Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[DOCS] #4883 – Borg documentation downplays severity of Nonce reuse issue

Shorten the log info for deleting/keeping security info. Fix bad wording.
Thalian 5 years ago
parent
41ecd1ae30
commit
1d9dadd6b7
2 changed files with 6 additions and 8 deletions
Split View Show Diff Stats
  1. 4 3
      docs/faq.rst
  2. 2 5
      src/borg/archiver.py

+ 4 - 3
docs/faq.rst
View File 

@@ -202,9 +202,10 @@ the working repository to the same location:
 
 A plain delete command would remove the security info in
 
 ``~/.config/borg/security``, including the nonce value. In BorgBackup
 
 :ref:`security_encryption` is AES-CTR, where the nonce is a counter. When the
 
-working repo was used later for creating new archives, Borg would initialize a
 
-fresh nonce, which would be bad for security reasons. To prevent this, the
 
-``keep-security-info`` option is applied so that the nonce counter is kept.
 
+working repo was used later for creating new archives, Borg would re-use nonce
 
+values due to starting from a lower counter value given by the older copy of the
 
+repository. To prevent this, the ``keep-security-info`` option is applied so
 
+that the client-side nonce counter is kept.
 
 
 Can Borg add redundancy to the backup data to deal with hardware malfunction?
 
 -----------------------------------------------------------------------------

+ 2 - 5
src/borg/archiver.py
View File 

@@ -1212,10 +1212,7 @@ class Archiver:
 
                     SecurityManager.destroy(repository)
 
             else:
 
                 logger.info("Would delete repository.")
 
-                if keep_security_info:
 
-                    logger.info("Would keep security info.")
 
-                else:
 
-                    logger.info("Would delete security info.")
 
+                logger.info("Would %s security info." % ("keep" if keep_security_info else "delete"))
 
         if not dry_run:
 
             Cache.destroy(repository)
 
             logger.info("Cache deleted.")
 
@@ -3359,7 +3356,7 @@ class Archiver:
 
         you run ``borg compact``.
 
 
         When you delete a complete repository, the security info and local cache for it
 
-        (if any) is also deleted. Alternatively, you can delete just the local cache
 
+        (if any) are also deleted. Alternatively, you can delete just the local cache
 
         with the ``--cache-only`` option, or keep the security info with the
 
         ``--keep-security-info`` option.