-
-
Notifications
You must be signed in to change notification settings - Fork 750
Borg 2.0
TW edited this page Jul 15, 2022
·
5 revisions
Note: This page could be outdated. Look at the page history to see when it was last updated.
| Status: | implementing |
|---|---|
| Time frame: | n/a |
- Using some sort of "session keys" for encryption. This is mainly motivated by four-ish
reasons:
- With a global AES + MAC key one has to track the counter values perfectly to avoid leaking XORed plaintexts. This means extra synchronization and complexity between clients (and in a multi-threaded environment, between threads).
- Using separate "session keys" in multiple threads makes multi-threading easier
- Data encrypted using "session keys" could be more easily moved between repositories, which would allow efficient replication. This is not possible with a global CTR, since it may never repeat
- Using "session keys" could allow to freely choose from a set of encryption algorithms - one algorithm is not the best for all machines.
- more modern KDF (argon2 additionally to pbkdf2)
- Possibly: Some form of replication (between "similar" repositories, for some definition of "similar"). The session key design must consider this.