according to the documentation
https://restic.readthedocs.io/en/latest/045_working_with_repos.html#ensuring-deduplication-for-copied-snapshots
it is needed for deduplication
But I wonder why should two init-calls (without the copy-parameter) result in different chunker parameters
I think they are randomized to protect against certain techniques of guessing your (encrypted) data, or to protect against DoS attacks based on specially crafted data patterns that would trigger unlikely events at unusually high rates - which you cannot craft if you donβt know the parameters (just like salts for hash tables in some web backend scripting languages).
1 Like
akrabu
April 19, 2023, 8:12pm
3
I believe it started here:
opened 01:38PM - 12 Mar 15 UTC
closed 10:24PM - 05 Apr 15 UTC
type: feature enhancement
category: backend
If attackers are able to observe the repository, they are able to recognize blob⦠s based on the size. For example, an attacker could build a list of chunks for files and search for these chunks (based on their size) in the repository. This leaks information.
Add a repository-specific seed to the chunker so that split-points are unique per repository. Eventually combine this with #56.
fd0:
If attackers are able to observe the repository, they are able to recognize blobs based on the size. For example, an attacker could build a list of chunks for files and search for these chunks (based on their size) in the repository. This leaks information.
1 Like
Both explanations sound logical to me.
Thanks for the hints.
1 Like