    Electronics Engineer, Security Professional
    Location:
    Somewhere in the US
    Are you referring to the built in TSM Client data (not node password encryption) encryption around DES or AES?

    If this is what you are referring to, the key, I believe, is created around the node's unique Global UID and is created at the node's registration time. Essentially, the key cannot be changed (but don't quote me on this, I may be remembering it wrong), and changing the node's password (regenerating it) does not affect any data previously stored.

    Does anyone know more about this?
     
  4. AlanDavenport

    AlanDavenport New Member

    Joined:
    Jul 10, 2006
    Messages:
    12
    Likes Received:
    0
    Yes, that is what I am referring to.
     
  5. Jacob_6

    Jacob_6 Senior Member

    Joined:
    Jul 22, 2008
    Messages:
    207
    Likes Received:
    5
    Occupation:
    TSM Admin, Netbackup Admin
    Location:
    Dallas, Texas
    Don't quote me on this, but if I recall correctly, if you change the encryption password, it will affect any data stored after the change. Data previously backed up encrypted will query for the original encryption password it was backed up with. It has been awhile since I researched this for a client.

    If you don't have the previous encryption key, the data will not be restoreable.
     

Share This Page