Veeam Backup & Replication supported encryption standards and methods

Userlevel 7
Badge +4

One of my clients (public sector) has high security requirements for his IT environment – including backup and storage.

I found the following statement from VEEAM about the used encryption standards and methods in Veeam Backup and Replication:

“Veeam Backup & Replication supports the following encryption standards and methods:

Data Encryption

To encrypt data blocks in backup files and files archived to tape, Veeam Backup & Replication uses the 256-bit AES with a 256-bit key length in the CBC-mode. This is designed to support the FIPS 140-2 standard. More information around that standard can be found here.

As a part of Veeam Backup & Replication’s ability to generate a key based on a password, it uses the Password-Based Key Derivation Function, PKCS #5 version 2.0 as a part of NIST Publication 800-132. Veeam Backup & Replication uses 10,000 HMAC-SHA1 iterations and a 512-bit salt. More information can be found here.

Veeam Backup & Replication uses the following hashing algorithms:

For digital signature generation: SHA-1, SHA-256

For HMAC generation: HMAC_SHA1

For random number generation: SHA1

For Microsoft Windows-based repositories and software-based encryption for tapes, Veeam Backup & Replication uses the Windows Crypto API complying with the Federal Information Processing Standards (FIPS 140-2). More information can be found here.

Veeam Backup & Replication uses the following cryptographic service providers:

Microsoft Base Cryptographic Provider

Microsoft Enhanced RSA and AES Cryptographic Provider

Microsoft Enhanced Cryptographic Provider

For Linux-based repositories, Veeam Backup & Replication uses a statically linked OpenSSL encryption library, without the FIPS 140-2 support. More information can be found here.

Veeam Backup & Replication encrypts stored credentials using the Data Protection API (DPAPI) mechanisms. More information can be found here.”

Most of this is fine and compliant with German regulations - all but the usage of SHA-1 and HMAC-SHA1… These are non-collision resistant hash functions and it is possible to hack them (although it costs some time and effort). German regulations recommend not to use these methods...


Does someone have some information if there are changes in the usage of these methods on Veeam’s agenda for future product versions? E.g. the usage of SHA-2 or SHA-3?


Userlevel 7
Badge +4

Additional question:
Was the usage of SHA-1 a topic / showstopper with public sector clients in other countries? There are strict requirements e.g. in the US, too. Has anyone experiences with this?

Do you use encryption methods additional to VEEAMs capabilities?

Userlevel 7
Badge +2

Is SHA1 in general insecure or does it depend on where and how you use it?

I couldn't find anything on this topic. Perhaps you could ask your question in the R&D Forums?

Userlevel 7
Badge +5

Good question, Joe! I know it is impolite to answer a question with a question, but do you have more information about die usage of these hashes SHA-1 algorithm creates? I ask because from my perspective hashes for checksums and random number generation is not really security relevant. 

Userlevel 7
Badge +4

unfortunately I don't have further information.

I think, I will ask this in R&D Forum, too….

Thank you @regnor  and @vNote42 for your thoughts.

Userlevel 4
Badge +1

you need to ask the question in r&d. I think from r&d anyone can help you.

Userlevel 7
Badge +4

:grin:  I have asked this in R&D forums. Anton Gostev answered that there are no plans to switch to the other methods in the moment.

Just tried with the local sales rep to get an official statement from Veeam that the FIPS 140-2 standard is completely met by VBR.

We will see… :sunglasses:

Userlevel 4
Badge +1