Encryption

The program uses AES encryption to protect the backup data. You have to enter a password from which the AES key is derived.

Available encryption algorithms

AES-128 and AES-256 can be used. The first one is described as "Strong encryption" and should be normally enough. However if you have a Java installed, where AES-256 is available, you should use AES-256 because it is even more secure.

If AES-256 is not available and you want to use it, you have to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction from http://java.sun.com/javase/downloads/index_jdk5.jsp at the bottom of the page. You can use this download for Java 5 and 6. Simply unpack the downloaded archive and put these replacement files into your jre/lib/security directory.

You can switch between AES-128 and AES-256 using the "Advanced Option" button.

Brute force dictionary attacks

As a protection agains dictionary attacks (that means finding your password by letting a computer automatically try words from a dictionary), an algorithm is used, that makes the creation of a password last about one second (on your computer). That means that an attacker can only test one password per seconds (on a single computer) to find your password, whereas without this additional algorithm, he could test about 10.000-100.000 passwords per second. Technically this is accomplished by rehashing your password over and over again for one second (with MD5 for AES-128 and SHA-256 for AES-256).