Why do we need -copy-chunker-params?

AlBundy · April 17, 2023, 9:04pm

according to the documentation
https://restic.readthedocs.io/en/latest/045_working_with_repos.html#ensuring-deduplication-for-copied-snapshots
it is needed for deduplication

But I wonder why should two init-calls (without the copy-parameter) result in different chunker parameters

SebAlbert · April 17, 2023, 11:16pm

I think they are randomized to protect against certain techniques of guessing your (encrypted) data, or to protect against DoS attacks based on specially crafted data patterns that would trigger unlikely events at unusually high rates - which you cannot craft if you don’t know the parameters (just like salts for hash tables in some web backend scripting languages).

akrabu · April 19, 2023, 8:12pm

I believe it started here:

github.com/restic/restic

Add seed to chunker

opened 01:38PM - 12 Mar 15 UTC

closed 10:24PM - 05 Apr 15 UTC

fd0

type: feature enhancement category: backend

If attackers are able to observe the repository, they are able to recognize blob…s based on the size. For example, an attacker could build a list of chunks for files and search for these chunks (based on their size) in the repository. This leaks information. Add a repository-specific seed to the chunker so that split-points are unique per repository. Eventually combine this with #56.

AlBundy · April 19, 2023, 8:51pm

Both explanations sound logical to me.

Thanks for the hints.

andrewchen1234 · September 20, 2023, 3:40am

Will a hacker be able to crack the password when using the same chunker parameter for different repositories, especially same chunker parameter and same password for different repo?