From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Max Reitz <mreitz@redhat.com>,
qemu-block@nongnu.org, "Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption
Date: Tue, 3 Jan 2017 18:27:49 +0000 [thread overview]
Message-ID: <20170103182801.9638-4-berrange@redhat.com> (raw)
In-Reply-To: <20170103182801.9638-1-berrange@redhat.com>
Document that use of guest virtual sector numbers as the basis for
the initialization vectors is a potential weakness, when combined
with internal snapshots or multiple images using the same passphrase.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
qemu-img.texi | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/qemu-img.texi b/qemu-img.texi
index 174aae3..8efcf89 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -554,6 +554,15 @@ change the passphrase to protect data in any qcow images. The files must
be cloned, using a different encryption passphrase in the new file. The
original file must then be securely erased using a program like shred,
though even this is ineffective with many modern storage technologies.
+@item Initialization vectors used to encrypt sectors are based on the
+guest virtual sector number, instead of the host physical sector. When
+a disk image has multiple internal snapshots this means that data in
+multiple physical sectors is encrypted with the same initialization
+vector. With the CBC mode, this opens the possibility of watermarking
+attacks if the attack can collect multiple sectors encrypted with the
+same IV and some predictable data. Having multiple qcow2 images with
+the same passphrase also exposes this weakness since the passphrase
+is directly used as the key.
@end itemize
Use of qcow / qcow2 encryption is thus strongly discouraged. Users are
--
2.9.3
next prev parent reply other threads:[~2017-01-03 18:28 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-03 18:27 [Qemu-devel] [PATCH v1 00/15] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 01/15] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-01-03 19:46 ` Eric Blake
2017-01-16 19:42 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 02/15] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-01-16 19:31 ` Max Reitz
2017-01-24 12:15 ` Daniel P. Berrange
2017-01-03 18:27 ` Daniel P. Berrange [this message]
2017-01-16 19:37 ` [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption Max Reitz
2017-01-24 12:11 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 04/15] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-01-16 19:41 ` Max Reitz
2017-01-24 12:14 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 05/15] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-01-16 19:42 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 06/15] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-01-16 19:48 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 07/15] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-01-16 20:04 ` Max Reitz
2017-01-17 9:59 ` Daniel P. Berrange
2017-01-18 12:44 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 08/15] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-01-16 20:25 ` Max Reitz
2017-01-24 12:21 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 09/15] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-16 21:16 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 10/15] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-18 18:13 ` Max Reitz
2017-01-19 9:39 ` Daniel P. Berrange
2017-01-21 19:07 ` Max Reitz
2017-01-24 12:33 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 12/15] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-01-21 18:57 ` Max Reitz
2017-01-24 13:58 ` Daniel P. Berrange
2017-01-25 15:45 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 13/15] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-01-21 19:12 ` Max Reitz
2017-01-03 18:28 ` [Qemu-devel] [PATCH v1 14/15] block: rip out all traces of password prompting Daniel P. Berrange
2017-01-21 19:17 ` Max Reitz
2017-01-03 18:28 ` [Qemu-devel] [PATCH v1 15/15] block: remove all encryption handling APIs Daniel P. Berrange
2017-01-21 19:22 ` Max Reitz
2017-01-24 12:49 ` Daniel P. Berrange
2017-01-25 15:58 ` [Qemu-devel] [PATCH v1 00/15] Convert QCow[2] to QCryptoBlock & add LUKS support Max Reitz
2017-01-25 16:29 ` Daniel P. Berrange
2017-01-25 16:41 ` Max Reitz
2017-01-25 17:18 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170103182801.9638-4-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.