How Cayosoft Guardian manages BitLocker passphrases
BitLocker-related security note
This article describes how Cayosoft Guardian manages BitLocker passphrases.
BitLocker passphrase
Cayosoft Guardian uses a built-in password generator to create a BitLocker passphrase using letters, numbers, and special symbols. A passphrase is stored in the database and encrypted. The default protection algorithm used is AES-256-CBC for confidentiality and HMACSHA256 for authenticity. A 512-bit master key, changed every 90 days, derives the two sub-keys used for these algorithms on a per-payload basis.
As Cayosoft Guardian uses BitLocker technology, a group policy that enforces specific settings for Fixed data drives on domain controllers might also force a domain controller to preserve recovery passwords in Active Directory or the file system on a domain controller where a backup is created.
Cayosoft Guardian automatically generates a BitLocker passphrase (or allows users to specify their password) before creating a backup plan. During recovery plan execution, Cayosoft Guardian decrypts the passphrase stored in the database (or a user enters the passphrase) and sends it over a secure channel to the recovery agent to decrypt backups.
Comments
0 comments
Please sign in to leave a comment.