Bladeren bron

init: note possible denial of service with "none" mode

Marian Beermann 8 jaren geleden
bovenliggende
commit
97089fe141
1 gewijzigde bestanden met toevoegingen van 7 en 4 verwijderingen
  1. 7 4
      src/borg/archiver.py

+ 7 - 4
src/borg/archiver.py

@@ -2453,12 +2453,14 @@ class Archiver:
         | Hash/MAC | Not encrypted | Not encrypted,         | Encrypted (AEAD w/ AES)  |
         |          | no auth       | but authenticated      | and authenticated        |
         +----------+---------------+------------------------+--------------------------+
-        | SHA-256  | none          | authenticated          | repokey, keyfile         |
+        | SHA-256  | none          | `authenticated`        | repokey, keyfile         |
         +----------+---------------+------------------------+--------------------------+
-        | BLAKE2b  | n/a           | authenticated-blake2   | repokey-blake2,          |
-        |          |               |                        | keyfile-blake2           |
+        | BLAKE2b  | n/a           | `authenticated-blake2` | `repokey-blake2`,        |
+        |          |               |                        | `keyfile-blake2`         |
         +----------+---------------+------------------------+--------------------------+
 
+        `Marked modes` are new in Borg 1.1 and are not backwards-compatible with Borg 1.0.x.
+
         On modern Intel/AMD CPUs (except very cheap ones), AES is usually
         hardware-accelerated.
         BLAKE2b is faster than SHA256 on Intel/AMD 64-bit CPUs
@@ -2491,7 +2493,8 @@ class Archiver:
 
         `none` mode uses no encryption and no authentication. It uses SHA256 as chunk
         ID hash. Not recommended, rather consider using an authenticated or
-        authenticated/encrypted mode.
+        authenticated/encrypted mode. This mode has possible denial-of-service issues
+        when running ``borg create`` on contents controlled by an attacker.
         Use it only for new repositories where no encryption is wanted **and** when compatibility
         with 1.0.x is important. If compatibility with 1.0.x is not important, use
         `authenticated-blake2` or `authenticated` instead.