mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[DOCS] #4883 – Borg documentation downplays severity of Nonce reuse issue 

Shorten the log info for deleting/keeping security info. Fix bad wording.
This commit is contained in:
Thalian 2020-04-03 17:40:30 +02:00
parent 41ecd1ae30
commit 1d9dadd6b7
2 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/faq.rst
View File

@ -202,9 +202,10 @@ the working repository to the same location:
A plain delete command would remove the security info in
``~/.config/borg/security``, including the nonce value. In BorgBackup
:ref:`security_encryption` is AES-CTR, where the nonce is a counter. When the
working repo was used later for creating new archives, Borg would initialize a
fresh nonce, which would be bad for security reasons. To prevent this, the
``keep-security-info`` option is applied so that the nonce counter is kept.
working repo was used later for creating new archives, Borg would re-use nonce
values due to starting from a lower counter value given by the older copy of the
repository. To prevent this, the ``keep-security-info`` option is applied so
that the client-side nonce counter is kept.
Can Borg add redundancy to the backup data to deal with hardware malfunction?
-----------------------------------------------------------------------------

7
src/borg/archiver.py
View File

@ -1212,10 +1212,7 @@ class Archiver:
SecurityManager.destroy(repository)
else:
logger.info("Would delete repository.")
if keep_security_info:
logger.info("Would keep security info.")
else:
logger.info("Would delete security info.")
logger.info("Would %s security info." % ("keep" if keep_security_info else "delete"))
if not dry_run:
Cache.destroy(repository)
logger.info("Cache deleted.")
@ -3359,7 +3356,7 @@ class Archiver:
you run ``borg compact``.
When you delete a complete repository, the security info and local cache for it
(if any) is also deleted. Alternatively, you can delete just the local cache
(if any) are also deleted. Alternatively, you can delete just the local cache
with the ``--cache-only`` option, or keep the security info with the
``--keep-security-info`` option.