From 62fe1cab30ce669b91cbba9c87f86bd6301b9b7f Mon Sep 17 00:00:00 2001 From: Andrey Bienkowski Date: Fri, 28 Jan 2022 15:58:31 +0300 Subject: [PATCH] Doc: impact of deleting path/to/repo/nonce Fixes: https://github.com/borgbackup/borg/issues/5858 --- docs/faq.rst | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/faq.rst b/docs/faq.rst index 7995a587d..f55060c7e 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -710,6 +710,31 @@ Send a private email to the :ref:`security contact ` if you think you have discovered a security issue. Please disclose security issues responsibly. +How important is path/to/repo/nonce? +------------------------------------ + +Borg uses :ref:`AES-CTR encryption `. An +essential part of AES-CTR is a sequential counter that must **never** +repeat. If the same value of the counter is used twice in the same repository, +an attacker can decrypt the data. The counter is stored in the home directory +of each user as well as in the repository. When creating a new archive borg uses +the highest of the two values. The value of the counter in the repository may be +higher than your local value if another user has created an archive more recently +than you did. + +Since the nonce is not necessary to read the data that is already encrypted, +``borg info``, ``borg list``, ``borg extract`` and ``borg mount`` should work +just fine without it. + +If the path/to/repo/nonce is lost, but you still have your local copy, +borg will recreate path/to/repo/nonce the next time you run ``borg create``. +This should be safe for repositories that are only used from one user account +on one machine. + +For repositories that are used by multiple users and/or from multiple machines +it is safest to avoid running *any* commands that modify the repository after +the nonce is deleted. + Common issues #############