docs: add unsafe workaround to use an old repo copy, fixes #5722

2026-03-25 03:45:09 -04:00 · 2021-03-12 22:28:39 +01:00 · 2021-03-12 22:28:39 +01:00 · ed9bdaef19
commit ed9bdaef19
parent 5c7e2857ad
1 changed files with 25 additions and 0 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -95,6 +95,31 @@ There is also a similar encryption security issue for the disaster case:
 If you lose repo and the borg client-side config/cache and you restore
 the repo from an older copy-of-repo, you also run into AES counter reuse.

+"this is either an attack or unsafe" warning
+--------------------------------------------
+
+About the warning:
+
+  Cache, or information obtained from the security directory is newer than
+  repository - this is either an attack or unsafe (multiple repos with same ID)
+
+"unsafe": If not following the advice from the previous section, you can easily
+run into this by yourself by restoring an older copy of your repository.
+
+"attack": maybe an attacker has replaced your repo by an older copy, trying to
+trick you into AES counter reuse, trying to break your repo encryption.
+
+If you'ld decide to ignore this and accept unsafe operation for this repository,
+you could delete the manifest-timestamp and the local cache:
+
+::
+
+  borg config repo id   # shows the REPO_ID
+  rm ~/.config/borg/REPO_ID/manifest-timestamp
+  borg delete --cache-only REPO
+
+This is an unsafe and unsupported way to use borg, you have been warned.
+
 Which file types, attributes, etc. are *not* preserved?
 -------------------------------------------------------