mirror of https://github.com/borgbackup/borg.git
init: note possible denial of service with "none" mode
This commit is contained in:
parent
a013bd7d75
commit
97089fe141
|
@ -2453,12 +2453,14 @@ class Archiver:
|
||||||
| Hash/MAC | Not encrypted | Not encrypted, | Encrypted (AEAD w/ AES) |
|
| Hash/MAC | Not encrypted | Not encrypted, | Encrypted (AEAD w/ AES) |
|
||||||
| | no auth | but authenticated | and authenticated |
|
| | no auth | but authenticated | and authenticated |
|
||||||
+----------+---------------+------------------------+--------------------------+
|
+----------+---------------+------------------------+--------------------------+
|
||||||
| SHA-256 | none | authenticated | repokey, keyfile |
|
| SHA-256 | none | `authenticated` | repokey, keyfile |
|
||||||
+----------+---------------+------------------------+--------------------------+
|
+----------+---------------+------------------------+--------------------------+
|
||||||
| BLAKE2b | n/a | authenticated-blake2 | repokey-blake2, |
|
| BLAKE2b | n/a | `authenticated-blake2` | `repokey-blake2`, |
|
||||||
| | | | keyfile-blake2 |
|
| | | | `keyfile-blake2` |
|
||||||
+----------+---------------+------------------------+--------------------------+
|
+----------+---------------+------------------------+--------------------------+
|
||||||
|
|
||||||
|
`Marked modes` are new in Borg 1.1 and are not backwards-compatible with Borg 1.0.x.
|
||||||
|
|
||||||
On modern Intel/AMD CPUs (except very cheap ones), AES is usually
|
On modern Intel/AMD CPUs (except very cheap ones), AES is usually
|
||||||
hardware-accelerated.
|
hardware-accelerated.
|
||||||
BLAKE2b is faster than SHA256 on Intel/AMD 64-bit CPUs
|
BLAKE2b is faster than SHA256 on Intel/AMD 64-bit CPUs
|
||||||
|
@ -2491,7 +2493,8 @@ class Archiver:
|
||||||
|
|
||||||
`none` mode uses no encryption and no authentication. It uses SHA256 as chunk
|
`none` mode uses no encryption and no authentication. It uses SHA256 as chunk
|
||||||
ID hash. Not recommended, rather consider using an authenticated or
|
ID hash. Not recommended, rather consider using an authenticated or
|
||||||
authenticated/encrypted mode.
|
authenticated/encrypted mode. This mode has possible denial-of-service issues
|
||||||
|
when running ``borg create`` on contents controlled by an attacker.
|
||||||
Use it only for new repositories where no encryption is wanted **and** when compatibility
|
Use it only for new repositories where no encryption is wanted **and** when compatibility
|
||||||
with 1.0.x is important. If compatibility with 1.0.x is not important, use
|
with 1.0.x is important. If compatibility with 1.0.x is not important, use
|
||||||
`authenticated-blake2` or `authenticated` instead.
|
`authenticated-blake2` or `authenticated` instead.
|
||||||
|
|
Loading…
Reference in New Issue