From d84eeea84d042d4a0400453ca8b43f21635acdd2 Mon Sep 17 00:00:00 2001
From: TW <tw@waldmann-edv.de>
Date: Wed, 13 May 2026 09:55:36 +0200
Subject: [PATCH] docs: add DoS warning for none encryption mode, fixes #6715

---
 docs/internals/data-structures.rst |  2 ++
 src/borg/archiver.py               | 11 ++++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/docs/internals/data-structures.rst b/docs/internals/data-structures.rst
index 59a3f6c21..983da3748 100644
--- a/docs/internals/data-structures.rst
+++ b/docs/internals/data-structures.rst
@@ -805,6 +805,8 @@ b) with ``create --chunker-params buzhash,19,23,21,4095`` (default):
    You'll save some memory, but it will need to read / chunk all the files as
    it can not skip unmodified files then.
 
+.. _internals_hashindex:
+ 
 HashIndex
 ---------
 
diff --git a/src/borg/archiver.py b/src/borg/archiver.py
index c95da4477..8bc52a55a 100644
--- a/src/borg/archiver.py
+++ b/src/borg/archiver.py
@@ -3058,6 +3058,7 @@ class Archiver:
             'borg_key_export': 'borg key export --help',
             'borg_key_change-passphrase': 'borg key change-passphrase',
             'environment-variables': 'Environment Variables',
+            'internals_hashindex': 'Internals -> Data structures and file formats -> HashIndex',
         }
 
         def process_epilog(epilog):
@@ -4756,11 +4757,11 @@ class Archiver:
         compatible with Borg 1.1 and later.
 
         ``none`` mode uses no encryption and no authentication. It uses SHA256
-        as chunk ID hash. This mode is not recommended. You should instead
-        consider using an authenticated or authenticated/encrypted mode. This
-        mode has possible denial-of-service issues when running ``borg create``
-        on contents controlled by an attacker. See above for alternatives.
-        This mode is compatible with all Borg versions.
+        as chunk ID hash. This mode is not recommended
+        as it is vulnerable to DoS attacks by an attacker (for example,
+        crafting content that causes hash index collisions). Do not use it if
+        untrusted clients use the repository. See :ref:`internals_hashindex` for
+        details. This mode is compatible with all Borg versions.
         """)
         subparser = subparsers.add_parser('init', parents=[common_parser], add_help=False,
                                           description=self.do_init.__doc__, epilog=init_epilog,