[Borgbackup] Determine if a chunk should be added to repository
Marian Beermann
public at enkore.de
Tue Nov 19 10:24:26 EST 2019
It is in my opinion much more likely (and more in line with history)
that the hash function is broken than a random collision happening. I
should point out that in the case of HMAC the requirements on the
underlying hash function are quite weak ("has to look like a PRF"), to
the point that you can still use the thoroughly broken MD5 in HMAC
*today* and we have no known attacks on that construction (in fact, a
proof was developed after MD5 was broken to show that HMAC-MD5 is still
secure). I.e. being able to find collisions in the underlying hash
function of a HMAC is not useful in breaking HMAC. It's a construction
that has proven very resilient both in theory and practice. Borg uses
HMAC-SHA2 or BLAKE2.
-Marian
More information about the Borgbackup
mailing list