From: Stefan Hajnoczi <stefanha@gmail.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v3] Describe flaws in qcow/qcow2 encryption in the docs
Date: Mon, 27 Jan 2014 16:12:44 +0100 [thread overview]
Message-ID: <20140127151244.GA23248@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <1390405630-4288-1-git-send-email-berrange@redhat.com>
On Wed, Jan 22, 2014 at 03:47:10PM +0000, Daniel P. Berrange wrote:
> The qemu-img.texi / qemu-doc.texi files currently describe the
> qcow2/qcow2 encryption thus
>
> "Encryption uses the AES format which is very secure (128 bit
> keys). Use a long password (16 characters) to get maximum
> protection."
>
> While AES is indeed a strong encryption system, the way that
> QCow/QCow2 use it results in a poor/weak encryption system.
> Due to the use of predictable IVs, based on the sector number
> extended to 128 bits, it is vulnerable to chosen plaintext
> attacks which can reveal the existence of encrypted data.
>
> The direct use of the user passphrase as the encryption key
> also leads to an inability to change the passphrase of an
> image. If passphrase is ever compromised the image data will
> all be vulnerable, since it cannot be re-encrypted. The admin
> has to clone the image files with a new passphrase and then
> use a program like shred to secure erase all the old files.
>
> Recommend against any use of QCow/QCow2 encryption, directing
> users to dm-crypt / LUKS which can meet modern cryptography
> best practices.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>
> ---
> qemu-doc.texi | 23 ++++++++++++++++++++---
> qemu-img.texi | 23 ++++++++++++++++++++---
> 2 files changed, 40 insertions(+), 6 deletions(-)
>
> Changed in v3:
>
> - Addressed feedback/typos from Eric & Markus
>
> In v2:
>
> - Addressed typos reported by Peter
>
> Still welcome info about any other flaws qcow2 has in this
> area that should be documented.
Changed "Qcow" to "qcow" for consistency.
Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block
Stefan
prev parent reply other threads:[~2014-01-27 15:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-22 15:47 [Qemu-devel] [PATCH v3] Describe flaws in qcow/qcow2 encryption in the docs Daniel P. Berrange
2014-01-22 15:56 ` Eric Blake
2014-01-27 15:12 ` Stefan Hajnoczi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140127151244.GA23248@stefanha-thinkpad.redhat.com \
--to=stefanha@gmail.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).