mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2025-03-10 14:15:43 +00:00
Code Issues Releases Wiki Activity

Merge pull request #3675 from ThomasWaldmann/crypto-compression-docs

Browse source 
security docs: add about combining compression and encryption
This commit is contained in:
TW 2018-03-17 19:46:42 +01:00 committed by GitHub
commit 201c62430a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/internals/security.rst
View file

@ -373,3 +373,16 @@ while libssl implements TLS and related protocols.
The latter is not used by Borg (cf. `Remote RPC protocol security`_, Borg itself does not implement
any network access) and historically contained most vulnerabilities, especially critical ones.
The static binaries released by the project contain neither libssl nor the Python ssl/_ssl modules.
Compression and Encryption
==========================
Combining encryption with compression can be insecure in some contexts (e.g. online protocols).
There was some discussion about this in `github issue #1040`_ and for Borg some developers
concluded this is no problem at all, some concluded this is hard and extremely slow to exploit
and thus no problem in practice.
No matter what, there is always the option not to use compression if you are worried about this.
.. _github issue #1040: https://github.com/borgbackup/borg/issues/1040