[Borgbackup] Subject: Re: FW: Local backup media file system corrupt. Best way to recover?

Thomas Waldmann tw at waldmann-edv.de
Tue Nov 8 11:43:38 EST 2022 

> 2. I also have an off-site Borg repository which was still intact
> 3. Rather than creating a new local repository, I asked whether it was 
> possible to copy the off-site repository

You can not use the same repo with same key material at 2 places, that 
is not secure because of nonce reuse.

Practically you could hack the repo id of one repo (like +1), but the 
security problem does not go away by that.

> 4. I was informed that it was possible to copy the off-site repository

I assumed you have a repo-copy that was just a copy (like rclone / 
rsync) and NOT also used with borg on the remote site.

> 7. However, when I tried to update the off-site repository, that action 
> failed because:
> "Borg: Cache, or information obtained from the security directory is 
> newer than repository - this is either an attack or unsafe (multiple 
> repos with same ID)"

That is because you used 2 repos with the same ID with borg.

> What is not clear to me, is whether it is possible to change the 
> repository ID of the local Borg repository which I have copied?

That would make it work, but it would not be cryptographically secure 
any more.

> And if it is possible to change the repository ID, what are the steps?

Make sure that repo_dir/config has always a unique ID (if you create a 
new repo, a random number is used. if you hack it manually, you can just 
do +1).

After that, better delete the cache of both repos:
borg delete --cache-only repo1
borg delete --cache-only repo2

First borg op after that will take a while, but it will clean up any 
mess that there might be now due to the duplicate IDs.

> I can't see any option with init to change the repository ID.

There is no such option because that is not secure. It just solves the 
issue that borg confuses the 2 repos because it would use the same 
config and cache path, but it does not solve the AES nonce reuse issue.


BTW, borg2 will fix the AES-CTR mode issues by not using AES-CTR any 
more, so things will get a bit easier. E.g. you will be able to use 
"borg transfer" to efficiently transfer an archive from one repo to 
another related repo.

More information about the Borgbackup mailing list