Encrypting Keys and Passwords
Password
All Rhinoback accounts have a password, and all backup sets on Rhinoback use an encryption key. The password is used to access your account and login to the Rhinoback systems. Each Rhinoback user can select their own password and change it at any time. Selecting a good password is the first level of defense against unauthorized access to your account and your backup data.
Encrypting Key
Encrypting keys, also known as encryption keys, are used to encrypt or scramble your data using mathematical formulas. Rhinoback uses the Advanced Encryption Standard (AES) to encrypt backup data. AES was adopted by the National Security Agency (NSA) in 2001 after a 5 year standardization process. After intense scrutiny and testing, AES was approved by the US Government for encrypting of TOP SECRET classified documents in 2003. Once data has been encrypted using AES, there is no known way to decrypt the data back to it's original state without the encrypting key.
Rhinoback allows account holders to create backup sets to specify the parameters of backup data. When a backup set is created an encrypting key is assigned to the backup set. The encrypting key can be specified explicitly or it can be default to use the password for the account as the encrypting key. Once the encrypting key is established for a backup set, the encrypting key cannot be changed for the backup set. Different backup sets within the same account can have different encrypting keys.
If you allow the encrypting key to default to the account password, it is important to note that the encrypting key for the backup set will not change if you change your account password later. In all cases, the original and only encrypting key for your backup set must be known in order to restore data.
Note that your password and encrypting key may be stored on your local computer along with the configuration of your backup set. You can backup and restore files from your computer without having to provide your encrypting key. The Rhinoback Manager software that is installed on your computer will keep track of this information for you. However, you must know your password and encrypting key in case your computer is destroyed or stolen. You will not be able to restore your files on a different computer if you do not have your encrypting key. This is extremely important.
Lost or Forgotten Password
If your password is lost or forgotten, you can retrieve it by access the Password Request. You must submit a valid login name or email address and your password will be sent to the email address associated with the account. The password that you receive will be in hashed format and may appear to be long and complex. This password will allow you to login to the system but this password cannot be used to decrypt data, even if your encrypting key is the same as your password.
Lost of Forgotten Encrypting Key
If you have lost your encrypting key, then there will be no way to restore data from that backup set. You must create a new backup set and then backup the data again in order have a copy that can be restored. Since your encrypting key is never sent to the Rhinoback storage servers, there is no way it can be retrieved and sent to you if lost. Even if your encrypting key was set to default to your password, you will not be able to retrieve the encrypting key. (see Lost or Forgotten Password above).
Responsibility
Rhinoback makes every effort to ensure that your data is protected against unauthorized access. It is your responsibility to selected good passwords and encrypting keys that can be easily guessed. See our guidelines for selecting a strong password.
