Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove legacy crypto modes for new repos #6490

Closed
ThomasWaldmann opened this issue Mar 26, 2022 · 4 comments
Closed

remove legacy crypto modes for new repos #6490

ThomasWaldmann opened this issue Mar 26, 2022 · 4 comments
Assignees
@ThomasWaldmann
Milestone
2.0.0a3

Comments

@ThomasWaldmann
Copy link
Member

ThomasWaldmann commented Mar 26, 2022
edited
Loading

#6463 added shiny nice AEAD crypto modes and also the usage of session keys, which solves the potential issues with the legacy AES-CTR based crypto (mainly about nonce management to avoid nonce reuse).

To get rid of the old stuff quickly, I think we should remove the legacy crypto modes for new repos with 2.0 and remove the legacy code completely in N+1 release.
@ThomasWaldmann ThomasWaldmann added this to the helium milestone Mar 26, 2022
@ThomasWaldmann
Copy link
Member Author

ThomasWaldmann commented Mar 26, 2022
edited
Loading

deprecation / removal timing:

  • borg rcreate (== create new repos with legacy crypto): remove immediately
  • borg transfer (== transfer archives from existing repos with legacy crypto): remove in N+1.

@Charles-Auer
Copy link

Based on the docs, this looks like it would affect both regular keys and blake2b keys. Is that correct?

@ThomasWaldmann
Copy link
Member Author

ThomasWaldmann commented Mar 30, 2022
edited
Loading

yes, it will affect all pre-borg-2.0 modes, they are all based on AES-CTR mode and need the related counter management, which can be problematic in some situations.

@ThomasWaldmann ThomasWaldmann modified the milestones: 1.3.x, 1.3.0b1 Apr 12, 2022
@ThomasWaldmann ThomasWaldmann modified the milestones: 2.0.0b1, 2.0.0a3 Jun 26, 2022
@ThomasWaldmann ThomasWaldmann self-assigned this Jun 29, 2022
@ThomasWaldmann ThomasWaldmann changed the title deprecate legacy crypto remove legacy crypto modes for new repos Jun 29, 2022
ThomasWaldmann added a commit to ThomasWaldmann/borg that referenced this issue Jun 29, 2022
@ThomasWaldmann
rcreate: remove legacy encryption modes for new repos, fixes borgback…
536c44f 
…up#6490

These are legacy crypto modes based on AES-CTR mode:
(repokey|keyfile)[-blake2]

New crypto modes with session keys and AEAD ciphers:

(repokey|keyfile)[-blake2]-(aes-ocb|chacha20-poly1305)

Tests needed some changes:
- most used repokey/keyfile, changed to new modes
- some nonce tests removed, the new crypto code does not generate
  the repo side nonces any more (were only used for AES-CTR)
ThomasWaldmann added a commit to ThomasWaldmann/borg that referenced this issue Jun 29, 2022
@ThomasWaldmann
rcreate: remove legacy encryption modes for new repos, fixes borgback…
e927168 
…up#6490

These are legacy crypto modes based on AES-CTR mode:
(repokey|keyfile)[-blake2]

New crypto modes with session keys and AEAD ciphers:

(repokey|keyfile)[-blake2]-(aes-ocb|chacha20-poly1305)

Tests needed some changes:
- most used repokey/keyfile, changed to new modes
- some nonce tests removed, the new crypto code does not generate
  the repo side nonces any more (were only used for AES-CTR)
ThomasWaldmann added a commit to ThomasWaldmann/borg that referenced this issue Jun 30, 2022
@ThomasWaldmann
rcreate: remove legacy encryption modes for new repos, fixes borgback…
dc2f2f4 
…up#6490

These are legacy crypto modes based on AES-CTR mode:
(repokey|keyfile)[-blake2]

New crypto modes with session keys and AEAD ciphers:

(repokey|keyfile)[-blake2]-(aes-ocb|chacha20-poly1305)

Tests needed some changes:
- most used repokey/keyfile, changed to new modes
- some nonce tests removed, the new crypto code does not generate
  the repo side nonces any more (were only used for AES-CTR)
ThomasWaldmann added a commit that referenced this issue Jun 30, 2022
@ThomasWaldmann
Merge pull request #6821 from ThomasWaldmann/remove-legacy-repo-creat…
2ab254c 
…ion-borg2

rcreate: remove legacy crypto for new repos, fixes #6490
@ThomasWaldmann
Copy link
Member Author

fixed in borg2 branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ThomasWaldmann ThomasWaldmann

Labels
None yet
Projects
None yet
Milestone
2.0.0a3
Development

No branches or pull requests
2 participants
@ThomasWaldmann @Charles-Auer