-
-
Notifications
You must be signed in to change notification settings - Fork 756
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace id_key, enc_key and enc_hmac_key with a single field #6611
Comments
You're right, having a big random seed and derive all we need from that would be more elegant. But, for The enc_key and enc_hmac_key are not needed separately any more for the AEAD ciphers, so these could be concatenated and written to a new key field. borg2 still needs to be able to read the old keys for reading old repos with old encryption though. |
idea:
|
Old borg can not read/process the new keys that have |
Key: crypt_key instead of enc_key + enc_hmac_key, fixes #6611
If we choose to break with the past #6602, I propose we simplify our key format. Our keys currently store 800 secret bits split into 4 fields: id_key (256 bits), enc_key (256 bits), enc_hmac_key (256 bits) and chunk_seed (32 bits). The fields were once created each for a specific purpose, but some were later repurposed:
I propose we future-proof our key format by having a single secret field - a seed. We can then derive any number of keys we need from it via a cryptographically secure pseudorandom number generator.
P.S. I myself do not currently have an opinion on whether breaking with the past (#6602) is a good idea or not.
P.P.S. We might want to future-proof the format by generating a bigger seed than we need and truncating it to the length a given PRNG wants. We can then upgrade to a PRNG with a bigger seed without changing the format
The text was updated successfully, but these errors were encountered: