You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, that is not super helpful to fix whatever needs fixing, passphrase or key.
Maybe we should add another hmac computed over the encrypted key in borg2, so we can detect if there is an error in the keyfile?
Also: if we know the keyfile is correct (after checking that hmac), we could also be sure that the passphrase is wrong if the other hmac doesn't match.
The text was updated successfully, but these errors were encountered:
Ehrm, guess we need to use a hash for that, not an hmac.
Because for the hmac, we need a key. The key would be derived from passphrase. And due to that, we run into same problem: we won't know if passphrase is wrong or key is corrupted if the check fails.
ThomasWaldmann
changed the title
add another hmac to the borg key?
add another hash to the borg key?
Jan 18, 2024
When looking at #8035, i noticed borg does an hmac check on the decrypted key.
But to get that, it uses the key derived from the user's passphrase and the encrypted key material from the borg key file.
If the hmac check fails:
So, that is not super helpful to fix whatever needs fixing, passphrase or key.
Maybe we should add another hmac computed over the encrypted key in borg2, so we can detect if there is an error in the keyfile?
Also: if we know the keyfile is correct (after checking that hmac), we could also be sure that the passphrase is wrong if the other hmac doesn't match.
The text was updated successfully, but these errors were encountered: