[DOCS] #4883 – Borg documentation downplays severity of Nonce reuse issue

Shorten the log info for deleting/keeping security info. Fix bad wording.
2025-03-15 00:21:56 +00:00 · 2020-04-03 17:40:30 +02:00 · 2020-04-03 17:40:30 +02:00 · 1d9dadd6b7
commit 1d9dadd6b7
parent 41ecd1ae30
2 changed files with 6 additions and 8 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -202,9 +202,10 @@ the working repository to the same location:
 A plain delete command would remove the security info in
 ``~/.config/borg/security``, including the nonce value. In BorgBackup
 :ref:`security_encryption` is AES-CTR, where the nonce is a counter. When the
-working repo was used later for creating new archives, Borg would initialize a
-fresh nonce, which would be bad for security reasons. To prevent this, the
-``keep-security-info`` option is applied so that the nonce counter is kept.
+working repo was used later for creating new archives, Borg would re-use nonce
+values due to starting from a lower counter value given by the older copy of the
+repository. To prevent this, the ``keep-security-info`` option is applied so
+that the client-side nonce counter is kept.

 Can Borg add redundancy to the backup data to deal with hardware malfunction?
 -----------------------------------------------------------------------------
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@ -1212,10 +1212,7 @@ class Archiver:
                    SecurityManager.destroy(repository)
            else:
                logger.info("Would delete repository.")
-                if keep_security_info:
-                    logger.info("Would keep security info.")
-                else:
-                    logger.info("Would delete security info.")
+                logger.info("Would %s security info." % ("keep" if keep_security_info else "delete"))
        if not dry_run:
            Cache.destroy(repository)
            logger.info("Cache deleted.")
@ -3359,7 +3356,7 @@ class Archiver:
        you run ``borg compact``.

        When you delete a complete repository, the security info and local cache for it
-        (if any) is also deleted. Alternatively, you can delete just the local cache
+        (if any) are also deleted. Alternatively, you can delete just the local cache
        with the ``--cache-only`` option, or keep the security info with the
        ``--keep-security-info`` option.