On 24.08.2021 17:06, Kenneth Loafman wrote:
> Interesting analysis and discussion.
> I don't recall when we removed the check for the same passphrase, but it was removed a few revisions ago because it increased bandwidth use.
can you point me to where you removed such a test? remember we have/had it for resumes but for incrementals too?
Don't remember where the test was. What I remember is that we changed the log level from Fatal to Error and just left it there to warn the user. Maybe in dup_collections/get_remote_manifest.
>I'm thinking we should add it back in again, but instead of testing it by decrypting a file, we should just hash the original and store it in the cache for later comparison. We could use a strong hash like sha512 and strong permissions on the file.
does feel quirky. we should never do anything with user secrets!
how about an encrypted but small file, specific to the full which must be decryptable before doing incrementals? obviously it must never contain the same value to protect encryption. or reuse the full's manifest and keep it encrypted locally too, to check encryption against.
Still would have to have a cleartext available for comparison and that would weaken the encryption.
I like the hash approach as it's nonreversible. It's no weaker than the /etc/passwd file, so should be acceptable.