Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider a --allow-unauthenticated-data flags for repair #167

Open
commial opened this issue Jun 21, 2023 · 0 comments
Open

Consider a --allow-unauthenticated-data flags for repair #167

commial opened this issue Jun 21, 2023 · 0 comments
Labels
enhancement New feature or request
Milestone
mla v1.5.0

Comments

@commial
Copy link
Contributor

commial commented Jun 21, 2023

For now, mlar repair explicitely tries to get the maximum of an archive.
To do so, as an encrypted chunk is 4MB + (size of a tag) long, the tag verification is ignored, removing the "authenticated" part of AES-GCM.
For now, this is considered fine as the repair is a recovery / debug command. But to avoid any mislead to users heavily using it, the behavior could be changed to:

  • by default, check for the tag -- thus limiting repair to size rounded to the encrypted chunk size ;
  • add an explicit flag to get the old behavior, with a warning in the CLI that the obtained data "cannot be trusted".

This also requires changes to the EncryptFailSafe layer, in order to support such configuration possibility.
@commial commial added the enhancement New feature or request label Jun 21, 2023
@commial commial added this to the mla v1.4.0 milestone Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
mla v1.5.0
Development

No branches or pull requests
1 participant
@commial