mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-23 08:16:54 +00:00
init: note possible denial of service with "none" mode
This commit is contained in:
parent
a013bd7d75
commit
97089fe141
1 changed files with 7 additions and 4 deletions
|
@ -2453,12 +2453,14 @@ def define_common_options(add_common_option):
|
|||
| Hash/MAC | Not encrypted | Not encrypted, | Encrypted (AEAD w/ AES) |
|
||||
| | no auth | but authenticated | and authenticated |
|
||||
+----------+---------------+------------------------+--------------------------+
|
||||
| SHA-256 | none | authenticated | repokey, keyfile |
|
||||
| SHA-256 | none | `authenticated` | repokey, keyfile |
|
||||
+----------+---------------+------------------------+--------------------------+
|
||||
| BLAKE2b | n/a | authenticated-blake2 | repokey-blake2, |
|
||||
| | | | keyfile-blake2 |
|
||||
| BLAKE2b | n/a | `authenticated-blake2` | `repokey-blake2`, |
|
||||
| | | | `keyfile-blake2` |
|
||||
+----------+---------------+------------------------+--------------------------+
|
||||
|
||||
`Marked modes` are new in Borg 1.1 and are not backwards-compatible with Borg 1.0.x.
|
||||
|
||||
On modern Intel/AMD CPUs (except very cheap ones), AES is usually
|
||||
hardware-accelerated.
|
||||
BLAKE2b is faster than SHA256 on Intel/AMD 64-bit CPUs
|
||||
|
@ -2491,7 +2493,8 @@ def define_common_options(add_common_option):
|
|||
|
||||
`none` mode uses no encryption and no authentication. It uses SHA256 as chunk
|
||||
ID hash. Not recommended, rather consider using an authenticated or
|
||||
authenticated/encrypted mode.
|
||||
authenticated/encrypted mode. This mode has possible denial-of-service issues
|
||||
when running ``borg create`` on contents controlled by an attacker.
|
||||
Use it only for new repositories where no encryption is wanted **and** when compatibility
|
||||
with 1.0.x is important. If compatibility with 1.0.x is not important, use
|
||||
`authenticated-blake2` or `authenticated` instead.
|
||||
|
|
Loading…
Reference in a new issue