From cad49b844e37a42a0ced0faf375d088568c9e6d9 Mon Sep 17 00:00:00 2001 From: Marian Beermann Date: Thu, 11 May 2017 17:49:02 +0200 Subject: [PATCH] key: authenticated mode = not passphrase protected --- docs/changes.rst | 12 ++++++++++-- src/borg/crypto/key.py | 12 ++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/changes.rst b/docs/changes.rst index ebd4e0886..a15f7fb03 100644 --- a/docs/changes.rst +++ b/docs/changes.rst @@ -133,13 +133,21 @@ Version 1.1.0b6 (unreleased) Compatibility notes: -- Repositories in a repokey mode with a blank passphrase are now treated - as unencrypted repositories for security checks +- Repositories in a repokey mode (including "authenticated" mode) with a + blank passphrase are now treated as unencrypted repositories for security checks (e.g. BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK). - Running "borg init" via a "borg serve --append-only" server will *not* create an append-only repository anymore. Use "borg init --append-only" to initialize an append-only repository. + Previously there would be no prompts nor messages if an unknown repository + in one of these modes with a blank passphrase was encountered. This would + allow an attacker to swap a repository, if one assumed that the lack of + password prompts was due to a set BORG_PASSPHRASE. + + Since the "trick" does not work if BORG_PASSPHRASE is set, this does generally + not affect scripts. + Version 1.1.0b5 (2017-04-30) ---------------------------- diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py index 9469be297..772b4ae5d 100644 --- a/src/borg/crypto/key.py +++ b/src/borg/crypto/key.py @@ -749,6 +749,18 @@ class AuthenticatedKey(ID_BLAKE2b_256, RepoKey): ARG_NAME = 'authenticated' STORAGE = KeyBlobStorage.REPO + # It's only authenticated, not encrypted. + passphrase_protected = False + + def load(self, target, passphrase): + success = super().load(target, passphrase) + self.passphrase_protected = False + return success + + def save(self, target, passphrase): + super().save(target, passphrase) + self.passphrase_protected = False + def encrypt(self, chunk): data = self.compressor.compress(chunk) return b''.join([self.TYPE_STR, data])