mirror of https://github.com/borgbackup/borg.git
key: authenticated mode = not passphrase protected
This commit is contained in:
parent
9e6b8f67b9
commit
cad49b844e
|
@ -133,13 +133,21 @@ Version 1.1.0b6 (unreleased)
|
||||||
|
|
||||||
Compatibility notes:
|
Compatibility notes:
|
||||||
|
|
||||||
- Repositories in a repokey mode with a blank passphrase are now treated
|
- Repositories in a repokey mode (including "authenticated" mode) with a
|
||||||
as unencrypted repositories for security checks
|
blank passphrase are now treated as unencrypted repositories for security checks
|
||||||
(e.g. BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK).
|
(e.g. BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK).
|
||||||
- Running "borg init" via a "borg serve --append-only" server will *not* create
|
- Running "borg init" via a "borg serve --append-only" server will *not* create
|
||||||
an append-only repository anymore. Use "borg init --append-only" to initialize
|
an append-only repository anymore. Use "borg init --append-only" to initialize
|
||||||
an append-only repository.
|
an append-only repository.
|
||||||
|
|
||||||
|
Previously there would be no prompts nor messages if an unknown repository
|
||||||
|
in one of these modes with a blank passphrase was encountered. This would
|
||||||
|
allow an attacker to swap a repository, if one assumed that the lack of
|
||||||
|
password prompts was due to a set BORG_PASSPHRASE.
|
||||||
|
|
||||||
|
Since the "trick" does not work if BORG_PASSPHRASE is set, this does generally
|
||||||
|
not affect scripts.
|
||||||
|
|
||||||
Version 1.1.0b5 (2017-04-30)
|
Version 1.1.0b5 (2017-04-30)
|
||||||
----------------------------
|
----------------------------
|
||||||
|
|
||||||
|
|
|
@ -749,6 +749,18 @@ class AuthenticatedKey(ID_BLAKE2b_256, RepoKey):
|
||||||
ARG_NAME = 'authenticated'
|
ARG_NAME = 'authenticated'
|
||||||
STORAGE = KeyBlobStorage.REPO
|
STORAGE = KeyBlobStorage.REPO
|
||||||
|
|
||||||
|
# It's only authenticated, not encrypted.
|
||||||
|
passphrase_protected = False
|
||||||
|
|
||||||
|
def load(self, target, passphrase):
|
||||||
|
success = super().load(target, passphrase)
|
||||||
|
self.passphrase_protected = False
|
||||||
|
return success
|
||||||
|
|
||||||
|
def save(self, target, passphrase):
|
||||||
|
super().save(target, passphrase)
|
||||||
|
self.passphrase_protected = False
|
||||||
|
|
||||||
def encrypt(self, chunk):
|
def encrypt(self, chunk):
|
||||||
data = self.compressor.compress(chunk)
|
data = self.compressor.compress(chunk)
|
||||||
return b''.join([self.TYPE_STR, data])
|
return b''.join([self.TYPE_STR, data])
|
||||||
|
|
Loading…
Reference in New Issue