mirror
/
borg
mirror of https://github.com/borgbackup/borg.git
1
0
Fork 0
Code Issues Releases Wiki Activity

security docs: add about combining compression and encryption

This commit is contained in:
Thomas Waldmann 2018-03-09 18:02:57 +01:00
parent fcf4145222
commit be8913a93c
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/internals/security.rst
View File

@ -369,3 +369,16 @@ while libssl implements TLS and related protocols.
The latter is not used by Borg (cf. `Remote RPC protocol security`_, Borg itself does not implement
any network access) and historically contained most vulnerabilities, especially critical ones.
The static binaries released by the project contain neither libssl nor the Python ssl/_ssl modules.
Compression and Encryption
==========================
Combining encryption with compression can be insecure in some contexts (e.g. online protocols).
There was some discussion about this in `github issue #1040`_ and for Borg some developers
concluded this is no problem at all, some concluded this is hard and extremely slow to exploit
and thus no problem in practice.
No matter what, there is always the option not to use compression if you are worried about this.
.. _github issue #1040: https://github.com/borgbackup/borg/issues/1040