Comments (11)
e) might be solved when dropping passphrase mode (see #97). So reconsider this ticket when we do that.
from borg.
@Safari77 interesting, they even have a python binding and a pypi package:
https://pypi.python.org/pypi/argon2
but we have to be careful about dependencies - if we can't get what we need as dependency from existing (linux or other) packages, that will block us having a package until the dependency is resolved also. This is especially a problem with brand new stuff.
from borg.
Well, I basically agree with what you're saying, so just some additional comments:
a) We need to redo your performance tests in python 3.2+ / with the python stdlib calls as used by borg.
b) I think this is yet another case of a hardcoded value that does not fit everybody's needs. With a recent i5, you'ld want much more than the hardcoded value, while on an old machine or on a raspberry pi, 100.000 might already mean the maximum of an appropriate wait time (and more might be too slow for interactive use).
c) Storing the pbkdf2 output somewhere is as bad as storing the password somewhere.
d) Having a configurable value for the iterations first and a calibration function later might be a good idea.
e) We can not change the iterations for the passphrase-only mode [at least not for existing repos], it would break existing repositories. But I'm going to deprecate this mode anyway, you also can not ever change the passphrase. Both is just crap.
from borg.
On my machine, using the pbkdf2_sha256 from openssl (as borg does), the current iterations count (100.000) takes approximately 0.1s, so yes, 1.000.000 would be better for this machine.
I tried it on a raspberry pi2 also - there 100.000 iterations take 1.4s. So, 100.000 is fine for there, from a usability standpoint.
So, what's left as an option is to make it configurable for the users who want to deviate from the default.
About auto-calibration: the user of a fast machine could say "I want to waste 3s for pbkdf2" and it could automatically adjust iterations so it is about 3s. BUT: that's only true for this machine. If you backup to same encrypted repo with a much slower machine, you might also wait 100s for pbkdf2 to compute.
from borg.
Note: using bcrypt or scrypt might be another option.
from borg.
Instead of scrypt, I'd like to see Argon2
https://github.com/P-H-C/phc-winner-argon2.git
from borg.
1password has a great article on pbdkf2:
https://support.1password.com/defense-against-crackers/
They have several other good articles on other security engineering topics on their support pages. I suggest checking it out.
from borg.
@mahyar citing from the article:
"Once you reach a certain number of PBKDF2 iterations, you get much more bang for your buck from a small improvement in your Master Password than from a large increase in PBKDF2 iterations."
That sounds very reasonable. Especially when considering that using a high value (no matter whether determined by calibration or configuration) might be unsuitable for much slower machines accessing the same repository, rendering any calibration rather useless.
So, considering we are already at 100.000, how about users who want more security against brute force cracking just use a longer/better passphrase and do not crank up the iterations?
from borg.
I like the idea of bcrypt and perhaps 500,000 iterations?
from borg.
@jungle-boogie I know bcrypt, scrypt and meanwhile also argon2, but such a change won't happen for 1.0 (which is rather soon).
So the question, as the ticket title says, is for now just whether we keep 100.000 pbkdf2 iterations or do increase the number. I currently tend to keep it (see above), as a big increase would be an annoyance on slow machines and a small increase (like 2x) might be a bit pointless.
from borg.
closing this. we keep pbkdf2 iteration count as is for now.
if you want better security / stronger defence against brute force attacks, use a longer passphrase as suggested in one of the articles linked aboved.
from borg.
Related Issues (20)
- Static binary for OpenBSD/NetBSD missing HOT 3
- Move path within repo HOT 2
- [1.2.7] borg check -repair lacks a summarizing information at the end when it actually repaired something(s)
- "compromised client" threat model HOT 1
- Backup to Hetzner Storage Share no longer working HOT 1
- moin 1.4: borg install docs, cygwin section refer to py38
- borg2: Creating archive fails at specific archive name HOT 3
- disk is full: `_get_default_tempdir` raises `FileNotFoundError` No usable temporary directory found in ['/tmp', '/var/tmp', '/usr/tmp', '/home/kmille'] HOT 7
- run in venv w/ root rights HOT 3
- As of 1.2.0, the ssh relative path hack "/./" works for most actions but not "borg init" HOT 4
- Please add a way to keep backups independently of pruning retention policy HOT 2
- ConnectionResetError: [Errno 104] Connection reset by peer HOT 3
- `borgfs` in Standalone Binary Installation Docs HOT 2
- Can't build borg on arm64 (armbian 22.04LTS) HOT 20
- Use multithreaded zstd compression HOT 4
- Security Feature: Error if local / repository nonce are not in agreement -- improve encryption trust HOT 1
- Are backup archive names encrypted? Cannot find answer in docs. HOT 1
- Backups much slower (5 mins compared to 0.3 secs) than reported "Duration" -- any way to speed it up? HOT 6
- Possible bug in pruning logic with keep-weekly and keep-monthly HOT 7
- netbsd9 vagrant box: broken libxxhash.pc HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from borg.