docs: document Fileset Signature SHA256 and SHA512

- add description to describe SHA256 and SHA512.
- add reference to SHA2 (256,512) to WhatIsBareos.
- add description about MD5 validity for checksumming.

Signed-off-by: Bruno Friedmann <bruno.friedmann@bareos.com>
Co-authored-by: Philipp Storz <philipp.storz@bareos.com>

docs/manuals/source/Configuration/Director.rst

@@ -715,32 +715,42 @@ The directives within an Options resource may be one of the following:
    It is strongly recommend to use signatures for your backups.
    Note, only one type of signature can be computed per file.
 
+   You have to find the right balance between speed and security. Todays CPUs have often special instructions that can calculate checksums very fast. So if in doubt, testing the speed of the different signatures in your environment will show what is the fastest algorithm.
+   For example the MD5 message-digest algorithm is a cryptographically broken but, it is still suitable for other non-cryptographic purposes (like calculating a checksum to avoid unintended data change as used by Bareos here) and may be preferred due to lower computational requirements than more recent SHA algorithms.
+
    MD5
            :index:`\ <single: MD5>`
            :index:`\ <single: signature; MD5>`
-           An MD5 signature will be computed for each files saved.  Adding this
+           An MD5 signature (128 bits) will be computed for each files saved.  Adding this
            option generates about 5\% extra overhead for each file saved.  In
            addition to the additional CPU time, the MD5 signature adds 16 more
            bytes per file to your catalog.
 
    SHA1
            :index:`\ <single: SHA1>`
            :index:`\ <single: signature; SHA1>`
-           An SHA1 signature will be computed for each files saved.
-           The SHA1 algorithm is
-           purported to be some what slower than the MD5 algorithm, but at the same
-           time is significantly better from a cryptographic point of view (i.e.
-           much fewer collisions).
+           An SHA1 (160 bits) signature will be computed for each files saved.
+           The SHA1 algorithm is purported to be some what slower than the MD5
+           algorithm, but at the same time is significantly better from a cryptographic
+           point of view (i.e. much fewer collisions).
            The SHA1 signature requires adds 20 bytes per file to your catalog.
 
    SHA256
            :index:`\ <single: SHA256>`
            :index:`\ <single: signature; SHA256>`
+           An SHA256 signature (256 bits) will be computed for each files saved.
+           The SHA256 algorithm is purported to be slower than the SHA1 algorithm, but
+           at the same time is significantly better from a cryptographic point of view
+           (i.e. no collisions found).
+           The SHA256 signature requires adds 32 bytes per file to your catalog.
 
    SHA512
            :index:`\ <single: SHA512>`
            :index:`\ <single: signature; SHA512>`
-
+           An SHA512 signature (512 bits) will be computed for each files saved.
+           This is the slowest algorithm and is equivalent in terms of cryptographic
+           value than SHA256.
+           The SHA512 signature requires adds 64 bytes per file to your catalog.
 
 
 .. config:option:: dir/fileset/include/options/BaseJob

docs/manuals/source/IntroductionAndTutorial/WhatIsBareos.rst

@@ -325,7 +325,7 @@ What is Implemented
 
    -  Configurable :ref:`Data (on Volume) encryption <DataEncryption>` on a Client by Client basis.
 
-   -  Computation of MD5 or SHA1 signatures of the file data if requested.
+   -  Computation of MD5 or SHA1, SHA2 (256,512) signatures of the file data if requested.
 
 -  Restore Features