Needless to say, care must be taken to inspect the files reported damaged.
+Security considerations
+-------------------------------------------------------------------------------
+
+With encrypted backup sets, recovery mode omits the GCM authentication tag on
+ciphertext. This introduces a severe flaw in that bad initalization vectors
+will no longer cause decryption to fail. An attacker controlling the backup
+sets (e. g. after subverting the file server) can exploit this to recover
+plaintext from encrypted objects. Thus recovery mode should only ever be used
+as the last resort when dealing with known corrupted files. The decrypted
+result must be conscientiously inspected for manipulation attempts.
+
git://developer.intra2net.com / python-delta-tar / blobdiff