backups: change default HMAC algorithm to SHA512
Backups should be safe also for long-term, so change HMAC to SHA512, which should be usable much longer than SHA1. See this thread for discussion: https://groups.google.com/d/msg/qubes-devel/5X-WjdP9VqQ/4zI8-QWd0S4J Additionally save guessed HMAC in artificial header data (when no real header exists).
This commit is contained in:
parent
603384b4c6
commit
dba6798a60
@ -43,7 +43,7 @@ BACKUP_DEBUG = False
|
|||||||
|
|
||||||
HEADER_FILENAME = 'backup-header'
|
HEADER_FILENAME = 'backup-header'
|
||||||
DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc'
|
DEFAULT_CRYPTO_ALGORITHM = 'aes-256-cbc'
|
||||||
DEFAULT_HMAC_ALGORITHM = 'SHA1'
|
DEFAULT_HMAC_ALGORITHM = 'SHA512'
|
||||||
# Maximum size of error message get from process stderr (including VM process)
|
# Maximum size of error message get from process stderr (including VM process)
|
||||||
MAX_STDERR_BYTES = 1024
|
MAX_STDERR_BYTES = 1024
|
||||||
# header + qubes.xml max size
|
# header + qubes.xml max size
|
||||||
@ -1174,6 +1174,8 @@ def restore_vm_dirs (backup_source, restore_tmpdir, passphrase, vms_dirs, vms,
|
|||||||
encrypted = header_data[BackupHeader.encrypted]
|
encrypted = header_data[BackupHeader.encrypted]
|
||||||
os.unlink(filename)
|
os.unlink(filename)
|
||||||
else:
|
else:
|
||||||
|
# if no header found, create one with guessed HMAC algo
|
||||||
|
header_data = { BackupHeader.hmac_algorithm: hmac_algorithm }
|
||||||
# If this isn't backup header, pass it to ExtractWorker
|
# If this isn't backup header, pass it to ExtractWorker
|
||||||
to_extract.put(filename)
|
to_extract.put(filename)
|
||||||
# when tar do not find expected file in archive, it exit with
|
# when tar do not find expected file in archive, it exit with
|
||||||
|
Loading…
Reference in New Issue
Block a user