Borg Correctly HMACs IV + Ciphertext
https://github.com/borgbackup/borg/blob/a2e356dccf697374bef1dfa487465e3c23f5e624/borg/key.py#L134
[python]
data = b”.join((self.enc_cipher.iv[8:], self.enc_cipher.encrypt(data)))
hmac = HMAC(self.enc_hmac_key, data, sha256).digest()
[/python]
✔ Authenticates IV
✔ Encrypt-then-MAC
I had a nice table about why Encrypt-then-MAC is the correct way, but I can’t find it. :(