upstream/borgbackup
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2026-02-18 18:19:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs/security: used implementations; note python libraries

Browse source
This commit is contained in:
Marian Beermann 2017-06-02 13:05:54 +02:00
parent 107e320a20
commit b996afbc06
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
docs/internals/security.rst
View file

@ -254,9 +254,13 @@ on widely used libraries providing them:
We think this is not an additional risk, since we don't ever
use OpenSSL's networking, TLS or X.509 code, but only their
primitives implemented in libcrypto.
- SHA-256 and SHA-512 from Python's hashlib_ standard library module are used
- SHA-256 and SHA-512 from Python's hashlib_ standard library module are used.
Borg requires a Python built with OpenSSL support (due to PBKDF2), therefore
these functions are delegated to OpenSSL by Python.
- HMAC, PBKDF2 and a constant-time comparison from Python's hmac_ standard
library module is used.
library module is used. While the HMAC implementation is written in Python,
the PBKDF2 implementation is provided by OpenSSL. The constant-time comparison
(``compare_digest``) is written in C and part of Python.
- BLAKE2b is either provided by the system's libb2, an official implementation,
or a bundled copy of the BLAKE2 reference implementation (written in C).