From: Kevin Wolf <kwolf@redhat.com>
To: Frediano Ziglio <freddy77@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Volume key in qcow3?
Date: Fri, 29 Jul 2011 11:20:02 +0200 [thread overview]
Message-ID: <4E327B42.70707@redhat.com> (raw)
In-Reply-To: <CAHt6W4d1rf0iz2vkRYeGDedz8ACvprhHChc=deoRt2ybh0ay7w@mail.gmail.com>
Am 29.07.2011 10:47, schrieb Frediano Ziglio:
> 2011/7/28 Kevin Wolf <kwolf@redhat.com>:
>> Am 28.07.2011 10:05, schrieb Frediano Ziglio:
>>> Hi,
>>> I noted that AES encryption using qcow2 just use the password given
>>> as as key (and also truncating it to 16 bytes == 128 bits).
>>> This is prone to brute force attacks and is not also easy to change
>>> password (you have to decrypt and encrypt again the entire image).
>>> LUKS and EncFS use another way. They generate a random key (the
>>> "volume key") then use the password you give to encrypt N times (where
>>> N is decided by security level or automatically based on time to
>>> decrypt the volume key. To change the password just give the old one,
>>> get the volume key and encrypt again using the new one. LUKS support
>>> also multiple "slots" to allow multiple password and even using an
>>> external key file.
>>> Obviously this require an additional extension to qcow2 so I think it
>>> require a new qcow3 format.
>>
>> Yes, once we have qcow3, adding things like this should be easy enough.
>> I think the idea makes sense.
>>
>> Another thing to consider with encryption is that we don't encrypt
>> metadata currently. I'm not entirely sure if this is a good or a bad
>> thing. Metadata is relatively predictable and I think that might hurt
>> the encryption? Though I'm really not an expert in this area.
>>
>> Kevin
>>
>
> I don't think this is a big issue, usually sensitive data is not in
> knowing which clusters are allocated or in which sequence (perhaps
> looking at allocation strategy you can detect operating system and
> filesystem type), snapshot ids and descriptions are IMO more sensible.
>
> Do anybody though that qcow2 can support data-deduplication using
> refcounts? Well, in this case this is not possible with encrypted
> data.
No, you can't have two clusters in the active L1 table that are mapped
to the same cluster in the image file. The reason for this is that you
can't update the QCOW_OFLAG_COPIED flag when doing COW (you would have
to scan all L2 tables, which just doesn't work performance-wise)
If we were to do this, we would have to have a flag that turns off the
usage of QCOW_OFLAG_COPIED (it is only a performance optimisation, so
doing this would be possible). Not sure if it's worth it.
Kevin
prev parent reply other threads:[~2011-07-29 9:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-28 8:05 [Qemu-devel] Volume key in qcow3? Frediano Ziglio
2011-07-28 14:21 ` Kevin Wolf
2011-07-29 8:47 ` Frediano Ziglio
2011-07-29 9:20 ` Kevin Wolf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E327B42.70707@redhat.com \
--to=kwolf@redhat.com \
--cc=freddy77@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).