mirror of https://github.com/borgbackup/borg.git
More – → -- (CLI) fixes. Fixed spelling. AES-256 is used.
* According to the comment in `borg/key.py`.
This commit is contained in:
parent
576348a9d4
commit
8b9ae0ae92
|
@ -67,14 +67,14 @@ adjust the level or algorithm).
|
|||
|
||||
|project_name| offers a lot of different compression algorithms and
|
||||
levels. Which of them is the best for you pretty much depends on your
|
||||
use case, your data, your hardware - so you need to do an informed
|
||||
use case, your data, your hardware -- so you need to do an informed
|
||||
decision about whether you want to use compression, which algorithm
|
||||
and which level you want to use. This is why compression defaults to
|
||||
none.
|
||||
|
||||
How can I specify the encryption passphrase programmatically?
|
||||
-------------------------------------------------------------
|
||||
|
||||
|
||||
The encryption passphrase can be specified programmatically using the
|
||||
`BORG_PASSPHRASE` environment variable. This is convenient when setting up
|
||||
automated encrypted backups. Another option is to use
|
||||
|
@ -93,7 +93,7 @@ key file based encryption with a blank passphrase. See
|
|||
|
||||
When backing up to remote encrypted repos, is encryption done locally?
|
||||
----------------------------------------------------------------------
|
||||
|
||||
|
||||
Yes, file and directory metadata and data is locally encrypted, before
|
||||
leaving the local machine. We do not mean the transport layer encryption
|
||||
by that, but the data/metadata itself. Transport layer encryption (e.g.
|
||||
|
|
|
@ -207,7 +207,7 @@ The |project_name| chunker uses a rolling hash computed by the Buzhash_ algorith
|
|||
It triggers (chunks) when the last HASH_MASK_BITS bits of the hash are zero,
|
||||
producing chunks of 2^HASH_MASK_BITS Bytes on average.
|
||||
|
||||
create --chunker-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE
|
||||
``borg create --chunker-params CHUNK_MIN_EXP,CHUNK_MAX_EXP,HASH_MASK_BITS,HASH_WINDOW_SIZE``
|
||||
can be used to tune the chunker parameters, the default is:
|
||||
|
||||
- CHUNK_MIN_EXP = 10 (minimum chunk size = 2^10 B = 1 kiB)
|
||||
|
@ -311,28 +311,27 @@ more chunks than estimated above, because 1 file is at least 1 chunk).
|
|||
|
||||
If a remote repository is used the repo index will be allocated on the remote side.
|
||||
|
||||
E.g. backing up a total count of 1Mi files with a total size of 1TiB.
|
||||
E.g. backing up a total count of 1MiB files with a total size of 1TiB.
|
||||
|
||||
a) with create --chunker-params 10,23,16,4095 (default):
|
||||
a) with create ``--chunker-params 10,23,16,4095`` (default):
|
||||
|
||||
mem_usage = 2.8GiB
|
||||
|
||||
b) with create --chunker-params 10,23,20,4095 (custom):
|
||||
b) with create ``--chunker-params 10,23,20,4095`` (custom):
|
||||
|
||||
mem_usage = 0.4GiB
|
||||
|
||||
Note: there is also the --no-files-cache option to switch off the files cache.
|
||||
You'll save some memory, but it will need to read / chunk all the files then as
|
||||
it can not skip unmodified files then.
|
||||
|
||||
.. note:: There is also the ``--no-files-cache`` option to switch off the files cache.
|
||||
You'll save some memory, but it will need to read / chunk all the files as
|
||||
it can not skip unmodified files then.
|
||||
|
||||
Encryption
|
||||
----------
|
||||
|
||||
AES_ is used in CTR mode (so no need for padding). A 64bit initialization
|
||||
AES_-256 is used in CTR mode (so no need for padding). A 64bit initialization
|
||||
vector is used, a `HMAC-SHA256`_ is computed on the encrypted chunk with a
|
||||
random 64bit nonce and both are stored in the chunk.
|
||||
The header of each chunk is : ``TYPE(1)`` + ``HMAC(32)`` + ``NONCE(8)`` + ``CIPHERTEXT``.
|
||||
The header of each chunk is: ``TYPE(1)`` + ``HMAC(32)`` + ``NONCE(8)`` + ``CIPHERTEXT``.
|
||||
Encryption and HMAC use two different keys.
|
||||
|
||||
In AES CTR mode you can think of the IV as the start value for the counter.
|
||||
|
|
Loading…
Reference in New Issue