|
|
@@ -710,14 +710,15 @@ Send a private email to the :ref:`security contact <security-contact>`
|
|
|
if you think you have discovered a security issue.
|
|
|
Please disclose security issues responsibly.
|
|
|
|
|
|
-How important is path/to/repo/nonce?
|
|
|
+How important are the nonce files?
|
|
|
------------------------------------
|
|
|
|
|
|
Borg uses :ref:`AES-CTR encryption <borg_security_critique>`. An
|
|
|
essential part of AES-CTR is a sequential counter that must **never**
|
|
|
repeat. If the same value of the counter is used twice in the same repository,
|
|
|
an attacker can decrypt the data. The counter is stored in the home directory
|
|
|
-of each user (under $HOME/.config/borg/security) as well as in the repository. When creating a new archive borg uses
|
|
|
+of each user ($HOME/.config/borg/security/$REPO_ID/nonce) as well as
|
|
|
+in the repository (/path/to/repo/nonce). When creating a new archive borg uses
|
|
|
the highest of the two values. The value of the counter in the repository may be
|
|
|
higher than your local value if another user has created an archive more recently
|
|
|
than you did.
|
|
|
@@ -726,8 +727,8 @@ Since the nonce is not necessary to read the data that is already encrypted,
|
|
|
``borg info``, ``borg list``, ``borg extract`` and ``borg mount`` should work
|
|
|
just fine without it.
|
|
|
|
|
|
-If the path/to/repo/nonce is lost, but you still have your local copy,
|
|
|
-borg will recreate path/to/repo/nonce the next time you run ``borg create``.
|
|
|
+If the the nonce file stored in the repo is lost, but you still have your local copy,
|
|
|
+borg will recreate the repository nonce file the next time you run ``borg create``.
|
|
|
This should be safe for repositories that are only used from one user account
|
|
|
on one machine.
|
|
|
|
Andrey Bienkowski