Acronis Backup & Recovery

Archive protection

This option is effective for Windows and Linux operating systems and bootable media.

This option is effective for both disk-level and file-level backup.

The preset is: Disabled.

To protect the archive from unauthorized access

1. Select the Set password for the archive check box.
2. In the Enter the password field, type a password.
3. In the Confirm the password field, re-type the password.
4. Select one of the following:
   • Do not encrypt – the archive will be protected with the password only
   • AES 128 – the archive will be encrypted using the Advanced Encryption Standard (AES) algorithm with a 128-bit key
   • AES 192 – the archive will be encrypted using the AES algorithm with a 192-bit key
   • AES 256 – the archive will be encrypted using the AES algorithm with a 256-bit key.
5. Click OK.

The AES cryptographic algorithm operates in the Cipher-block chaining (CBC) mode and uses a randomly generated key with a user-defined size of 128, 192 or 256 bits. The larger the key size, the longer it will take for the program to encrypt the archive and the more secure your data will be.

The encryption key is then encrypted with AES-256 using a SHA-256 hash of the password as a key. The password itself is not stored anywhere on the disk or in the backup file; the password hash is used for verification purposes. With this two-level security, the backup data is protected from any unauthorized access, but recovering a lost password is not possible.