New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
borg2 / N+1: remove pbkdf2 keys? #6929
Comments
@hexagonrecursion @enkore any opinion? |
|
I a bit confused: Does this mean Borg allows keys derived from the passphrase? Which I would very much love, to be honest. Makes the setup less complicated (no need to backup the key separately). Of course security is reduced to the password security, but that is a worth tradeoff if done by an educated user. |
@dragetd You still can use passphrase (repokey) |
@dragetd attic and ancient versions of borg supported key material directly derived from the passphrase. We removed that long ago because that means you could never change the passphrase. And that means your repo never can be safe again when your passphrase is disclosed - even if you noticed that before any attack. But this is not the topic of this issue. borg 1.x uses pbkdf2 as a kdf for repokey and keyfile. pbkdf2 is an older algorithm than argon2 and potentially less safe. after everybody has switched to borg2 repos (argon2 kdf keys) and is finished with transferring archives from borg1 repos (pbkdf2 kdf keys), we do not need to support borg1 keys (with pbkdf2) any more. |
we have argon2 kdf now, is there any reason to keep pbkdf2 for keys of new repos?
borg 2.0 still needs to support such keys to read old repos, but N+1 could remove it.
Also, it could be removed immediately from
borg key change-algorithm
.The text was updated successfully, but these errors were encountered: