Comments (11)
e) might be solved when dropping passphrase mode (see #97). So reconsider this ticket when we do that.
from borg.
@Safari77 interesting, they even have a python binding and a pypi package:
https://pypi.python.org/pypi/argon2
but we have to be careful about dependencies - if we can't get what we need as dependency from existing (linux or other) packages, that will block us having a package until the dependency is resolved also. This is especially a problem with brand new stuff.
from borg.
Well, I basically agree with what you're saying, so just some additional comments:
a) We need to redo your performance tests in python 3.2+ / with the python stdlib calls as used by borg.
b) I think this is yet another case of a hardcoded value that does not fit everybody's needs. With a recent i5, you'ld want much more than the hardcoded value, while on an old machine or on a raspberry pi, 100.000 might already mean the maximum of an appropriate wait time (and more might be too slow for interactive use).
c) Storing the pbkdf2 output somewhere is as bad as storing the password somewhere.
d) Having a configurable value for the iterations first and a calibration function later might be a good idea.
e) We can not change the iterations for the passphrase-only mode [at least not for existing repos], it would break existing repositories. But I'm going to deprecate this mode anyway, you also can not ever change the passphrase. Both is just crap.
from borg.
On my machine, using the pbkdf2_sha256 from openssl (as borg does), the current iterations count (100.000) takes approximately 0.1s, so yes, 1.000.000 would be better for this machine.
I tried it on a raspberry pi2 also - there 100.000 iterations take 1.4s. So, 100.000 is fine for there, from a usability standpoint.
So, what's left as an option is to make it configurable for the users who want to deviate from the default.
About auto-calibration: the user of a fast machine could say "I want to waste 3s for pbkdf2" and it could automatically adjust iterations so it is about 3s. BUT: that's only true for this machine. If you backup to same encrypted repo with a much slower machine, you might also wait 100s for pbkdf2 to compute.
from borg.
Note: using bcrypt or scrypt might be another option.
from borg.
Instead of scrypt, I'd like to see Argon2
https://github.com/P-H-C/phc-winner-argon2.git
from borg.
1password has a great article on pbdkf2:
https://support.1password.com/defense-against-crackers/
They have several other good articles on other security engineering topics on their support pages. I suggest checking it out.
from borg.
@mahyar citing from the article:
"Once you reach a certain number of PBKDF2 iterations, you get much more bang for your buck from a small improvement in your Master Password than from a large increase in PBKDF2 iterations."
That sounds very reasonable. Especially when considering that using a high value (no matter whether determined by calibration or configuration) might be unsuitable for much slower machines accessing the same repository, rendering any calibration rather useless.
So, considering we are already at 100.000, how about users who want more security against brute force cracking just use a longer/better passphrase and do not crank up the iterations?
from borg.
I like the idea of bcrypt and perhaps 500,000 iterations?
from borg.
@jungle-boogie I know bcrypt, scrypt and meanwhile also argon2, but such a change won't happen for 1.0 (which is rather soon).
So the question, as the ticket title says, is for now just whether we keep 100.000 pbkdf2 iterations or do increase the number. I currently tend to keep it (see above), as a big increase would be an annoyance on slow machines and a small increase (like 2x) might be a bit pointless.
from borg.
closing this. we keep pbkdf2 iteration count as is for now.
if you want better security / stronger defence against brute force attacks, use a longer passphrase as suggested in one of the articles linked aboved.
from borg.
Related Issues (20)
- netbsd9 vagrant box: broken libxxhash.pc HOT 2
- locking.py seems multiprocess-safe but not thread-safe HOT 3
- `borg check` hangs after errors HOT 5
- pytest startdir: py.path.local argument is deprecated
- Getting "Data integrity error: Invalid segment entry size 0" on fresh repos HOT 9
- Breaking change between b7 and b8 for encrypted repos HOT 5
- --pattern having different outcome in crontab HOT 6
- 2.0.0b5 repositories inaccessible with 2.0.0b8 - KeyError: 'type' in repoobj.py HOT 11
- borg crashes when segment file corrupted, proposed correction HOT 2
- `import-tar` doc actually explains `export-tar` HOT 3
- Crash when remote repo doesn't exist HOT 4
- Borg mount does not read BORG_REPO env variable HOT 5
- Traceback with delete subcommand when no archive is given HOT 2
- vagrant: add ubuntu noble box for borg 1.2 testing
- vagrant: freebsd 13 box broken (1.2-maint) HOT 4
- windows: github CI broken HOT 4
- Borg 1.4.0 FreeBSD fat binary on FreeBSD 13.2 HOT 5
- `ls`-like file view or `borg list --depth` to limit subdirectory recursion HOT 3
- borg 1.4 freebsd acl code does not compile on freebsd 13 HOT 2
- Borg 1.4.0 remote mount hangs indefinitely HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from borg.